CN117077127A - Transparent encryption method, device, equipment and storage medium under macOS - Google Patents

Transparent encryption method, device, equipment and storage medium under macOS Download PDF

Info

Publication number
CN117077127A
CN117077127A CN202310759967.7A CN202310759967A CN117077127A CN 117077127 A CN117077127 A CN 117077127A CN 202310759967 A CN202310759967 A CN 202310759967A CN 117077127 A CN117077127 A CN 117077127A
Authority
CN
China
Prior art keywords
file
macos
encrypted
event
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310759967.7A
Other languages
Chinese (zh)
Inventor
邱文乔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuxi Watcher Software Co ltd
Original Assignee
Wuxi Watcher Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuxi Watcher Software Co ltd filed Critical Wuxi Watcher Software Co ltd
Priority to CN202310759967.7A priority Critical patent/CN117077127A/en
Publication of CN117077127A publication Critical patent/CN117077127A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a transparent encryption method, a device, equipment and a storage medium under a macOS, which relate to the field of computers, and are used for creating a terminal security extension program under the macOS and registering related monitoring events to the macOS; determining a file designated by an event when the creation notification event is monitored, adding the file designated by the event to a file list to be encrypted, and marking the file modification state as modified; when an opening authentication event is monitored, traversing a file list to be encrypted based on a target file designated by the event and a file encryption state, adding the decrypted target file into the file list to be encrypted, and marking a file modification state as unmodified; when the closing notification event is monitored, acquiring a target file designated by the current event and a modification record of the target file, traversing a file list to be encrypted and updating a corresponding file modification state. By adopting the scheme, the transparent encryption can be used for file operation management under the macOS, and meanwhile, the system stability is not influenced.

Description

Transparent encryption method, device, equipment and storage medium under macOS
Technical Field
The embodiment of the application relates to the field of file encryption, in particular to a transparent encryption method, device and equipment under macOS and a storage medium.
Background
The transparent encryption method under the macOS is mainly that a hook system call is called, namely, a kernel extension (kext extension) is developed, and a plurality of system service interfaces, such as open/read/write/close, of the bottom layer, which are related to file IO are intercepted. At open time it is determined whether the file has been encrypted or whether encryption is required. And then judging whether the read content needs to be decrypted at the time of read. At write, it is also judged and encrypted until close is completed.
Using this method, there are the following problems: 1. the method uses a hacking technology such as hook sys calls, which can seriously affect the stability of the system, and cause system breakdown, data loss and the like. 2. Distributing the installation kernel extension requires signing by a kernel extension certificate issued by apple company. Apple authorities do not issue certificates for system stability protection, or issued certificates can only sign driven extensions. And the kernel extension DriveKit pushed by apple company can only be developed by using the specification of all drivers, and the issued certificate can only sign the driver extension. At this time, to load the unsigned kernel extension (kext), the system can only be manually turned off sip (System Integrity Protection), and turning off the sip would pose a serious risk to system security.
Therefore, in actual work and life, we hope that the interface provided by apple authorities can be used under the macOS, and a transparent encryption system can be realized on the premise of not negatively affecting the stability and safety of the system. The method is reliable, convenient to open, modify and store, and can encrypt the file in real time to enhance the security.
Disclosure of Invention
The embodiment of the application provides a transparent encryption method, device and equipment under a macOS and a storage medium, which solve the problems of transparent encryption stability and security under the macOS.
In one aspect, the present application provides a transparent encryption method under macOS, including:
creating a file list to be encrypted and a terminal security Endpoint Security extension program for managing files under the macOS, and registering related monitoring events with the macOS; the monitoring event comprises an opening authentication event and a closing notification event;
when the external opening authentication event is monitored, traversing the file list to be encrypted based on a target file designated by the event and a file encryption state, adding the decrypted target file into the file list to be encrypted, and marking the file modification state as unmodified; the file list to be encrypted records a file name and a file modification state, and is used for managing files by the macOS, wherein the file modification state is used for representing modification of file data content;
when the external closing notification event is monitored, acquiring a target file designated by the current event and the actual modification state of the target file, traversing the file list to be encrypted when the file modification record is detected, updating the file modification state corresponding to the list, and returning to the macOS; the updated file modification state is modified, which indicates that modification of the file content is completed.
In another aspect, the present application provides a transparent encryption device under macOS, including:
a first creation module for creating a file list to be encrypted for managing files and a terminal security Endpoint Security extension program under the macOS, and registering related monitoring events with the macOS; monitoring events includes creating notification events, opening authentication events, and closing notification events;
the first processing module is used for traversing the file list to be encrypted based on the target file designated by the event and the file encryption state when the external opening authentication event is monitored, adding the decrypted target file into the file list to be encrypted, and marking the file modification state as unmodified; the file list to be encrypted records a file name and a file modification state, and is used for managing files by the macOS, wherein the file modification state is used for representing modification of file data content;
the second processing module is used for acquiring the target file designated by the current event and the actual modification state of the target file when the external closing notification event is monitored, traversing the file list to be encrypted when the file modification record is detected, updating the file modification state corresponding to the list and returning to the macOS; the updated file modification state is modified, which indicates that modification of the file content is completed.
In yet another aspect, the present application provides a computer device, including a processor and a memory, where the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, and the at least one instruction, the at least one program, the set of codes, or the set of instructions are loaded and executed by the processor to implement the transparent encryption method under macOS described in any one of the above aspects.
In yet another aspect, the present application provides a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by a processor to implement the transparent encryption method under macOS as described in any one of the above aspects.
The technical scheme provided by the embodiment of the application has the beneficial effects that at least: the proposal monitors the controlled process by constructing and Endpoint Security expanding programs in the macOS, establishes a file list to be encrypted for recording the modification state of each file content, and enables the macOS to execute the file management operation of the working thread according to the file list to be encrypted, thus selectively realizing transparent encryption on the files of the appointed type and executing related operations. The method and the system do not need to use high-risk hook syscalls, system breakdown and data loss are avoided, and by adopting the scheme, file operation management can be performed by using transparent encryption under the macOS, and meanwhile, the system stability is not affected.
Drawings
FIG. 1 is a flow chart of a transparent encryption method under a macOS provided by an embodiment of the present application;
FIG. 2 is a schematic diagram of responding to events and performing transparent encryption under a macOS;
FIG. 3 is a flow chart of a process of opening an authentication event;
FIG. 4 is a flow chart of a process for closing a notification event;
FIG. 5 is a flow chart of a process for a worker thread to update a list of encrypted files.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
References herein to "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
Endpoint Security terminal security system extension is a technical framework. The main purpose is to provide an access control and message notification mechanism to realize endpoint protection. For example, a path file in a computer is represented as: users/test/Documents/secret. The authentication class interface (xxxx_auth) of Endpoint Security can be used to control which processes are allowed to open the file, thus preventing Trojan and luxury software from acquiring the file. Similarly, we can use the authentication class interface (xxxx_auth) to interrupt the opportunity of system IO to decrypt the file when it is opened. When the file is not used any more, the file is encrypted again, so that transparent encryption is realized.
Fig. 1 is a flowchart of a transparent encryption method under macOS provided by an embodiment of the present application, including the following steps:
s1, creating a file list to be encrypted and a Endpoint Security extension program for managing files under the macOS, and registering related monitoring events with the macOS.
The mac creates Endpoint Security extension program first and registers according to the event type to be monitored, so that in the subsequent process, endpoint Security extension program can monitor all events and perform the subsequent operation by judging whether the event type is registered.
In the embodiment of the present application, the monitoring EVENT includes registering a creation notification EVENT (expressed as es_event_type_notify_create in the macOS), an OPEN authentication EVENT (expressed as es_event_type_auth_open), a RENAME notification EVENT (expressed as es_event_type_notify_delete), and a CLOSE notification EVENT (expressed as es_event_type_notify_close) based on file management, and the like.
The file list to be encrypted is a list for file management by the macOS, and the file work process selects a specific operation after decryption by monitoring the file list to be encrypted.
In other embodiments, because macOS has more events, the number of file types that need transparent encryption processing is small, which is a limitation. For example, when creating Endpoint Security extensions, the monitor events registered with the macOS contain the managed file type and the managed process. For example, it is registered to monitor and take over the format files and related operational processes such as doc, docx, xls, xls, ppt, pptx, etc. When the Endpoint Security extender monitors any registered monitoring event (events such as create, open, rename, close, etc.) and determines that the controlled file process and the controlled file type match, the corresponding event process is taken over. And when the controlled file process and/or the controlled file type are/is not matched, indicating that the operation is not related to the registered file type, selecting not to take over the event process, and directly returning to the macOS to execute the working thread.
S2, determining a file designated by the event when the external creation notification event is monitored, adding the file to a file list to be encrypted, and marking the file modification state as modified.
When a user or system needs to create a file, a create notification event is triggered or generated externally, and when the create notification event is monitored by the Endpoint Security extender, an event-specified file, such as a specified/Users/test/Documents/create abc. A creation event denoted as creating a docx file named create abc under the Documents folder. The Endpoint Security extender will add it to the list of files to be encrypted at this point according to the file name.
The file list to be encrypted records a file name and a file modification state, wherein the file modification state is used for representing modification of file data content. The contents are shown in table 1 below.
TABLE 1 list of files to be encrypted
Where the file modification status is denoted as "modified", it indicates that the content of the marked target file has been modified or is about to be modified (e.g., text editing of a docx file). And the file modification status is indicated as "unmodified", indicating that the contents of the marked target file are unmodified.
It should be noted that, the creation notification event of S2 may or may not be monitored, and if the Endpoint Security extension program does not monitor it, the file name may be filled into the file list to be encrypted when the file is modified in the subsequent Close notification event, and plaintext encryption of the macOS may be implemented.
And S3, traversing the file list to be encrypted based on the target file designated by the event and the file encryption state when the external opening authentication event is monitored, adding the decrypted target file into the file list to be encrypted, and marking the file modification state as unmodified.
When the Endpoint Security extender monitors the open authentication event, it indicates that an open operation for the target file needs to be performed, and at this time, it needs to be determined first which target file specified by the open authentication event, that is, which file needs to be opened. The extension determines Endpoint Security that the managed file type matches the managed process, takes over the event process, and then traverses the list of files to be encrypted based on the specified target file. This process is to determine whether the operation on the target file requires transparent encryption to be performed. Since transparent encrypted file management is only for files that have been encrypted, i.e. decrypted when a file operation is required, if the file itself is not encrypted, decryption procedures are naturally not required, but rather opening or other operations are normally performed.
Fig. 3 is a flow chart of a process of opening an authentication event. If the file name is matched with the file list to be encrypted, the macOS is directly returned to execute the working thread, namely the task of opening the document is executed, and when the file name is matched with the file list to be encrypted, the file is indicated to be decrypted, and the file can be directly opened. FIG. 2 is a schematic diagram of responding to events and performing transparent encryption under a macOS.
And if the target file appointed by the opening authentication event is not matched in the file list to be encrypted, acquiring the encryption state of the target file.
When the target file is in an encryption state, the target file is added into a file list to be encrypted, the file modification state is marked as unmodified, and then the target file is returned to the macOS to execute the working thread. Specifically, the steps may include the following operation steps:
when the target file is in an encrypted state, copying the target file to obtain a backup target file associated with the target file;
b, decrypting the target file, adding the target file into a file list to be encrypted, and marking the file modification state as unmodified;
and C, returning the decrypted target file to the macOS to execute the working thread.
It should be noted that the data content of the target file before and after decryption and the backup is identical, the purpose of decryption is for the subsequent opening of the file, and the backup is for archiving at the time of subsequent editing save and rename. The newly added file modification state is marked as "unmodified" because the ordinary "open" operation does not mean that the content must be edited, so it is chosen here to be set to "unmodified state".
Such as opening a file with a file name of/Users/Desktop/test. The backed up file is/Users/Desktop/test. The decrypted file name is still/Users/Desktop/test. Also added to the list of files to be encrypted is/Users/Desktop/test. All that is saved in the subsequent modification is based on the decrypted test.
S4, when an external closing notification event is monitored, acquiring the target file designated by the current event and the actual modification state of the target file, traversing a file list to be encrypted when a file modification record is detected, updating the file modification state corresponding to the list, and returning to the macOS.
This step corresponds to an operation after open, and a close notification event generally means that operations such as reading and writing are no longer required. At this point Endpoint Security the extender obtains the target file specified by the current event and the actual modification state of the target file via the macOS. Because the file to be encrypted only marks the modification state of the file when the list is added, the file to be encrypted needs to be updated after related operations of transparent encryption. FIG. 4 is a flow chart of a process for closing a notification event, the steps specifically further comprising the steps of:
a, traversing a file list to be encrypted when the target file is confirmed to be modified; and ignoring when the file is not modified. The reason for the omission is that the file list to be encrypted does not need to be updated if the file is not modified, for example, the user only opens the document for browsing but does not edit the file, and the file list to be encrypted does not need to be updated. The operation of determining whether to modify is obtained from the es_message_t transmitted from the close notification event, and the member event.
And B, if the target file appointed by the closing notification event is not traversed in the file list to be encrypted, directly adding the target file to the file list to be encrypted, marking the file modification state as modified, and returning to the macOS to execute the working thread.
For a target file that is not traversed, indicating that it was not added to the list and marked at the time of the previous open operation, it is necessary at this time to add the target file to the list while marking the file modification status as modified.
And C, if the target file appointed by the closing notification event is traversed in the file list to be encrypted, indicating that the opening authentication event based on the target file is monitored previously, updating the corresponding file modification state from the unmodified state to the modified state, and returning to the macOS to execute the working thread.
The application also provides a scheme for updating the file list to be encrypted, namely, the file list to be encrypted only records the information of the target file in use, and the file name and the file modification state are automatically deleted after the use of the file is completed.
The close notification event does not mean ending the use of the file, the update of the list of files to be encrypted is determined by the worker thread, which oversees the list of files to be encrypted and cyclically scans the use status of each decrypted target file by an lsof instruction. Specifically, fig. 5 is a schematic flow chart of a working thread, which includes the following steps:
a, circularly scanning the use state of each decrypted target file through an lsof instruction, and acquiring a current decrypted target file modification record through a macOS when the decrypted target file is inquired to be used;
b, deleting the backup target file associated with the target file after the decryption is confirmed to be modified, and encrypting and storing the backup target file;
and B and C, judging that the file modification is a subsequent step of inheriting the process of opening the authentication event, wherein editing operation is carried out after the backup and decryption of the pre-encrypted file are added to the file list to be encrypted, when the use is finished, the editing content is required to be reserved and the encrypted state is required to be restored again, and the backup file is naturally deleted, so that the system safety is ensured.
C, when the decrypted target file is not modified, acquiring the associated target backup file, triggering a renaming mechanism, renaming the target backup file to be a new file for storage, and deleting the decrypted file;
step C corresponds to a brand new protection mechanism, because the original encrypted file is not modified after decryption (for example, only the content is checked or the content is not saved after editing), the original and the backup contents are deleted alternatively at this time, the application selects to directly keep the backup target file (backup file), and the decrypted file is deleted, so that re-encryption is not needed. For the preservation of the backup file, a renaming mechanism needs to be triggered, namely, the file name of the original encrypted file (target file) is used, for example, the file name of the (user)/Desktop/test. Docx. Bak is modified to be (user)/Desktop/test. Docx, and the image is understood as deleting the "bak" backup field.
In some embodiments, the backup file may be optionally deleted, and the decrypted file may be re-encrypted for storage, thus eliminating the need to trigger a renaming mechanism.
And D, deleting the file name of which the file operation is completed from the file list to be encrypted.
In some embodiments, because the software needs to save the file in practice by renaming it, the renaming notification event is also registered and monitored by the Endpoint Security extender, similar to that described above, and the Endpoint Security extender chooses to take over the event process based on the controlled process and controlled file type matching. After determining to take over the event process, the new file name is added to the file list to be encrypted, and the macOS is returned to execute the working thread, namely, file renaming and subsequent file operation are executed.
It should be noted that, if the target file before renaming operation and adding to the file list to be encrypted through creating a notification event and/or opening an authentication event, it is necessary to query from the list first, then rename the target file name directly, and update the file modification status to modified. The renaming notification event is an event monitored by the system layer Endpoint Security, and may be a renaming operation when a user modifies a file name or a system program performs a related operation, and the renaming mechanism triggered by the backup deleting stage is not a concept.
In summary, the proposal monitors the controlled process by constructing and Endpoint Security expanding programs in the macOS, and establishes the file list to be encrypted for recording the modification state of each file content, so that the macOS executes the file management operation of the working thread according to the file list to be encrypted, thereby selectively realizing transparent encryption on the files of the designated type and executing related operations. The method and the system do not need to use high-risk hook syscalls, system breakdown and data loss are avoided, and by adopting the scheme, file operation management can be performed by using transparent encryption under the macOS, and meanwhile, the system stability is not affected.
The application also provides a transparent encryption device under the macOS, which is used for the transparent encryption method under the macOS in the aspects, and comprises the following steps:
a first creation module for creating a file list to be encrypted for managing files and a terminal security Endpoint Security extension program under the macOS, and registering related monitoring events with the macOS; monitoring events includes creating notification events, opening authentication events, and closing notification events;
the first processing module is used for traversing the file list to be encrypted based on the target file designated by the event and the file encryption state when the external opening authentication event is monitored, adding the decrypted target file into the file list to be encrypted, and marking the file modification state as unmodified; the file list to be encrypted records a file name and a file modification state, and is used for managing files by the macOS, wherein the file modification state is used for representing modification of file data content;
the second processing module is used for acquiring the target file designated by the current event and the actual modification state of the target file when the external closing notification event is monitored, traversing the file list to be encrypted when the file modification record is detected, updating the file modification state corresponding to the list and returning to the macOS; the updated file modification state is modified, which indicates that modification of the file content is completed.
Optionally, the method further comprises a third processing module, configured to determine an event-specified file when the external creation notification event is monitored, add the event-specified file to the file list to be encrypted, and mark a file modification state as modified;
optionally, a fourth processing module may be further included, configured to match a controlled file type and a controlled file process when the rename notification event is monitored; and taking over the event process when the controlled file type is matched with the controlled file process, adding the event process to the file list to be encrypted, marking the file modification state as modified, and returning to the macOS to execute the working thread.
The present application also provides a computer device, including a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or an instruction set, where the at least one instruction, the at least one program, the code set, or the instruction set is loaded and executed by the processor to implement the transparent encryption method under macOS described in any one of the above aspects.
The present application also provides a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by a processor to implement the transparent encryption method under macOS as described in any one of the above aspects.
The foregoing describes preferred embodiments of the present application; it is to be understood that the application is not limited to the specific embodiments described above, wherein devices and structures not described in detail are to be understood as being implemented in a manner common in the art; any person skilled in the art will make many possible variations and modifications, or adaptations to equivalent embodiments without departing from the technical solution of the present application, which do not affect the essential content of the present application; therefore, any simple modification, equivalent variation and modification of the above embodiments according to the technical substance of the present application still fall within the scope of the technical solution of the present application.

Claims (10)

1. A transparent encryption method under macOS, comprising:
creating a file list to be encrypted and a terminal security Endpoint Security extension program for managing files under the macOS, and registering related monitoring events with the macOS; the monitoring event comprises an opening authentication event and a closing notification event;
when the external opening authentication event is monitored, traversing the file list to be encrypted based on a target file designated by the event and a file encryption state, adding the decrypted target file into the file list to be encrypted, and marking the file modification state as unmodified; the file list to be encrypted records a file name and a file modification state, and is used for managing files by the macOS, wherein the file modification state is used for representing modification of file data content;
when the external closing notification event is monitored, acquiring a target file designated by the current event and the actual modification state of the target file, traversing the file list to be encrypted when the file modification record is detected, updating the file modification state corresponding to the list, and returning to the macOS; the updated file modification state is modified, which indicates that modification of the file content is completed.
2. The transparent encryption under macOS method according to claim 1, wherein the monitoring event registered with macOS contains a controlled file type and a controlled process;
when the Endpoint Security extension program monitors any registered monitoring event and determines that the controlled file process is matched with the controlled file type, the corresponding event process is taken over; when the controlled file process and/or the controlled file type are not matched, the event process is not taken over, and the macOS is directly returned to execute the working thread.
3. The transparent encryption method under macOS according to claim 2, wherein the list of files to be encrypted is traversed when the open authentication event is monitored and the event process is taken over; when the target file appointed by the opening authentication event is matched, then returning to the macOS to execute the working thread;
when the target file appointed by the opening authentication event is not matched, acquiring the encryption state of the target file;
when the target file is in an encryption state, the target file is added into the file list to be encrypted, the file modification state is marked as unmodified, and then the target file is returned to the macOS to execute the working thread.
4. The transparent encryption method under macOS according to claim 3, wherein adding the target file to the file list to be encrypted when it is in an encrypted state, and marking the file modification state as unmodified, comprises:
when the target file is in an encrypted state, copying the target file to obtain a backup target file associated with the target file;
decrypting the target file and adding the target file into the file list to be encrypted, and marking the file modification state as unmodified;
returning the decrypted target file to the macOS to execute the working thread; wherein, the data content of the backup target file before and after decryption is identical.
5. The transparent encryption under macOS method according to claim 2, wherein monitoring events further comprises creating notification events and renaming notification events; matching a controlled file type and a controlled file process when the renaming notification event is monitored; taking over the event process when the controlled file type is matched with the controlled file process, adding the controlled file type to the file list to be encrypted, marking the file modification state as modified, and returning to the macOS to execute the working thread;
and determining an event-designated file when the external creation notification event is monitored, adding the event-designated file to the file list to be encrypted, and marking the file modification state as modified.
6. The transparent encryption method under macOS according to claim 2, wherein when the shutdown notification event is monitored and the event process is taken over, obtaining, by macOS, a target file specified by the current event and a modification record of the target file; traversing the file list to be encrypted when the target file is determined to be modified;
if the target file appointed by the closing notification event is not traversed in the file list to be encrypted, directly adding the target file to be encrypted into the file list to be encrypted, marking the file modification state as modified, and returning to the macOS to execute a working thread;
and if the target file appointed by the closing notification event is traversed in the file list to be encrypted, indicating that the opening authentication event based on the target file is monitored previously, updating the corresponding file modification state from an unmodified state to a modified state, and returning to the macOS to execute the working thread.
7. The transparent encryption method under macOS according to claim 4, wherein a worker thread manages the list of files to be encrypted and circularly scans the usage status of each decrypted target file by an lsof instruction;
when the decrypted target file is used, acquiring a current decrypted target file modification record through the macOS; deleting the backup target file associated with the target file after the decryption is determined to be modified, and encrypting and storing the backup target file again;
when the decrypted target file is not modified, acquiring the associated target backup file, triggering a renaming mechanism, renaming the target backup file to be a new file for storage, and deleting the decrypted file;
and deleting the file name of which the file operation is completed from the file list to be encrypted.
8. A transparent encryption device under macOS, comprising:
a first creation module for creating a file list to be encrypted for managing files and a terminal security Endpoint Security extension program under the macOS, and registering related monitoring events with the macOS; monitoring events includes creating notification events, opening authentication events, and closing notification events;
the first processing module is used for traversing the file list to be encrypted based on the target file designated by the event and the file encryption state when the external opening authentication event is monitored, adding the decrypted target file into the file list to be encrypted, and marking the file modification state as unmodified; the file list to be encrypted records a file name and a file modification state, and is used for managing files by the macOS, wherein the file modification state is used for representing modification of file data content;
the second processing module is used for acquiring the target file designated by the current event and the actual modification state of the target file when the external closing notification event is monitored, traversing the file list to be encrypted when the file modification record is detected, updating the file modification state corresponding to the list and returning to the macOS; the updated file modification state is modified, which indicates that modification of the file content is completed.
9. A computer device comprising a processor and a memory, wherein the memory stores at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by the processor to implement the transparent encryption method under macOS of any one of claims 1 to 7.
10. A computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes, or a set of instructions, the at least one instruction, the at least one program, the set of codes, or the set of instructions being loaded and executed by a processor to implement the transparent encryption method under macOS of any one of claims 1 to 7.
CN202310759967.7A 2023-06-26 2023-06-26 Transparent encryption method, device, equipment and storage medium under macOS Pending CN117077127A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310759967.7A CN117077127A (en) 2023-06-26 2023-06-26 Transparent encryption method, device, equipment and storage medium under macOS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310759967.7A CN117077127A (en) 2023-06-26 2023-06-26 Transparent encryption method, device, equipment and storage medium under macOS

Publications (1)

Publication Number Publication Date
CN117077127A true CN117077127A (en) 2023-11-17

Family

ID=88701153

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310759967.7A Pending CN117077127A (en) 2023-06-26 2023-06-26 Transparent encryption method, device, equipment and storage medium under macOS

Country Status (1)

Country Link
CN (1) CN117077127A (en)

Similar Documents

Publication Publication Date Title
US10554635B2 (en) Protecting documents using policies and encryption
US10860727B2 (en) Mass encryption management
CN103109297B (en) Data delivery device, data distribution systems, client terminal device, data distributing method and data receive method
US8392706B2 (en) Method and system for searching for, and collecting, electronically-stored information
US9195849B2 (en) Cloud application installed in client terminal connected to cloud server
US8051490B2 (en) Computer system for judging whether to permit use of data based on location of terminal
US20100299759A1 (en) Digital information security system, kernal driver apparatus and digital information security method
US7849100B2 (en) Method and computer-readable medium for generating usage rights for an item based upon access rights
US20060117178A1 (en) Information leakage prevention method and apparatus and program for the same
EP3103048B1 (en) Content item encryption on mobile devices
JPWO2009004732A1 (en) Encryption and decryption processing method for shared encryption file
WO2007091652A1 (en) Tally information management method and management device
CN115758420A (en) File access control method, device, equipment and medium
JP4707748B2 (en) External storage device, method for processing data stored in external storage device, program, and information processing apparatus
JP3976738B2 (en) Confidential document management apparatus, confidential document management method, and confidential document management program
JP4471129B2 (en) Document management system, document management method, document management server, work terminal, and program
US10726104B2 (en) Secure document management
JP2008299521A (en) File protection system, file protection method and computer program
WO2011021340A1 (en) Virtual thin client making device, virtual thin client making system, virtual thin client making program, and virtual thin client making method
CN117077127A (en) Transparent encryption method, device, equipment and storage medium under macOS
JP2002175210A (en) Method of transferring and copying, and enciphering and deciphering data
JP2011040044A (en) Device, system, program and method for integrating virtual thin client
JP6885095B2 (en) Decoding classification method, decoding classification device and decoding classification program
JP4468755B2 (en) Log management apparatus, log management method, and log management program
JP2006339732A (en) Electronic information encryption system, electronic information encryption method thereof, storage medium thereof, and program thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination