CN108304222A - Apparatus management/control system and method - Google Patents
Apparatus management/control system and method Download PDFInfo
- Publication number
- CN108304222A CN108304222A CN201710027444.8A CN201710027444A CN108304222A CN 108304222 A CN108304222 A CN 108304222A CN 201710027444 A CN201710027444 A CN 201710027444A CN 108304222 A CN108304222 A CN 108304222A
- Authority
- CN
- China
- Prior art keywords
- equipment
- control
- apparatus management
- management
- external storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of apparatus management/control system and method, the system comprises:Equipment manager;Apparatus management/control monitoring module, for being connect with equipment manager and equipment, and for the hot-swappable event of equipment of audiomonitor manager, to rescan equipment in the case where there is the hot-swappable event of equipment to occur and to carry out management and control to equipment;Application module is arranged in apparatus management/control, for connecting simultaneously control device with equipment;Sysfs file system modules for connect with equipment, and are used to access control to the kernel objects of equipment;Device driver module is connect with Sysfs file system modules and equipment manager.Apparatus management/control system and method provided by the invention can carry out management and control to external equipment without permission, to achieve the purpose that information security, prevent situation of divulging a secret, user be made can to use equipment to safe and secure.
Description
Technical field
The present invention relates to computer security technique field more particularly to a kind of apparatus management/control system and methods.
Background technology
With the continuous development of computer manufacture technology and application technology, the movable storage devices such as mobile hard disk, USB flash disk are purchased
Cost constantly reduces, and use is more convenient, due to its small, easy to carry, mass memory, is hardly damaged, mobile hard disk, U
Disk etc. becomes the preferred storage device that people carry out Working information processing, is widely used.It is a large amount of sensitive information, secret
Ciphertext data and archives material are stored in these movable storage devices.Meanwhile " movement " characteristic of movable storage device is also
The security work of the units such as current governmental, military affairs, finance and enterprises and institutions brings new risk, therefore, the peace of mobile device
Full property increasingly gets more and more people's extensive concerning, therefore there is an urgent need to reinforce the computer to storing classified information and mobile storage
The security management and control of medium.
In the prior art, the apparatus management/control based on cgroup is to be carried out based on different user to all devices of a certain type
Right access control, equipment priority assignation will come into force immediately, and equipment priority assignation strategy persistence still comes into force after restarting.
Concrete operation step is:
1, configuration/etc/cgconfig.conf, which is used for creating cgroup, by devices subsystem shadows
It rings, starts service service cgconfig start;Chkconfig cgconfig on, latter one order are for opening
Open starting up.
2, configuration/etc/cgrule.conf, which, which is used for being arranged particular user, is controlled by those cgroup,
Start service service cgred start;Chkconfig cgred on are acted on as step 1.
3, device map configuration file is set.
4, apparatus management/control mapped file is set.
The content that step 3 and step 4 are arranged is applied in cgroup by 5, running equipment management and control program.It is above to complete
All operation.Apparatus management/control program will be added in starting up's program listing/etc/rc.d/rc.local by the part
In file, the program is actively run when apparatus management/control comes into force immediately.
However, the prior art has the disadvantage that:
1, for certain equipment without device file, such as the network equipment, can not be accomplished to this kind of by cgroup
The management and control of equipment.
Although 2, the apparatus management/control based on cgroup can carry out management and control to any specific equipment, management and control operation is simpler
It is single.
3, the apparatus management/control based on cgroup is to carry out management and control to the device type of classification, can accomplish have to different user
The access strategy of different rights, but if sysfs file system by certain equipment forbidden, the apparatus management/control strategy based on cgroup
And do not work.
Invention content
To solve the deficiencies in the prior art, the present invention provides a kind of apparatus management/control systems, including:
Equipment manager;
Apparatus management/control monitoring module, for being connect with equipment manager and equipment, and setting for audiomonitor manager
Standby hot-swappable event, to rescan equipment in the case where there is the hot-swappable event of equipment to occur and to carry out management and control to equipment;
Application module is arranged in apparatus management/control, for connecting simultaneously control device with equipment;
Sysfs file system modules for connect with equipment, and are used to access control to the kernel objects of equipment;
Device driver module is connect with Sysfs file system modules and equipment manager.
Wherein, the equipment management monitoring module further includes persistence management and control policy module, the persistence management and control strategy mould
Block is connect with apparatus management/control setting application module, for carrying out management and control to the equipment being newly added, and makes apparatus management/control setting application
The strategy of management and control is persisted to disk by module.
Wherein, the apparatus management/control setting application module includes being disabled, enabled or being unloaded to equipment to the control of equipment
Carry operation.
Wherein, the apparatus management/control monitoring module passes through reading/sys/ in the case where there is external storage equipment addition
External storage equipment driving number under bus/usb/drivers/usb-storage/ files, checks/sys/bus/usb/
IdProduct, idVendor and serial of external storage equipment under devices/ files.
Wherein, the apparatus management/control monitoring module in the case where there is external storage equipment addition, deposit by external by reading
IdProduct, idVendor and serial of storage equipment are matched with white list, are continuing with if successful match external
Storage device prompts to alarm if matching is unsuccessful.
Wherein, the apparatus management/control monitoring module have external storage equipment be added and with the unmatched situation of white list
Under, hot plug time, the IP of the machine and idProduct, idVendor of equipment of unsuccessful external storage equipment will be matched
And serial is sent to server, and external storage equipment is unloaded.
Invention additionally provides a kind of apparatus management/control methods, include the following steps:
S1:The hot-swappable event of equipment of audiomonitor manager;
S2:In the case where there is external storage equipment addition, the information of external storage equipment is read;
S3:The information of the external storage equipment of reading is matched with white list, is continuing with if successful match
External storage equipment prompts to alarm if matching is unsuccessful;
S4:In the case that there is external storage equipment to be added and with white list it is unmatched, unsuccessful external deposit will be matched
The information of storage equipment is sent to server, and external storage equipment is unloaded.
Wherein, in the step S2, the information of read external storage equipment include idProduct, idVendor and
serial。
Wherein, in the step S4, the information for matching unsuccessful external storage equipment includes hot plug time, the machine
The unique mark of IP and equipment is:IdProduct, idVendor and serial.
It is so-called " Sysfs " in the present invention, it is a kind of Virtual File System.This file system not only can be equipment
(devices) and the information of driver (drivers) is output to user's space from kernel, can also be used to equipment and driving
Program, which is done, to be arranged.
Apparatus management/control system and method provided by the invention can carry out management and control, to reach to external equipment without permission
To information security, the purpose of situation of divulging a secret is prevented, user is made can to use equipment to safe and secure.
Description of the drawings
Fig. 1:The structural schematic diagram of the apparatus management/control system of the present invention;
Fig. 2:The operational flowchart of a certain embodiment of the apparatus management/control method of the present invention.
Reference sign
10 equipment managers
11 apparatus management/control monitoring modules
111 persistence management and control policy modules
12 equipment
Application module is arranged in 13 apparatus management/controls
14 Sysfs file system modules
15 device driver modules
Specific implementation mode
In order to have further understanding to technical scheme of the present invention and advantageous effect, attached drawing is coordinated to be described in detail below
Technical scheme of the present invention and its advantageous effect of generation.
Fig. 1 is the structural schematic diagram of apparatus management/control system provided by the invention, as shown in Figure 1, in order to without permission
External equipment carries out management and control, and the details service device database of equipment, the present invention provides a kind of apparatus management/controls
System, including:
Equipment manager 10;
Apparatus management/control monitoring module 11 for being connect with equipment manager 10 and equipment 12, and is used for audiomonitor management
The hot-swappable event of equipment of device 10, to rescan equipment 12 in the case where there is the hot-swappable event of equipment to occur and to combine it
Interior persistence management and control strategy 111 carries out management and control to the equipment 12 being newly added;
Application module 13 is arranged in apparatus management/control, and for being connect with equipment 12, by scanning device 12, equipment is shown to user
12 details, and by control device 12 operations such as are disabled, started or are unloaded to equipment 12, while by management and control
Strategy is persisted to disk.
Sysfs file system modules 14, for being connect with equipment 12, and for accessing to the kernel objects of equipment 12
Control;
Device driver module 15 is connect with Sysfs file system modules 14 and equipment manager 10.
Since Sysfs file system embodies embodiment of the device core object in user's space, by device core pair
As the control of attribute, access control to device core object indirectly.Equally, device core object can also pass through
Sysfs file system is managed.A general device core has two kernel objects categories of remove and driver substantially
Property.By carrying out operation operation to remove and driver, it may be implemented to enable equipment, disable, the management and control of unloading operation.
Apparatus management/control system provided by the invention realizes the function of peripheral hardware management and control in such a way that software package is installed, applicable
In (SuSE) Linux OS, while equipment safety is achieved the purpose that again, has solved mobile memory medium existing peace in use
Full problem.
Apparatus management/control system provided by the invention, when it is implemented, the management and control to equipment can be realized by following methods:
S1:The hot-swappable event of equipment of 11 audiomonitor manager 10 of apparatus management/control monitoring module;Once event occurs,
Its apparatus management/control monitoring service will rescan equipment 12, find have new equipment to be added, right in conjunction with persistence management and control strategy
The equipment being newly added carries out management and control.
S2:In the case where there is external storage equipment addition, pass through reading/sys/bus/usb/drivers/usb-
Under storage/ files external storage equipment driving number, check/sys/bus/usb/devices/ files under it is external storage set
Standby unique mark is:IdProduct, idVendor and serial information;
S3:IdProduct, idVendor, serial for reading external storage equipment are matched with white list, if
Successful match is then continuing with external storage equipment, prompts to alarm if matching is unsuccessful;
S4:In the case that there is external storage equipment to be added and with white list it is unmatched, unsuccessful external deposit will be matched
Hot plug time, the IP of the machine and idProduct, idVendor, serial of equipment of storage equipment are sent to server, and
External storage equipment (USB flash disk) is unloaded.
Therefore, apparatus management/control system and method provided by the invention, in addition to carrying out management and control to external equipment without permission,
It can also be by the details service device database of equipment.
Fig. 2 is the operational flowchart of a certain embodiment of the apparatus management/control method of the present invention, as shown in Fig. 2, the present invention carries
The apparatus management/control method of confession may include following steps:
Step 201:Scanning device obtains facility information;
Step 202:According to the facility information that step 201 is extracted, judge whether the equipment is illegal external connection, if it is not, then
It is continuing with, if so, thening follow the steps 203;
Step 203:Prompt the equipment illegal external connection;
Step 204:The information of equipment and time address are sent to server database;
Step 205:The driving of the equipment is unloaded to disable the equipment.
Advantageous effect achieved by the present invention is:
1, application module is set by the way that apparatus management/control is arranged, is based on sysfs file system, it can be according to the feelings of specific equipment
Condition disables equipment, is started, unloading operation.
2, by the way that persistence management and control policy module is arranged, the management and control strategy to equipment is enable to come into force immediately.
3, by the way that the hot-swappable event of equipment of apparatus management/control monitoring module audiomonitor manager is arranged, pass through sysfs systems
System can read and operate peripheral equipment, can prevent the violations using offending device.
4, by after scanning to offending device information, facility information and address being sent to server database, finally
The equipment is unloaded by management and control strategy, has reached and has ensured information security, prevented the case where divulging a secret, makes user's safe and secure
Use the purpose of the equipment.
5, compared to the more existing apparatus management/control technology based on cgroup that can carry out management and control to any specific equipment, originally
The apparatus management/control based on sysfs file system of invention then can control device from the root cause, that is, the present invention is based on sysfs texts
The apparatus management/control of part system is the basic of management and control, and cgroup is the supplement of sysfs.
Although the present invention is illustrated using above-mentioned preferred embodiment, the protection model that however, it is not to limit the invention
It encloses, any those skilled in the art are not departing within the spirit and scope of the present invention, and opposite above-described embodiment carries out various changes
It is dynamic still to belong to the range that the present invention is protected with modification, therefore protection scope of the present invention is subject to what claims were defined.
Claims (9)
1. a kind of apparatus management/control system, which is characterized in that including:
Equipment manager;
Apparatus management/control monitoring module, for being connect with equipment manager and equipment, and for the equipment of audiomonitor manager heat
Plug event, to rescan equipment in the case where there is the hot-swappable event of equipment to occur and to carry out management and control to equipment;
Application module is arranged in apparatus management/control, for connecting simultaneously control device with equipment;
Sysfs file system modules for connect with equipment, and are used to access control to the kernel objects of equipment;
Device driver module is connect with Sysfs file system modules and equipment manager.
2. apparatus management/control system as described in claim 1, it is characterised in that:The equipment management monitoring module further includes lasting
Change management and control policy module, the persistence management and control policy module and apparatus management/control be arranged application module and connect, for being newly added
Equipment carries out management and control, and makes apparatus management/control setting application module that the strategy of management and control is persisted to disk.
3. apparatus management/control system as described in claim 1, it is characterised in that:Application module is arranged to equipment in the apparatus management/control
Control include being disabled, being enabled or unloading operation to equipment.
4. apparatus management/control system as described in claim 1, it is characterised in that:The apparatus management/control monitoring module is having external deposit
In the case of storing up equipment addition, pass through the external storage under reading/sys/bus/usb/drivers/usb-storage/ files
Device drives number, check/sys/bus/usb/devices/ files under external storage equipment unique mark i.e.:idProduct、
IdVendor and serial,.
5. apparatus management/control system as claimed in claim 4, it is characterised in that:The apparatus management/control monitoring module is having external deposit
Store up in the case that equipment is added, by idProduct, idVendor and serial of the external storage equipment of reading and white list into
Row matching, is continuing with external storage equipment if successful match, prompts to alarm if matching is unsuccessful.
6. apparatus management/control system as claimed in claim 5, it is characterised in that:The apparatus management/control monitoring module is having external deposit
Store up equipment be added and with white list it is unmatched in the case of, will match unsuccessful external storage equipment the hot plug time, this
The IP of machine and idProduct, idVendor and serial of equipment is sent to server, and external storage equipment is unloaded.
7. a kind of apparatus management/control method, which is characterized in that include the following steps:
S1:The hot-swappable event of equipment of audiomonitor manager;
S2:In the case where there is external storage equipment addition, the information of external storage equipment is read;
S3:The information of the external storage equipment of reading is matched with white list, is continuing with if successful match external
Storage device prompts to alarm if matching is unsuccessful;
S4:In the case that have external storage equipment be added and with white list it is unmatched, will match it is unsuccessful it is external storage set
Standby information is sent to server, and external storage equipment is unloaded.
8. apparatus management/control method as claimed in claim 7, it is characterised in that:In the step S2, read external storage
The information of equipment includes idProduct, idVendor and serial.
9. apparatus management/control method as claimed in claim 7, it is characterised in that:In the step S4, matching is unsuccessful external
The information of storage device include the hot plug time, the IP of the machine and equipment idProduct, idVendor and serial.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710027444.8A CN108304222A (en) | 2017-01-13 | 2017-01-13 | Apparatus management/control system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710027444.8A CN108304222A (en) | 2017-01-13 | 2017-01-13 | Apparatus management/control system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108304222A true CN108304222A (en) | 2018-07-20 |
Family
ID=62872438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710027444.8A Pending CN108304222A (en) | 2017-01-13 | 2017-01-13 | Apparatus management/control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108304222A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110598428A (en) * | 2019-08-22 | 2019-12-20 | 中国电子科技集团公司第二十八研究所 | USB (Universal Serial bus) equipment management and control system based on Linux user space |
| CN110764827A (en) * | 2018-07-27 | 2020-02-07 | 中标软件有限公司 | Control system and method for computer peripheral equipment |
| CN112836203A (en) * | 2021-02-03 | 2021-05-25 | 中标软件有限公司 | Method for realizing android system equipment management and control based on kernel customization |
| CN117112047A (en) * | 2023-06-30 | 2023-11-24 | 浙江齐安信息科技有限公司 | USB equipment management and control method, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105005722A (en) * | 2015-06-26 | 2015-10-28 | 北京北信源软件股份有限公司 | Access control method and apparatus for mobile storage device |
| CN105488436A (en) * | 2015-12-25 | 2016-04-13 | 北京奇虎科技有限公司 | Mobile storage equipment access method and device |
| CN106254163A (en) * | 2016-09-28 | 2016-12-21 | 广州中软信息技术有限公司 | The method and device of the USB port of monitoring LAN Computer |
| US9537865B1 (en) * | 2015-12-03 | 2017-01-03 | International Business Machines Corporation | Access control using tokens and black lists |
-
2017
- 2017-01-13 CN CN201710027444.8A patent/CN108304222A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105005722A (en) * | 2015-06-26 | 2015-10-28 | 北京北信源软件股份有限公司 | Access control method and apparatus for mobile storage device |
| US9537865B1 (en) * | 2015-12-03 | 2017-01-03 | International Business Machines Corporation | Access control using tokens and black lists |
| CN105488436A (en) * | 2015-12-25 | 2016-04-13 | 北京奇虎科技有限公司 | Mobile storage equipment access method and device |
| CN106254163A (en) * | 2016-09-28 | 2016-12-21 | 广州中软信息技术有限公司 | The method and device of the USB port of monitoring LAN Computer |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110764827A (en) * | 2018-07-27 | 2020-02-07 | 中标软件有限公司 | Control system and method for computer peripheral equipment |
| CN110764827B (en) * | 2018-07-27 | 2023-05-30 | 中标软件有限公司 | Control system and method for computer peripheral equipment |
| CN110598428A (en) * | 2019-08-22 | 2019-12-20 | 中国电子科技集团公司第二十八研究所 | USB (Universal Serial bus) equipment management and control system based on Linux user space |
| CN112836203A (en) * | 2021-02-03 | 2021-05-25 | 中标软件有限公司 | Method for realizing android system equipment management and control based on kernel customization |
| CN117112047A (en) * | 2023-06-30 | 2023-11-24 | 浙江齐安信息科技有限公司 | USB equipment management and control method, equipment and storage medium |
| CN117112047B (en) * | 2023-06-30 | 2024-04-26 | 浙江齐安信息科技有限公司 | USB equipment management and control method, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11611586B2 (en) | Systems and methods for detecting a suspicious process in an operating system environment using a file honeypots | |
| EP3374922B1 (en) | Systems and methods for protecting backed-up data from ransomware attacks | |
| US9852289B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
| CN108304222A (en) | Apparatus management/control system and method | |
| CN105122260A (en) | Context based switching to a secure operating system environment | |
| US10783041B2 (en) | Backup and recovery of data files using hard links | |
| EP3682332B1 (en) | Method and apparatus for erasing or writing flash data | |
| CN107944292B (en) | Privacy data protection method and system | |
| CN100583119C (en) | Mobile memory and method for controlling data download of computer | |
| CN107563192A (en) | A kind of means of defence for extorting software, device, electronic equipment and storage medium | |
| US8307175B2 (en) | Data recovery and overwrite independent of operating system | |
| CN104462940A (en) | Monitoring method and device for computer USB interface | |
| CN101324913B (en) | Method and apparatus for protecting computer file | |
| US10445534B2 (en) | Selective storage device wiping system and method | |
| DE102020113691A1 (en) | SYSTEMS AND PROCEDURES FOR MANAGING END POINT SAFETY STATES | |
| US11216559B1 (en) | Systems and methods for automatically recovering from malware attacks | |
| CN114861160A (en) | Method, device, equipment and storage medium for improving non-administrator account authority | |
| CN113127141B (en) | Container system management method and device, terminal equipment and storage medium | |
| CN104809418A (en) | Personal electronic device and personal electronic device loss protection system and method | |
| CN113051533A (en) | Safety management method of terminal equipment | |
| US20210081117A1 (en) | Non-volatile memory protections | |
| US9280666B2 (en) | Method and electronic device for protecting data | |
| US11132442B1 (en) | Systems and methods for enforcing secure shared access on computing devices by context pinning | |
| US20220327211A1 (en) | Data processing system and method capable of separating application processes | |
| CN115857825A (en) | Data erasing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180720 |