CN102693232B - Method and device for cancelling files - Google Patents
Method and device for cancelling files Download PDFInfo
- Publication number
- CN102693232B CN102693232B CN201110070717.XA CN201110070717A CN102693232B CN 102693232 B CN102693232 B CN 102693232B CN 201110070717 A CN201110070717 A CN 201110070717A CN 102693232 B CN102693232 B CN 102693232B
- Authority
- CN
- China
- Prior art keywords
- file
- file destination
- module
- destination
- file system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method and a device for cancelling files. The method comprises the following steps of: confirming that a target file is failed to be canceled by using the conventional method, and opening the target file so as to a cancel right; querying a device object created by an obtained file system, constructing an input/output request packet, and transmitting to the device object created by the file system; confirming that a function address distributed by the file system is correct so as to obtain address information of a f pre-modified in a guide list; and detecting the target file according to a function mapped by the obtained address information, and returning information identifying canceled target files and canceling the target files after a corresponding file object of the target file is detected to be a preset file to be canceled. According to the method and the device for canceling the files, disclosed by the invention, files which can not be cancelled by using the conventional method can be cancelled.
Description
Technical field
The present invention relates to the information processing technology, particularly a kind of method of deleted file and file delete device.
Background technology
User is in the process of use computing machine or mobile communication equipment, can produce and store a large amount of files, thereby exhaust the storage space of computing machine or mobile communication equipment, thereby, in order effectively to utilize limited computing machine or the storage space of mobile communication equipment, need to clear up timely to delete unwanted file, especially Malware to the file of storage, but general Malware can not directly be removed, so need special method.
In prior art, file deletion scheme adopts windows operating system application programming interface (Windows API, Windows Application Program Interface), is generally deleted file (DeleteFile).Specifically, check file attribute to be deleted, if file to be deleted has read only attribute, remove the read only attribute of this file to be deleted, then delete.
Above-mentioned by the method for Windows API deleted file, can delete the file not used.But in actual applications, if file monopolized open or executable file just in commission, above-mentioned deletion processing will be failed.For example, Malware is generally executable file, if Malware moves, or, utilize the mode of hook (hook) function or filtration drive to protect oneself, above-mentioned conventional delet method can not be deleted this Malware from disk; Again for example, scan after virus document at antivirus software, if this virus document has been opened and do not share the authority of deleting, do not obtain the erase right of this virus document due to user, thereby this virus document can be not deleted by Windows API method yet.
From above-mentioned; the method of existing deleted file; owing to can only deleting the file not used; the operating file deleted for needs, by the file of exclusive access, do not share the file of erase right and protect oneself file by hook or filtration drive mode, also cannot delete by conventional method.
Summary of the invention
In view of this, fundamental purpose of the present invention is to propose a kind of method of deleted file, deletes by the unsuppressible file of conventional method.
Another object of the present invention is to propose a kind of file delete device, delete by the unsuppressible file of conventional method.
For achieving the above object, the invention provides a kind of method of deleted file, the method comprises:
Confirm to adopt conventional method to delete file destination failure, open this file destination, obtain erase right;
The device object that file system creates is obtained in inquiry, and structure input/output request bag, is sent to the device object that file system creates;
Confirm that file system distribution function address is correct, obtain the address information of the function of revising in advance in importing table;
According to the function check file destination of the address information mapping of obtaining, after detecting that file object that file destination is corresponding is the file to be deleted setting in advance, the information of returning to mark and can deleting file destination, deletes file destination.
Described this file destination of opening, obtains erase right and specifically comprises:
Attempt opening this file destination with erase right, if file destination can be opened, obtain the erase right of this file destination; If file destination can not be opened, open file destination with empty authority, the erase right field of the file object that Offered target file is corresponding, for deleting, is obtained the erase right of this file destination.
Described file destination can be opened, and the erase right obtaining is the minimal set of this file destination Share Permissions that opening operation arranges before.
Described confirmation file system distribution function address correctly specifically comprises:
When startup, file system module or Windows kernel module log file system distribution function address are set;
Receiving after input/output request bag, whether confirming that at file system module or Windows kernel module whether current file system distribution function address is correct by inquiry file system distribution function address.
Described file destination comprises: operating file, by the file of exclusive access, do not share the file of erase right and protect oneself file by hook or filtration drive mode.
Described confirmation adopts the failure of conventional method deletion file destination specifically to comprise:
Obtain target file attributes, determine that this target file attributes is read-only, removes read only attribute;
Call application programming interface deleted file this file destination is carried out and deleted processing, determine and delete unsuccessfully.
Described function is MmFlushImageSection function.
A kind of file delete device, this device comprises: erase right acquisition module, input/output request bag IRP constructing module, device object module, importing table module and detection module, wherein,
Erase right acquisition module, adopts conventional method to delete file destination failure for confirming, opens this file destination, obtains erase right, exports IRP constructing module to;
IRP constructing module, for constructing input/output request bag, the device object that file system creates is obtained in inquiry, and the input/output request bag of structure is sent to device object module;
Device object module for after confirming that current file system distribution function address is correct, is obtained the address information of the function of revising in advance from importing table module, exports detection module to; The information that the mark of reception detection module output can be deleted file destination, closes file destination and deletes;
Import table module, for storing the address information of the function of revising in advance;
Detection module, for according to the function of the address information mapping of obtaining, detects file destination, meets at definite file object corresponding to file destination the file to be deleted setting in advance, the information of returning to mark and can deleting file destination to device object module.
Described erase right acquisition module obtains erase right according to the minimal set of the Share Permissions arranging in file destination, or, while opening file destination with empty authority, obtain erase right by the value in the erase right field of file object corresponding to Offered target file.
When startup, file system module or Windows kernel module log file system distribution function address are set; Whether whether described device object module is receiving after input/output request bag, correct to confirm current file system distribution function address at file system module or Windows kernel module by inquiry file system distribution function address.
As seen from the above technical solutions, the method for a kind of deleted file provided by the invention and file delete device, confirm to adopt conventional method to delete file destination failure, opens this file destination, obtains erase right; The device object that file system creates is obtained in inquiry, and structure input/output request bag, is sent to the device object that file system creates; Confirm that file system distribution function address is correct, obtain the address information of the function of revising in advance in importing table; According to the function check file destination of the address information mapping of obtaining, after detecting that file object that file destination is corresponding is the file to be deleted setting in advance, the information of returning to mark and can deleting file destination, deletes file destination.Like this, by obtaining the deletion access rights of file destination, address information in the importing table of revised file system, make the function setting in advance of its mapping after detection file destination object is the file to be deleted setting in advance, return to mark and can delete the information of file destination, can delete by the unsuppressible file of conventional method, be conducive to timely defrag storage space.
Accompanying drawing explanation
Fig. 1 is the method flow schematic diagram of embodiment of the present invention deleted file.
Fig. 2 is embodiment of the present invention file delete device structural representation.
Fig. 3 is the method idiographic flow schematic diagram of embodiment of the present invention deleted file.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings and the specific embodiments.
The method of existing deleted file, can not be to operating file, by the file of exclusive access, share the file of erase right and protect own file execution deletion action by hook or filtration drive mode, makes the efficiency of deleted file lower.
Specifically, the method of existing deleted file, deleting executable file, protect by hook or filtration drive mode Malware file time, under the state of File Open, get after the authority of file deletion, file system can be by the importing table setting in advance, the operation of carrying out according to user (for example, deletion action), call the api function MmFlushImageSection of Microsoft's definition of corresponding operating address mapping in importing table, whether inquire about this executable file to Windows operating system can delete, if Windows operating system inquires this executable file for can deleted file, for example, this file is in non-operating state, be true (TRUE) by api function rreturn value is set, show to delete this executable file, if inquire this executable file in running status, be false (FALSE) by api function rreturn value is set, show to delete this operating executable file.Thereby, in the embodiment of the present invention, consider by the deletion action address in the importing table of revised file system, realize the hook of the api function MmFlushImageSection (the first function MmFlushImageSection) to the mapping of existing deletion action address, that is to say, by constructing in advance the second function MmFlushImageSection, deletion action address in the importing table of revised file system, make it shine upon this second function MmFlushImageSection, like this, in the time deleting executable file, file system is by the importing table setting in advance, the deletion action of carrying out according to user, call the second function MmFlushImageSection of the deletion action address mapping of having revised in importing table, whether the second function MmFlushImageSection detects this file object is the file to be deleted setting in advance, if, automatically the rreturn value of revising this second function MmFlushImageSection is true (TRUE), thereby make file system realize the deletion to executable file according to this second function MmFlushImageSection rreturn value.
Fig. 1 is the method flow schematic diagram of embodiment of the present invention deleted file.Referring to Fig. 1, this flow process comprises:
In this step, confirm to adopt conventional method to delete file destination failure and specifically comprise:
Obtain target file attributes, determine that this target file attributes is read-only, removes read only attribute;
Call API DeleteFile this file destination is carried out and deleted processing, determine and delete unsuccessfully.
Institute it should be noted that in the embodiment of the present invention, adopts conventional method to delete file destination and is not restricted to as mentioned above, specifically also can, referring to correlation technique Introduction of Literatures, not repeat them here.
In this step; if cannot delete this file destination by calling API DeleteFile, show this file destination be operating file, by the file of exclusive access, do not share the file of erase right or protect oneself file by hook or filtration drive mode.
In this step, before deletion file destination, this file destination need to be opened and obtained the erase right of this file destination, so that the erase right that file system is obtained according to this user, obtain the function MmFlushImageSection of erase right operation address mapping by the importing table setting in advance, to obtain corresponding access rights to the inquiry of Windows operating system.
Open this file destination, obtain erase right and specifically comprise:
Attempt opening this file destination with erase right, if file destination can be opened, obtain the erase right of this file destination; If file destination can not be opened, open file destination with empty authority, erase right (DeleteAccess) field of the file object that Offered target file is corresponding, for deleting, is obtained the erase right of this file destination.
In this step, erase right can go for and ask in the time opening this file destination, the minimum of the Share Permissions that the erase right that can ask arranges according to opening operation before this file destination is occured simultaneously and is determined, if the minimal set of Share Permissions comprises erase right, open this file destination, obtain the erase right of this file destination, otherwise refusal user opens this file destination simultaneously.Specifically, in the time that a file is opened, first the user that opens of request obtains access rights, and then Share Permissions can be set, and allows other users to open the authority of this file, for controlling the authority of other users to same file.For example, if a user has obtained and has read in the time opening file, the access rights of writing and deleting, the initial Share Permissions of this file comprises and reads, the access rights of writing and deleting, do not allow other users to there is write access authority to this file when then this user arranges, only allow other users this file to be there are to the access rights of reading and deleting, this file has only been shared the authority of reading and deleting to other users in follow-up, thereby can effectively prevent that other users from carrying out write operation to this file, namely before this file destination, the minimum of the Share Permissions of opening operation setting is occured simultaneously for the authority of reading and deleting.Thereby other users, in the time opening file, can only ask the authority of reading and deleting.That is to say, while opening file, which kind of authority user can ask, the common factor of the authority that all users that open this file are shared before depending on, and therefore, the authority that user's reality can get is all minimal sets of Share Permissions while opening this file before being.Again for example, another follow-up user asks the authority of this identical file, can this file be carried out and be read and deletion action, if and this user arranges and does not allow other users this file to be had to the access rights of reading and deleting, in follow-up user, just can not obtain again the access rights of writing, reading or delete of this file, can not access this file.
File object is that file is read after internal memory, the management structure of Windows to this file generated.In file object, be provided with the access rights of this file, for example, the authority such as reading and writing, deletion, is recorded in respectively in read right (ReadAccess) field, write permission (WriteAccess) field, erase right (DeleteAccess) field of file object.In the time opening file destination with empty authority, the access authority information arranging in file object is for empty, thereby, can give by value in the DeleteAccess field of file object is directly set the authority of deletion.
In this step, the real device object of file system, be that Windows system is at the virtual unit that drives layer to set up, the device object namely creating, for managing file system, about the device object that obtains file system establishment, specifically can be referring to correlation technique document, do not repeat them here, Windows system can be used for distinguishing at the virtual unit that drives layer to set up the device object that Malware creates, because Malware can pass through to intercept and capture at other layer user's IRP, and the device object that sends it to replacement is to reach various deception effects.Thereby; in the embodiment of the present invention; obtain the real device object of file system by inquiry; directly communicate with the virtual unit that drives layer to set up; hook in the middle of walking around with this drives or file system filter driver; can effectively prevent that Malware from passing through replacement equipment object, access rights protection oneself is set, make to delete this Malware file.
In this step, even if Windows system is real at the device object that drives layer to create, but the file system comprising in device object distribution function address, for the treatment of the IRP receiving (for example, carry the requests such as opening of comprising in the IRP of file destination information, reading and writing, deletion) the function address of device object mapping, also likely revised by Malware, if file system distribution function address had been revised by Malware, can be controlled by Malware calling all of file system so, thereby cause the unsuppressible-suppression to this file.
In the embodiment of the present invention, in internal memory, record real file system distribution function, call distributing list, the address information of calling in distributing list of not revised by Malware that file system oneself is set up is only really, if and Malware is revised the address information of calling in distributing list, need to be stored to other modules, and the address information of record is put sky by distributing list.Calling distributing list is one group of function address, is stored in file system module or in Windows kernel module.If determine that the function address of storing in file system module or in Windows kernel module is empty, show that file system distribution function is by hook mistake.Therefore,, if obtain real function address, call over so and just can walk around Malware.
In practical application, because Malware is not also carried out associative operation in the time starting, can be in the time that terminal device starts, be arranged on log file system distribution function address in file system module or in Windows kernel module, receiving after IRP, confirm that according to the file system distribution function address of file system module or Windows kernel module record whether current file system distribution function address is correct, whether in file system module or Windows kernel module, confirm that by inquiry file system distribution function address whether current file system distribution function address is correct.
In this step, import the deletion action address in table by modification, make it no longer shine upon foregoing api function MmFlushImageSection, i.e. the first function MmFlushImageSection, but make its second function MmFlushImageSection that shines upon the embodiment of the present invention, thereby realize the hook operation of the api function MmFlushImageSection to the mapping of existing deletion action address.Whether that is to say, replace the address information that imports the MmFlushImageSection preserving in table, the address information of preservation is modified as to the address of the second function, in the second function, detecting file object is file to be deleted.
In this step, the second function MmFlushImageSection detects whether file object corresponding to file destination is the file to be deleted setting in advance, if, automatically the rreturn value of revising this second function MmFlushImageSection is true (TRUE), thereby make file system according to this second function MmFlushImageSection rreturn value, close file destination, thereby realize the deletion to executable file.
From above-mentioned, the method for the deleted file of the embodiment of the present invention, confirms to adopt conventional method to delete file destination failure; Open this file destination, obtain erase right; The device object that file system creates is obtained in inquiry, and structure input/output request bag, is sent to the device object that file system creates; Confirm that file system distribution function address is correct, obtain the address information of the second function MmFlushImageSection revising in advance in importing table; The second function MmFlushImageSection detects whether file object corresponding to file destination is the file to be deleted setting in advance, if so, and the information of returning to mark and can deleting file destination.Like this, can not delete after file destination in employing conventional method, by obtaining the deletion access rights of file destination, deletion action address information in the importing table of revised file system, the second function MmFlushImageSection that its mapping is set in advance, the second function MmFlushImageSection is after file object corresponding to detection file destination is the file to be deleted setting in advance, return to mark and can delete the information of file destination, thereby can delete by the unsuppressible file of conventional method, for example, just at operating file, by the file of exclusive access, do not share the file of erase right, and protect oneself Malware file by hook or filtration drive mode, improve the efficiency of deleted file, be conducive to timely defrag storage space.
Fig. 2 is embodiment of the present invention file delete device structural representation.Referring to Fig. 2, this device comprises: erase right acquisition module, IRP constructing module, device object module, importing table module and detection module, wherein,
Erase right acquisition module, adopts conventional method to delete file destination failure for confirming, opens this file destination, obtains erase right, exports IRP constructing module to;
IRP constructing module, for constructing input/output request bag, the device object that file system creates is obtained in inquiry, and the input/output request bag of structure is sent to device object module;
Device object module for after confirming that current file system distribution function address is correct, is obtained the address information of the second function of revising in advance from importing table module, exports detection module to; The information that the mark of reception detection module output can be deleted file destination, closes file destination and deletes;
Import table module, for storing the address information of the second function shining upon deletion action address;
Detection module, for the second function shining upon according to the address information receiving, file destination is detected, meet at definite file object corresponding to file destination the file to be deleted setting in advance, the information of returning to mark and can deleting file destination to device object module.
In the embodiment of the present invention, the first function is MmFlushImageSection function, the second function be to the first function modify form MmFlushImageSection function.
Preferably, erase right acquisition module obtains erase right according to the minimal set of the Share Permissions arranging in file destination, or, while opening file destination with empty authority, obtain erase right by the value in the DeleteAccess field of file object corresponding to Offered target file.
Preferably, when startup, file system module or Windows kernel module log file system distribution function address are set; Whether whether device object module is receiving after input/output request bag, correct to confirm current file system distribution function address in file system module or Windows kernel module by inquiry file system distribution function address.
Lift a specific embodiment below, invention is described further.
Fig. 3 is the method idiographic flow schematic diagram of embodiment of the present invention deleted file.Referring to Fig. 3, this flow process comprises:
Step 301, obtains target file attributes, judges whether this target file attributes is read-only, if so, and execution step 302, otherwise, execution step 303;
In this step, in file object corresponding to file destination, the DeleteAccess field of file object is directly set, to obtain erase right.
Step 309, the importing table of driving revised file system, hook falls function MmFlushImageSection, in hook function, checks file destination, is defined as file to be deleted, returns to the deletion information that allows.
So far, the flow process of this deleted file finishes.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (6)
1. a method for deleted file, is characterized in that, the method comprises:
Confirm to adopt conventional method to delete file destination failure, open this file destination, obtain erase right;
The device object that file system creates is obtained in inquiry, and structure input/output request bag, is sent to the device object that file system creates;
Confirm that file system distribution function address is correct, obtain the address information of the function of revising in advance in importing table;
According to the function check file destination of the address information mapping of obtaining, after detecting that file object that file destination is corresponding is the file to be deleted setting in advance, the information of returning to mark and can deleting file destination, deletes file destination;
Described this file destination of opening, obtains erase right and specifically comprises: attempt opening this file destination with erase right, if file destination can be opened, obtain the erase right of this file destination; If file destination can not be opened, open file destination with empty authority, the erase right field of the file object that Offered target file is corresponding, for deleting, is obtained the erase right of this file destination;
Described confirmation file system distribution function address correctly specifically comprises: when startup, file system module or Windows kernel module log file system distribution function address are set; Receiving after input/output request bag, whether confirming that at file system module or Windows kernel module whether current file system distribution function address is correct by inquiry file system distribution function address;
Described function is MmFlushImageSection function.
2. the method for claim 1, is characterized in that, described file destination can be opened, and the erase right obtaining is the minimal set of this file destination Share Permissions that opening operation arranges before.
3. the method for claim 1, is characterized in that, described file destination comprises: operating file, by the file of exclusive access, do not share the file of erase right and protect oneself file by hook or filtration drive mode.
4. method as claimed in claim 3, is characterized in that, described confirmation adopts the failure of conventional method deletion file destination specifically to comprise:
Obtain target file attributes, determine that this target file attributes is read-only, removes read only attribute;
Call application programming interface deleted file this file destination is carried out and deleted processing, determine and delete unsuccessfully.
5. a file delete device, is characterized in that, this device comprises: erase right acquisition module, input/output request bag IRP constructing module, device object module, importing table module and detection module, wherein,
Erase right acquisition module, adopts conventional method to delete file destination failure for confirming, opens this file destination, obtains erase right, exports IRP constructing module to; Described this file destination of opening, obtains erase right and specifically comprises: attempt opening this file destination with erase right, if file destination can be opened, obtain the erase right of this file destination; If file destination can not be opened, open file destination with empty authority, the erase right field of the file object that Offered target file is corresponding, for deleting, is obtained the erase right of this file destination;
IRP constructing module, for constructing input/output request bag, the device object that file system creates is obtained in inquiry, and the input/output request bag of structure is sent to device object module;
Device object module for after confirming that current file system distribution function address is correct, is obtained the address information of the function of revising in advance from importing table module, exports detection module to; The information that the mark of reception detection module output can be deleted file destination, closes file destination and deletes; Described confirmation file system distribution function address correctly specifically comprises: when startup, file system module or Windows kernel module log file system distribution function address are set; Whether whether described device object module is receiving after input/output request bag, correct to confirm current file system distribution function address at file system module or Windows kernel module by inquiry file system distribution function address;
Import table module, for storing the address information of the function of revising in advance;
Detection module, for according to the function of the address information mapping of obtaining, detects file destination, meets at definite file object corresponding to file destination the file to be deleted setting in advance, the information of returning to mark and can deleting file destination to device object module;
Described function is MmFlushImageSection function.
6. device as claimed in claim 5, is characterized in that, described erase right acquisition module obtains erase right according to the minimal set of the Share Permissions arranging in file destination.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110070717.XA CN102693232B (en) | 2011-03-23 | 2011-03-23 | Method and device for cancelling files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110070717.XA CN102693232B (en) | 2011-03-23 | 2011-03-23 | Method and device for cancelling files |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102693232A CN102693232A (en) | 2012-09-26 |
| CN102693232B true CN102693232B (en) | 2014-05-21 |
Family
ID=46858689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110070717.XA Active CN102693232B (en) | 2011-03-23 | 2011-03-23 | Method and device for cancelling files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102693232B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109683922A (en) * | 2014-12-05 | 2019-04-26 | 北京奇虎科技有限公司 | Unloading cracks the method and device of edition application program |
| CN105138565B (en) * | 2015-07-23 | 2018-05-01 | 浪潮(北京)电子信息产业有限公司 | A kind of document handling method and system |
| CN106169048B (en) * | 2016-06-29 | 2019-03-12 | 珠海豹趣科技有限公司 | File delet method, device and electronic equipment |
| CN110543452B (en) * | 2019-08-07 | 2022-07-05 | 浙江大华技术股份有限公司 | Data acquisition method and equipment |
| CN111581165B (en) * | 2020-04-29 | 2023-04-21 | 华南理工大学 | Android application external memory limit monitoring tool and application method thereof |
| CN112685022B (en) * | 2020-12-30 | 2022-12-13 | 北京字节跳动网络技术有限公司 | Picture processing interface generation method, device, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007156758A (en) * | 2005-12-02 | 2007-06-21 | Nihon Computer Graphic Co Ltd | File management device, file management method and file management program |
| CN101788944A (en) * | 2010-01-25 | 2010-07-28 | 浪潮电子信息产业股份有限公司 | Method for detecting failures of AIX system by means of mandatory access control |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2004055675A1 (en) * | 2002-12-18 | 2004-07-01 | Fujitsu Limited | File management apparatus, file management program, file management method, and file system |
-
2011
- 2011-03-23 CN CN201110070717.XA patent/CN102693232B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007156758A (en) * | 2005-12-02 | 2007-06-21 | Nihon Computer Graphic Co Ltd | File management device, file management method and file management program |
| CN101788944A (en) * | 2010-01-25 | 2010-07-28 | 浪潮电子信息产业股份有限公司 | Method for detecting failures of AIX system by means of mandatory access control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102693232A (en) | 2012-09-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102693232B (en) | Method and device for cancelling files | |
| CN110096857B (en) | Authority management method, device, equipment and medium for block chain system | |
| US20210256029A1 (en) | Stream retention in a data storage system | |
| EP2725764B1 (en) | Data storage method and data storage device | |
| US8856521B2 (en) | Methods and systems for performing secure operations on an encrypted file | |
| CN101894225B (en) | System and method of aggregating the knowledge base of antivirus software applications | |
| US9075851B2 (en) | Method and apparatus for data retention in a storage system | |
| CN102202062B (en) | Method and apparatus for realizing access control | |
| US20090019223A1 (en) | Method and systems for providing remote strage via a removable memory device | |
| US10650158B2 (en) | System and method for secure file access of derivative works | |
| CN104598823A (en) | Kernel level rootkit detection method and system in Andriod system | |
| CN103064797B (en) | Data processing method and virtual machine management platform | |
| CN103559231B (en) | A kind of file system quota management method, apparatus and system | |
| US11269663B2 (en) | Method and apparatus for adapting handle device to third-party application, and storage medium | |
| CN101425016A (en) | Method and system for operating and installing software | |
| CN113986459A (en) | Control method and system for container access, electronic equipment and storage medium | |
| WO2019128984A1 (en) | Container security policy handling method and related device | |
| CN101236531B (en) | Memory and its automatic protection realization method | |
| CN104714864A (en) | Intelligent computer data backup method | |
| CN109918352A (en) | The method of storage system and storing data | |
| CN109711206A (en) | A kind of safe hard disk of multi-user and its control method | |
| CN103294794B (en) | A kind of online elite archiving and the system for accessing file | |
| CN113467895B (en) | Docker operation method, docker operation device, server and storage medium | |
| WO2015101083A1 (en) | Method and device for protecting stored data | |
| CN103001937A (en) | System and method for defending against mobile storage medium virus in island-like Ethernet |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |