CN112800493A - Information processing method and device - Google Patents
Information processing method and device Download PDFInfo
- Publication number
- CN112800493A CN112800493A CN202110168850.2A CN202110168850A CN112800493A CN 112800493 A CN112800493 A CN 112800493A CN 202110168850 A CN202110168850 A CN 202110168850A CN 112800493 A CN112800493 A CN 112800493A
- Authority
- CN
- China
- Prior art keywords
- disk
- analyzed
- target
- information
- information processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000010365 information processing Effects 0.000 title claims abstract description 138
- 238000003672 processing method Methods 0.000 title claims abstract description 34
- 238000000034 method Methods 0.000 claims description 39
- 238000004891 communication Methods 0.000 claims description 18
- 230000001360 synchronised effect Effects 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 12
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 30
- 238000010586 diagram Methods 0.000 description 14
- 238000004458 analytical method Methods 0.000 description 8
- 230000002159 abnormal effect Effects 0.000 description 7
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000012544 monitoring process Methods 0.000 description 6
- 238000010276 construction Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 238000010835 comparative analysis Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the application discloses an information processing method, which comprises the following steps: acquiring target characteristic information of a magnetic disc to be analyzed; the target characteristic information is used for representing the disk characteristics of the disk to be analyzed; determining the safety category of the disk to be analyzed based on the target characteristic information; and determining target operation for carrying out security management on the disk to be analyzed based on the security category of the disk to be analyzed. The embodiment of the application also discloses information processing equipment.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to an information processing method and device.
Background
The Redundant Array of Independent Disks (RAID) technology has the advantages of high capacity, high performance, availability, reliability, and the like, is widely used in a production system of an enterprise user, and ensures high reliability of server and edge node Disk data by using data redundancy technologies such as mirroring and data verification. Therefore, when a disk of a certain disk position of the server or the edge node fails, the failed disk can be pulled out, and a new disk is directly inserted into the corresponding disk position, so that data reconstruction and synchronization can be performed, data redundancy of the server is achieved again, and high availability is guaranteed. However, at the same time, an attacker also uses the data redundancy technology to copy and steal the disk data of the enterprise server or the edge server, that is, the attacker can insert the disk of the attacker into the attacked server or the edge node to perform synchronous copy, which causes great potential safety hazard and economic loss for the enterprise. At present, disk data is usually encrypted by a disk encryption scheme or a user identity authentication technical scheme, so that the technical problem is solved.
However, in the current process of encrypting and decrypting disk data, a server or a CPU resource with a high edge node needs to be occupied, and a service provided by an enterprise is easily affected greatly, so that more enterprises give up encryption operations for disk data, and thus, because a protection mode for disk data security is single, the risk of disk data leakage is high, and the security of disk data leakage is low.
Content of application
In order to solve the foregoing technical problem, embodiments of the present application are intended to provide an information processing method and apparatus.
The technical scheme of the application is realized as follows:
in a first aspect, an information processing method is applied to an information processing apparatus, and the method includes:
acquiring target characteristic information of a magnetic disc to be analyzed; the target characteristic information is used for representing the disk characteristics of the disk to be analyzed;
determining the safety category of the disk to be analyzed based on the target characteristic information;
and determining target operation for carrying out security management on the disk to be analyzed based on the security category of the disk to be analyzed.
Optionally, before obtaining the target feature information of the disk to be analyzed, the method further includes:
if the disk to be analyzed is determined to be a disk currently inserted into the reference equipment, determining the identity identification information of the reference equipment; wherein the reference device is the information processing device or an edge node device managed by the information processing device;
correspondingly, the determining the security category of the disk to be analyzed based on the target feature information includes:
and determining the security category of the disk to be analyzed based on the target characteristic information and the identity identification information.
Optionally, the determining the security category of the disk to be analyzed based on the target feature information and the identity information includes:
performing identity authentication on the disk to be analyzed based on the target characteristic information and the identity identification information;
if the disk to be analyzed does not pass the identity authentication, determining that the security class of the disk to be analyzed is an illegal invasive disk class;
correspondingly, the target operation for performing security management on the disk to be analyzed is determined based on the security category of the disk to be analyzed, and the method further includes:
and if the security class is the illegal invasive disk class, determining that the target operation is to forbid the synchronous data operation on the disk to be analyzed and to reject the disk to be analyzed.
Optionally, after determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed, the method further includes:
if a synchronous instruction for synchronizing data to the disk to be analyzed is detected, the operation for prohibiting the data to be synchronized to the disk to be analyzed is executed;
determining target disk position information inserted by the disk to be analyzed;
and based on the target disk position information, rejecting the disk to be analyzed.
Optionally, after determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed, the method further includes:
generating a first control message based on the target operation;
sending the first control message to the reference device; wherein the first control message is used to instruct the reference device to perform the target operation.
Optionally, before obtaining the target feature information of the disk to be analyzed, the method further includes:
if the target disk is detected to be inserted into the information processing equipment, acquiring disk verification information from the target disk;
determining at least one disk except the target disk in the information processing equipment to obtain the disk to be analyzed;
correspondingly, the determining the security category of the disk to be analyzed based on the target feature information includes:
performing identity authentication on the disk to be analyzed based on the target characteristic information and the disk verification information;
if the disk to be analyzed does not pass the identity authentication, determining that the disk to be analyzed belongs to a non-safe operation environment category; wherein the security type includes the non-secure operating environment category.
Optionally, the determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed includes:
if the security type of the disk to be analyzed is the non-security operation environment type, determining that the target operation is an access interception operation;
generating a second control message based on the access interception operation;
sending the second control message to the target disk; and the second control message is used for indicating that the access interception operation is executed when the target disk receives a data read-write request, and the data read-write request is not responded.
Optionally, the target feature information at least includes one of the following information: disk array level, model number, serial number, capacity, and inserted bay information.
In a second aspect, an information processing apparatus includes: a first processor, a memory, and a communication bus; wherein:
the memory to store executable instructions;
the communication bus is used for realizing communication connection between the first processor and the memory;
the first processor is configured to execute the information processing program stored in the memory to implement the steps of the information processing method according to any one of the above.
In a third aspect, an information processing apparatus includes: the system comprises a second processor, a disk to be analyzed and a second communication bus; wherein:
the disk to be analyzed is used for storing data information in the information processing equipment;
the second communication bus is used for realizing the communication connection between the second processor and the disk to be analyzed;
the second processor is configured to execute, if it is detected that the target disk is inserted into the information processing apparatus, the information processing program stored in the target storage area of the target disk, so as to implement the steps of the information processing method according to any one of the above.
The embodiment of the application provides an information processing method and device, wherein after target characteristic information of a disk to be analyzed is obtained, the safety category of the disk to be analyzed is determined based on the target characteristic information, and target operation for safety management of the disk to be analyzed is determined based on the safety category of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Drawings
Fig. 1 is a schematic flowchart of an information processing method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of another information processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another information processing method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an information processing apparatus according to an embodiment of the present application;
fig. 5 is a schematic flowchart of another information processing method according to an embodiment of the present application;
fig. 6 is a schematic flowchart of an information processing method according to another embodiment of the present application;
fig. 7 is a schematic flowchart of another information processing method according to another embodiment of the present application;
FIG. 8 is a schematic structural diagram of a target disk according to an embodiment of the present application;
fig. 9 is a schematic view of an application scenario of a target disk according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of another information processing apparatus according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of another information processing apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
An embodiment of the present application provides an information processing method, as shown in fig. 1, which is applied to an information processing apparatus, and includes the steps of:
The target characteristic information is used for representing the disk characteristics of the disk to be analyzed.
In this embodiment, the information processing device may be a central server having a centralized management control function, an edge node device providing an edge service in a service cluster, or an electronic device such as a general server that has a disk and can plug and unplug the disk. In different application scenarios, the disk to be analyzed may be a disk inserted into the information processing device, or may be a disk installed in the information processing device. The target characteristic information is the disk characteristics of the disk to be analyzed, and can be used for identifying the disk to be analyzed.
And 102, determining the security class of the disk to be analyzed based on the target characteristic information.
In the embodiment of the application, the target characteristic information of the disk to be analyzed is subjected to security analysis, and the security category of the disk to be analyzed is determined. The security class of the disk to be analyzed comprises a compliance disk class and an illegal intrusion disk class, or a security operation environment class and a non-security operation environment class. The compliant disk type and the safe operation environment type belong to a safe condition, and the illegal invasive disk type and the unsafe operation environment type belong to an unsafe condition.
And 103, determining target operation for performing security management on the disk to be analyzed based on the security category of the disk to be analyzed.
In the embodiment of the application, target operation for managing the disk to be analyzed is determined according to the determined security type of the disk to be analyzed, and under a secure condition, the target operation at least comprises operations of allowing the disk to be analyzed to be accessed, and under an insecure condition, the target operation is operations of not allowing the disk to be analyzed to synchronize data and the like.
The embodiment of the application provides an information processing method, which comprises the steps of determining the security class of a disk to be analyzed based on target characteristic information after the target characteristic information of the disk to be analyzed is obtained, and determining target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Based on the foregoing embodiments, an embodiment of the present application provides an information processing method, as shown in fig. 2, when a reference device is an information processing device, the method is applied to the information processing device, and the method includes the steps of:
In this embodiment of the application, the identification information of the reference device may be identification information for uniquely identifying the reference device, and for example, may be identification information such as a serial number of the reference device or a serial number set for the reference device in a cluster. If the information processing equipment detects that the disk is inserted into the disk of the information processing equipment, the currently inserted disk is determined to be a disk to be analyzed, and the identity identification information of the information processing equipment is determined. The information processing apparatus may be any electronic apparatus having a magnetic disk and being capable of inserting and extracting the magnetic disk.
The target characteristic information is used for representing the disk characteristics of the disk to be analyzed. The target feature information includes at least one of the following information: disk array level, model number, serial number, capacity, and inserted bay information.
In the embodiment of the application, the information processing device obtains the disk array level of the currently inserted disk, that is, the disk to be analyzed, the model of the disk to be analyzed, the serial number of the disk to be analyzed, the capacity of the disk to be analyzed, and the inserted disk position information of the disk to be analyzed, so as to obtain the target characteristic information. The inserted disk position information of the disk to be analyzed refers to the insertion position of the disk to be analyzed in the information processing device.
And 203, determining the security category of the disk to be analyzed based on the target characteristic information and the identity information.
In the embodiment of the application, the information processing device acquires at least one preset disk feature information corresponding to the identity information from the reference storage area, performs comparative analysis on the target feature information and the acquired at least one preset disk feature information, and determines whether the target feature information is in the at least one preset disk feature information, so as to determine the security category of the disk to be analyzed. The reference storage area may be a local storage area of the information processing apparatus, or may be a cloud storage space that the information processing apparatus can access.
If the target characteristic information is the same as one preset disk characteristic information in the at least one preset disk characteristic information, at this time, the disk to be analyzed passes identity authentication, so that the security class of the disk to be analyzed can be determined to be a compliant disk class; if the target characteristic information is different from any preset disk characteristic information in the at least one preset disk characteristic information, the disk to be analyzed does not pass identity authentication, and therefore the security class of the disk to be analyzed can be determined to be an illegal disk intrusion class.
And 204, determining target operation for performing security management on the disk to be analyzed based on the security category of the disk to be analyzed.
In the embodiment of the application, when the security class of the disk to be analyzed is the compliant disk class, the target operation is to allow data reading and data writing operations for the disk to be analyzed; and when the security class of the disk to be analyzed is the illegal disk intrusion class, the target operation is to prohibit the data reading and writing operations aiming at the disk to be analyzed. Therefore, after the security class of the currently inserted disk is determined, whether the data is synchronized to the currently inserted disk is determined according to the security class of the currently inserted disk, and the data security in the information processing equipment is effectively guaranteed.
Based on the foregoing embodiments, in other embodiments of the present application, step 203 may be implemented by steps 203a to 203 b:
and 203a, performing identity authentication on the disk to be analyzed based on the target characteristic information and the identity identification information.
In the embodiment of the application, the target characteristic information and the identity identification information are subjected to Hash processing to obtain a target Hash value, and if the target Hash value is not matched with the preset Hash value, the preset disk characteristic information corresponding to the identity identification information is obtained; the preset hash value corresponds to a preset disk which passes verification in advance; and if the target characteristic information is not matched with the preset characteristic information, determining that the disk to be analyzed does not pass the identity authentication, and if the target characteristic information is matched with the preset characteristic information, determining that the disk to be analyzed passes the identity authentication.
In the embodiment of the application, when it is determined that the disk to be analyzed does not pass the identity authentication, it is determined that the security class of the disk to be analyzed is an illegal disk invasion class, that is, the disk to be analyzed may be a disk into which an illegal person inserts to the information processing device to steal data in the information processing device. And if the disk to be analyzed passes the identity authentication, determining that the security class of the disk to be analyzed is the compliance disk class.
Correspondingly, step 204 may be implemented by step 204 a:
In an embodiment of the present application, the synchronous data operation includes a read data operation and a write data operation. In some application scenarios, after determining a target operation, the information processing device may directly execute the target operation, prohibit other installed disks in the information processing device from synchronizing data to the disk to be analyzed, and remove the disk to be analyzed.
Based on the foregoing embodiment, in another embodiment of the present application, referring to fig. 3, after the information processing apparatus performs step 204a, the information processing apparatus is further configured to perform steps 205 to 207:
In this embodiment of the present application, the synchronization instruction may be a data synchronization request instruction sent by a disk to be analyzed.
And step 206, determining target disk position information inserted into the disk to be analyzed.
And step 207, based on the target disk position information, eliminating the disk to be analyzed.
In this way, the embodiment of the application is improved from the information processing device side, so that when the information processing device detects the inserted disk, the safety judgment is performed on the inserted disk, the inserted disk is prevented from being a disk in which data information is stolen by lawless persons, and the risk of data leakage on the information processing device side is reduced.
Based on the foregoing embodiments, referring to fig. 4, a schematic structural diagram of an information processing apparatus provided in an embodiment of the present application is shown, where the information processing apparatus includes: an edge security alarm module a1, a disk security access authentication and analysis module a2, a compliant disk database a3, a disk security information analysis and reporting module a4, a disk security information cache module a5, a disk security information construction module a6, a disk information identification module a7, a disk data control module a8, a RAID controller a9 and a disk a10, wherein the disk a9 includes: compliant disk 1a91, compliant disk 2a92, and current plug-in disk a 93; wherein:
the disk information identification module a7 is configured to identify the currently inserted invasive disk through the RAID controller, and obtain reference characteristic information of the invasive disk: and the level, the model, the serial number, the capacity and the inserted disk position information of the disk array are sent to a disk safety information construction module.
And the disk security information construction module a6 is configured to perform construction processing on the received reference feature information according to a certain disk data format to obtain target feature information, and send the target feature information to the disk security information analysis and reporting module. Meanwhile, the magnetic disk safety information construction module can also adopt a Hash (Hash) algorithm to carry out Hash processing on the target characteristic information to obtain a target Hash value.
For example, the disk data format may be as follows:
the disk security information caching module a5 is configured to cache a predetermined hash value corresponding to predetermined disk feature information of a compliant disk.
And the disk security information analyzing and reporting module a4 is configured to compare the received target hash value with a preset hash value in the disk security information caching module, and send the target feature information to the disk security access authentication and analysis module if the target hash value is not matched with the preset hash value.
And the compliance disk database a3 is used for storing preset disk characteristic information of the compliance disk which passes the authentication in advance.
The disk security access authentication and analysis module a2 is used for comparing the target characteristic information with preset disk characteristic information stored in a compliance disk database, and calling an edge security alarm module to alarm if any preset disk characteristic information of the compliance disk database is uniformly matched with the target characteristic information; and meanwhile, sending a data synchronization blocking instruction to the disk data control module. If the preset disk characteristic information matched with the target characteristic information exists in the compliant disk library, a data synchronization instruction is sent to the disk control module, and at this moment, a scene of normally replacing the fault disk may be found.
And the disk data control module a8 is configured to control the RAID controller to stop performing data synchronization operation on the currently inserted disk if a data synchronization blocking instruction sent by the disk security access authentication and analysis module is received. This step may be implemented in a number of ways, and the method used herein is not limited to this method. Further, the disk position corresponding to the currently inserted disk can be manually removed through RAID controller management software, and the specific removal operation can be implemented through the following instructions:
/opt/MegaRAID/MegaCli/MegaCli64-PDOffline-PhysDrv [1:4] -a0// delete physical disk number 1:4
The disk data control module a8 is further configured to call the RAID controller to synchronize the data in the compliant disk 1 and the compliant disk 2 to the currently inserted disk if a data synchronization instruction sent by the disk security access authentication and analysis module is received.
It should be noted that, for the descriptions of the same steps and the same contents in this embodiment as those in other embodiments, reference may be made to the descriptions in other embodiments, which are not described herein again.
The embodiment of the application provides an information processing method, which comprises the steps of determining the security class of a disk to be analyzed based on target characteristic information after the target characteristic information of the disk to be analyzed is obtained, and determining target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Based on the foregoing embodiments, an embodiment of the present application provides an information processing method, as shown in fig. 5, when a reference device is an edge node device managed by an information processing device, the method includes the following steps:
step 301, if it is determined that the disk to be analyzed is the disk currently inserted into the reference device, the information processing device determines the identity information of the reference device.
In the embodiment of the application, when the reference device detects that a disk is currently inserted into the reference device, the reference device sends a message including the identification information of the reference device to the information processing device.
Step 302, the information processing device receives target characteristic information of the disk to be analyzed, which is sent by the reference device.
The target characteristic information is used for representing the disk characteristics of the disk to be analyzed. The target feature information includes at least one of the following information: disk array level, model number, serial number, capacity, and inserted bay information.
In the embodiment of the application, the information processing device receives the target characteristic information of the disk to be analyzed, which is sent by the reference device, so that the information processing device can obtain the target characteristic information of the disk to be analyzed of the reference device. In some application scenarios, the target characteristic information of the disk to be analyzed may also be obtained by the information processing device actively from the reference device.
Step 303, the information processing device determines the security category of the disk to be analyzed based on the target feature information and the identity information.
Step 304, the information processing device determines a target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed.
Based on the foregoing embodiments, in other embodiments of the present application, step 303 may be implemented by steps 303a to 303 b:
and step 303a, the information processing equipment performs identity authentication on the disk to be analyzed based on the target characteristic information and the identity identification information.
Step 303b, if the disk to be analyzed does not pass the identity authentication, the information processing device determines that the security class of the disk to be analyzed is the illegal disk intrusion class.
Correspondingly, step 304 may be implemented by step 304 a:
step 304a, if the security type is the type of illegal disk intrusion, the information processing equipment determines that the target operation is to prohibit the operation of synchronizing data to the disk to be analyzed and to eliminate the operation of the disk to be analyzed.
In other embodiments of the present application, referring to fig. 6, after the information processing apparatus executes step 304a, the information processing apparatus is further configured to execute the following steps:
step 305, the information processing apparatus generates a first control message based on the target operation.
Step 306, the information processing device sends a first control message to the reference device.
Wherein the first control message is used to instruct the reference device to perform the target operation.
In the embodiment of the application, after the reference device receives the first control message, the reference device responds to the first control message, if a synchronous instruction for synchronizing data to the disk to be analyzed is detected, the reference device executes an operation of prohibiting the data from being synchronized to the disk to be analyzed, determines target disk position information inserted into the disk to be analyzed, and rejects the disk to be analyzed based on the target disk position information.
It should be noted that, for the descriptions of the same steps and the same contents in this embodiment as those in other embodiments, reference may be made to the descriptions in other embodiments, which are not described herein again.
The embodiment of the application provides an information processing method, which comprises the steps of determining the security class of a disk to be analyzed based on target characteristic information after the target characteristic information of the disk to be analyzed is obtained, and determining target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Based on the foregoing embodiments, the present application provides an information processing method, as shown in fig. 7, the method is applied to an information processing apparatus, an information processing program for implementing the information processing method is stored in a target disk, and the information processing program stored in the target disk is run by the information processing apparatus when the target disk is inserted into the information processing apparatus, so as to implement the information processing method, and the method includes the following steps:
In this embodiment of the present application, after detecting that the target disk is inserted, the information processing device executes an information processing program stored in the target disk, and the disk authentication information may be preset disk feature information of at least one preset disk that passes through identity authentication. In some application scenarios, the disk authentication information may be a disk serial number of at least one predetermined disk that passes authentication. The information processing device may be any electronic device that has a disk and is capable of plugging and unplugging the disk, such as a server or an edge node device.
In the embodiment of the present application, at least one disk of the information processing apparatus other than the target disk is a disk that has been inserted into the information processing apparatus before the target disk is inserted into the information processing apparatus.
And step 403, acquiring target characteristic information of the disk to be analyzed.
The target characteristic information is used for representing the disk characteristics of the disk to be analyzed. The target feature information includes at least one of the following information: disk array level, model number, serial number, capacity, and inserted bay information.
And step 404, performing identity authentication on the disk to be analyzed based on the target characteristic information and the disk verification information.
In the embodiment of the application, the identity authentication is performed on the disk to be analyzed by judging whether the target characteristic information is matched with the disk verification information.
Wherein the security type includes a non-secure operating environment category.
In the embodiment of the application, if the target characteristic information of the disk to be analyzed is not matched with any one of the disk verification information, it is determined that the disk to be analyzed does not pass the identity authentication, and at this time, it can be determined that the disk to be analyzed belongs to the category of the non-safe operation environment.
And 406, determining a target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed.
In the embodiment of the application, if the security type of the disk to be analyzed is the security operation environment type, the target operation is determined to be an operation allowing data in the target disk to be synchronized.
Based on the foregoing embodiments, in other embodiments of the present application, step 406 may be implemented by steps 406a to 406 c:
step 406a, if the security type of the disk to be analyzed is the non-security operation environment type, determining that the target operation is an access interception operation.
In the embodiment of the application, because the target characteristic information of the disk to be analyzed is not matched with the disk verification information in the target disk, it may be determined that the disk to be analyzed is not a disk preset in the target disk, and thus, it may be determined that the operating environment provided by the information processing device is unsafe, and therefore, it may be determined that the security class of the disk to be analyzed is the non-security operating environment class, and the target operation is the access interception operation.
And 406b, generating a second control message based on the access interception operation.
In this embodiment of the application, the second control message is used to instruct the target disk not to respond to the data synchronization request instruction when receiving the data synchronization request instruction sent by the disk to be analyzed.
And step 406c, sending a second control message to the target disk.
And the second control message is used for indicating that the target disk executes access interception operation when receiving the data read-write request and does not respond to the data read-write request.
Based on the foregoing embodiments, referring to fig. 8, an embodiment of the present application provides a structural schematic diagram of a target disk, where the target disk includes: a Disk space application and locking module b1, an operating environment security monitoring module b2, a Disk Input Output (I/O) exception access intercepting module b3, and a Disk Data Format (DDF) area module b 4. Wherein:
the DDF area module b4 is configured to store disk authentication information, where the disk authentication information may specifically be RAID information of disks that have passed authentication, and the RAID information of each disk includes information such as a disk array level, a model number, a serial number, a capacity, and inserted disk position information.
And a disk space application and locking module b1, configured to apply for a fixed address space and lock the address space, where an information processing program for implementing the information processing methods corresponding to steps 401 to 406 and steps 406a to 406c is stored in the disk space application and locking module, and the address space is only used for implementing the information processing program, and any other process cannot access the address space.
The operation environment safety monitoring module b2, which is automatically started after the target disk is inserted into the information processing device for powering on, is used for performing safety detection on the current operation environment of the target disk, and the process of safety monitoring may be as follows: analyzing all RAID information stored in the DDF area module to obtain disk serial numbers of all disks included in the DDF area module; then comparing the disk serial number on the information processing equipment with the disk serial numbers of all disks in the DDF area module; if the disk serial numbers of the information processing equipment are not matched with the disk serial numbers of all the disks in the DDF area module, determining that the current operating environment of the target disk is abnormal, and sending an I/O request intercepting instruction to a disk I/O abnormal access intercepting module; the I/O request intercepting instruction is the second control message.
The disk I/O exception access intercepting module b3 is automatically started after the target disk is powered on, and is configured to receive an I/O request intercepting instruction sent by the operating environment security monitoring module b2, and actively intercept a user data read-write request issued from the virtual file system layer. As shown in fig. 9, after the disk I/O abnormal access intercepting module b3 receives the I/O request intercepting instruction, the specific process of the disk I/O abnormal access intercepting module b3 actively intercepting the user data read-write request issued from the virtual file system layer is as follows: c1, the virtual file system layer of the user side sends an I/O request instruction to the disk I/O abnormal access intercepting module, a monitoring and identifying unit in the disk I/O abnormal access intercepting module receives the I/O request instruction, c2, the monitoring and identifying unit sends the received I/O request instruction to a data response unit in the disk I/O abnormal access intercepting module, and c3, the data response unit responds to the I/O request instruction and returns null data aiming at the I/O request instruction to the user.
Therefore, the disk is correspondingly improved in the embodiment of the application, so that the risk of information leakage caused by easily reading information in the disk after the disk is stolen by lawless persons is prevented, and the safety of data in the stolen disk is effectively ensured.
It should be noted that, for the descriptions of the same steps and the same contents in this embodiment as those in other embodiments, reference may be made to the descriptions in other embodiments, which are not described herein again.
The embodiment of the application provides an information processing method, which comprises the steps of determining the security class of a disk to be analyzed based on target characteristic information after the target characteristic information of the disk to be analyzed is obtained, and determining target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Based on the foregoing embodiments, embodiments of the present application provide an information processing apparatus that can be applied to the information processing methods provided in the embodiments corresponding to fig. 1 to 3 and fig. 5 to 6, and as shown in fig. 10, the information processing apparatus 5 may include: a first processor 51, a memory 52 and a communication bus 53, wherein:
a communication bus 53 for implementing a communication connection between the processor 51 and the memory 52;
a processor 51 for executing the information processing program stored in the memory 52 to realize the steps of:
acquiring target characteristic information of a magnetic disc to be analyzed; the target characteristic information is used for representing the disk characteristics of the disk to be analyzed;
determining the safety category of the disk to be analyzed based on the target characteristic information;
and determining target operation for performing security management on the disk to be analyzed based on the security category of the disk to be analyzed.
In other embodiments of the present application, before the first processor performs the step of obtaining the target feature information of the disk to be analyzed, the first processor is further configured to perform the following steps:
if the disk to be analyzed is determined to be the disk currently inserted into the reference equipment, determining the identity identification information of the reference equipment; the reference equipment is information processing equipment or edge node equipment managed by the information processing equipment;
correspondingly, when the first processor executes the steps to determine the security class of the disk to be analyzed based on the target characteristic information, the steps can be implemented by:
and determining the security category of the disk to be analyzed based on the target characteristic information and the identity identification information.
In other embodiments of the present application, the determining, by the first processor, the security class of the disk to be analyzed based on the target feature information and the identification information includes:
performing identity authentication on the disk to be analyzed based on the target characteristic information and the identity identification information;
if the disk to be analyzed does not pass identity authentication, determining the security class of the disk to be analyzed as the class of the illegal invasive disk;
correspondingly, when the first processor executes the step of determining the target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed, the following steps may be implemented:
and if the security class is the illegal disk intrusion class, determining that the target operation is the operation of forbidding synchronous data operation on the disk to be analyzed and the operation of removing the disk to be analyzed.
In other embodiments of the present application, after the first processor executes the step of determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed, the first processor is further configured to execute the following steps:
if a synchronous instruction for synchronizing data to the disk to be analyzed is detected, executing operation for prohibiting the data to be synchronized to the disk to be analyzed;
determining target disk position information inserted by a disk to be analyzed;
and based on the target disk position information, eliminating the disk to be analyzed.
In other embodiments of the present application, after the first processor executes the step of determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed, the first processor is further configured to execute the following steps:
generating a first control message based on the target operation;
sending a first control message to the edge node device; the first control message is used for instructing the edge node equipment to execute target operation.
In other embodiments of the present application, the target feature information includes at least one of: disk array level, model number, serial number, capacity, and inserted bay information.
It should be noted that, in the embodiment, a specific implementation process of the step executed by the processor may refer to implementation processes in the information processing method provided in the embodiments corresponding to fig. 1 to 3 and fig. 5 to 6, and details are not described here.
The embodiment of the application provides an information processing device, which determines the security class of a disk to be analyzed based on target characteristic information after the target characteristic information of the disk to be analyzed is acquired, and determines target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Based on the foregoing embodiments, an embodiment of the present application provides an information processing apparatus that can be applied to the information processing methods provided in the embodiments corresponding to fig. 1 and 7, and referring to fig. 11, the information processing apparatus 5 may include: a second processor 54, a disk to be analyzed 55, and a second communication bus 56, wherein:
a disk to be analyzed 55 for storing data information in the information processing apparatus;
a second communication bus 56, configured to implement communication connection between the second processor and the disk to be analyzed;
a second processor 54, configured to execute the information processing program stored in the target storage area of the target disk if it is detected that the target disk is inserted into the information processing apparatus, so as to implement the following steps:
acquiring target characteristic information of a magnetic disc to be analyzed; the target characteristic information is used for representing the disk characteristics of the disk to be analyzed;
determining the safety category of the disk to be analyzed based on the target characteristic information;
and determining target operation for performing security management on the disk to be analyzed based on the security category of the disk to be analyzed.
In other embodiments of the present application, before the second processor performs the step of obtaining the target feature information of the disk to be analyzed, the second processor is further configured to perform the following steps:
if the target disk is detected to be inserted into the information processing equipment, acquiring disk verification information from the target disk;
determining at least one disk except for a target disk in the information processing equipment to obtain a disk to be analyzed;
correspondingly, when the second processor executes the step of determining the security class of the disk to be analyzed based on the target characteristic information, the steps of:
performing identity authentication on the disk to be analyzed based on the target characteristic information and the disk verification information;
if the disk to be analyzed does not pass identity authentication, determining that the disk to be analyzed belongs to the category of the unsafe operating environment; wherein the security type includes a non-secure operating environment category.
In other embodiments of the present application, when the second processor determines the target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed, the step of executing by the second processor may be implemented by:
if the security type of the disk to be analyzed is the non-security operation environment type, determining that the target operation is an access interception operation;
generating a second control message based on the access interception operation;
sending a second control message to the target disk; and the second control message is used for indicating that the target disk executes access interception operation when receiving the data read-write request and does not respond to the data read-write request.
In other embodiments of the present application, the target feature information includes at least one of: disk array level, model number, serial number, capacity, and inserted bay information.
It should be noted that, for a specific implementation process of the step executed by the processor in this embodiment, reference may be made to an implementation process in the information processing method provided in the embodiment corresponding to fig. 1 and fig. 7, and details are not described here again.
The embodiment of the application provides an information processing device, which determines the security class of a disk to be analyzed based on target characteristic information after the target characteristic information of the disk to be analyzed is acquired, and determines target operation for performing security management on the disk to be analyzed based on the security class of the disk to be analyzed. Therefore, after the safety category of the disk to be analyzed is determined through the target characteristic information of the disk to be analyzed, safety management is carried out on the disk to be analyzed, the problem that the protection mode aiming at the disk data safety is single is solved, the protection mode aiming at the disk data safety is enriched, the risk of disk data leakage is reduced, and the safety of the disk data is improved.
Based on the foregoing embodiments, embodiments of the present application provide a computer-readable storage medium, which may be referred to as a storage medium for short, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to implement the implementation processes in the information processing methods provided in the embodiments corresponding to fig. 1 to 3 and fig. 5 to 6, or fig. 1 and fig. 7, and details of the implementation processes are not described here again.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application.
Claims (10)
1. An information processing method applied to an information processing apparatus, the method comprising:
acquiring target characteristic information of a magnetic disc to be analyzed; the target characteristic information is used for representing the disk characteristics of the disk to be analyzed;
determining the safety category of the disk to be analyzed based on the target characteristic information;
and determining target operation for carrying out security management on the disk to be analyzed based on the security category of the disk to be analyzed.
2. The method of claim 1, before obtaining the target characteristic information of the disk to be analyzed, the method further comprising:
if the disk to be analyzed is determined to be a disk currently inserted into the reference equipment, determining the identity identification information of the reference equipment; wherein the reference device is the information processing device or an edge node device managed by the information processing device;
correspondingly, the determining the security category of the disk to be analyzed based on the target feature information includes:
and determining the security category of the disk to be analyzed based on the target characteristic information and the identity identification information.
3. The method of claim 2, wherein the determining the security class of the disk to be analyzed based on the target feature information and the identity information comprises:
performing identity authentication on the disk to be analyzed based on the target characteristic information and the identity identification information;
if the disk to be analyzed does not pass the identity authentication, determining that the security class of the disk to be analyzed is an illegal invasive disk class;
correspondingly, the target operation for performing security management on the disk to be analyzed is determined based on the security category of the disk to be analyzed, and the method further includes:
and if the security class is the illegal invasive disk class, determining that the target operation is to forbid the synchronous data operation on the disk to be analyzed and to reject the disk to be analyzed.
4. The method according to claim 3, after determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed, the method further comprising:
if a synchronous instruction for synchronizing data to the disk to be analyzed is detected, the operation for prohibiting the data to be synchronized to the disk to be analyzed is executed;
determining target disk position information inserted by the disk to be analyzed;
and based on the target disk position information, rejecting the disk to be analyzed.
5. The method according to claim 3, after determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed, the method further comprising:
generating a first control message based on the target operation;
sending the first control message to the reference device; wherein the first control message is used to instruct the reference device to perform the target operation.
6. The method of claim 1, before obtaining the target characteristic information of the disk to be analyzed, the method further comprising:
if the target disk is detected to be inserted into the information processing equipment, acquiring disk verification information from the target disk;
determining at least one disk except the target disk in the information processing equipment to obtain the disk to be analyzed;
correspondingly, the determining the security category of the disk to be analyzed based on the target feature information includes:
performing identity authentication on the disk to be analyzed based on the target characteristic information and the disk verification information;
if the disk to be analyzed does not pass the identity authentication, determining that the disk to be analyzed belongs to a non-safe operation environment category; wherein the security type includes the non-secure operating environment category.
7. The method of claim 6, wherein the determining, based on the security class of the disk to be analyzed, a target operation for performing security management on the disk to be analyzed comprises:
if the security type of the disk to be analyzed is the non-security operation environment type, determining that the target operation is an access interception operation;
generating a second control message based on the access interception operation;
sending the second control message to the target disk; and the second control message is used for indicating that the access interception operation is executed when the target disk receives a data read-write request, and the data read-write request is not responded.
8. The method according to any one of claims 1 to 7, wherein the target feature information comprises at least one of: disk array level, model number, serial number, capacity, and inserted bay information.
9. An information processing apparatus, the information processing apparatus comprising: a first processor, a memory, and a communication bus; wherein:
the memory to store executable instructions;
the communication bus is used for realizing communication connection between the first processor and the memory;
the first processor is configured to execute the information processing program stored in the memory to implement the steps of the information processing method according to any one of claims 1 to 5 and claim 8.
10. An information processing apparatus, the information processing apparatus comprising: the system comprises a second processor, a disk to be analyzed and a second communication bus; wherein:
the disk to be analyzed is used for storing data information in the information processing equipment;
the second communication bus is used for realizing the communication connection between the second processor and the disk to be analyzed;
the second processor, configured to execute, if it is detected that the target disk is inserted into the information processing apparatus, an information processing program stored in a target storage area of the target disk, so as to implement the steps of the information processing method according to any one of claim 1 and claims 6 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110168850.2A CN112800493A (en) | 2021-02-07 | 2021-02-07 | Information processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110168850.2A CN112800493A (en) | 2021-02-07 | 2021-02-07 | Information processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112800493A true CN112800493A (en) | 2021-05-14 |
Family
ID=75814659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110168850.2A Pending CN112800493A (en) | 2021-02-07 | 2021-02-07 | Information processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112800493A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101221485A (en) * | 2008-01-24 | 2008-07-16 | 创新科存储技术(深圳)有限公司 | Method for establishing redundant magnetic disk array and control device thereof |
| CN102165407A (en) * | 2008-09-29 | 2011-08-24 | 英特尔公司 | Redundant array of independent disks-related operations |
| CN103049400A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Disk reconfiguration method and disk reconfiguration device |
| CN108897496A (en) * | 2018-06-29 | 2018-11-27 | 平安科技(深圳)有限公司 | Disk array configuring management method, device, computer equipment and storage medium |
| WO2019174646A1 (en) * | 2018-03-16 | 2019-09-19 | 何小林 | Method and system for protecting raid array data security by means of trusted channel technology. |
| CN111680334A (en) * | 2020-06-11 | 2020-09-18 | 深圳市网心科技有限公司 | Disk security access method, device, equipment and medium |
-
2021
- 2021-02-07 CN CN202110168850.2A patent/CN112800493A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101221485A (en) * | 2008-01-24 | 2008-07-16 | 创新科存储技术(深圳)有限公司 | Method for establishing redundant magnetic disk array and control device thereof |
| CN102165407A (en) * | 2008-09-29 | 2011-08-24 | 英特尔公司 | Redundant array of independent disks-related operations |
| CN103049400A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Disk reconfiguration method and disk reconfiguration device |
| WO2019174646A1 (en) * | 2018-03-16 | 2019-09-19 | 何小林 | Method and system for protecting raid array data security by means of trusted channel technology. |
| CN108897496A (en) * | 2018-06-29 | 2018-11-27 | 平安科技(深圳)有限公司 | Disk array configuring management method, device, computer equipment and storage medium |
| CN111680334A (en) * | 2020-06-11 | 2020-09-18 | 深圳市网心科技有限公司 | Disk security access method, device, equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3374922B1 (en) | Systems and methods for protecting backed-up data from ransomware attacks | |
| US9852289B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
| US20190332765A1 (en) | File processing method and system, and data processing method | |
| CN102884535A (en) | Protected device management | |
| CN108073821B (en) | Data security processing method and device | |
| CN109409087B (en) | Anti-privilege-raising detection method and device | |
| CN109447809B (en) | Video active identification method combined with block chain | |
| CN109766215B (en) | Data processing method and device | |
| US9659182B1 (en) | Systems and methods for protecting data files | |
| CN108920099A (en) | Data dynamic storage system and method based on a variety of sliced fashions | |
| TWI607338B (en) | Storage device, data protection method therefor, and data protection system | |
| US20160335433A1 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| US11238157B2 (en) | Efficient detection of ransomware attacks within a backup storage environment | |
| CN108229162B (en) | Method for realizing integrity check of cloud platform virtual machine | |
| CN109214204A (en) | Data processing method and storage equipment | |
| CN109657490B (en) | Transparent encryption and decryption method and system for office files | |
| CN104735069A (en) | High-availability computer cluster based on safety and reliability | |
| CN104361298B (en) | The method and apparatus of Information Security | |
| CN103473512A (en) | Mobile storage medium management method and mobile storage medium management device | |
| US11113152B1 (en) | Systems and methods for managing file backup | |
| CN111488601B (en) | Method and device for processing secret divulgence | |
| CN113568568A (en) | Hardware encryption method, system and device based on distributed storage | |
| US20210294910A1 (en) | Systems and methods for protecting a folder from unauthorized file modification | |
| CN112800493A (en) | Information processing method and device | |
| KR101763184B1 (en) | File recovery method using backup |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |