KR102460693B1 - System for controlling transmission and reception of file of application and method thereof - Google Patents

Abstract

In accordance with one embodiment of the present disclosure, a server includes a communication circuit, a processor operatively connected to the communication circuit, and a memory operatively connected to the processor, and storing a database. The memory can store instructions which, when executed by the processor, cause the server to: receive a file input/output (IO) information check request from an access control application of a node, wherein the file IO information check request includes file identification information of a file IO target file; check whether file IO table information about the target file exists in the database by using the file identification information; when the file IO table information exists, perform a file inspection on the target file based on the file IO table information; and transmit a response indicating a result of the file inspection, to the access control application of the node. Therefore, the present invention is capable of enabling file reception and transmission control on each application and each network.

Description

SYSTEM FOR CONTROLLING TRANSMISSION AND RECEPTION OF FILE OF APPLICATION AND METHOD THEREOF

Embodiments disclosed in this document relate to a system for controlling file transmission and reception of an application and a method therefor.

Multiple devices may communicate data over a network. For example, the terminal may transmit or receive data with the server through the Internet. The network may include a public network such as the Internet as well as a private network such as an intranet.

The terminal communicates with the server using IP (Internet Protocol)-based TCP (Transmission Control Protocol) or UDP (User Datagram Protocol), and controls the connection between the source IP and destination IP authorized in TCP or UDP technology. Firewall technology may be used. In the case of IP communication, since there is a problem that IP can be forged or altered, a VPN (Virtual Private Network) technology and tunneling technology for encrypting data packets between a terminal and a server are used to solve this problem.

When using VPN based on tunneling technology technology that is created at the terminal level or in units of IPs assigned to the terminal, there is a vulnerability that allows unallowed or unsafe applications to access the unpermitted destination network through always-connected tunneling after initial authentication. Therefore, security incidents due to infiltration of various types of malware and ransomware are increasing. In order to solve this problem, application connectivity control technology that allows only permitted applications to access the permitted network is applied to identify the application, which is the fundamental communication subject, and to block the access of unauthorized applications in advance.

For example, it may not be possible to control the behavior of the application receiving or transmitting files over the network while the allowed application is able to access the allowed network. DLP (Data Loss Prevention) exists as a technology to solve this problem, and DLP prevents unauthorized media (eg, USB, or removable storage device) from being connected or sharing a specific folder on the network. Alternatively, when a specific application selects a file to transfer, the file is prevented from being selected by blocking the file from being selected. Data leakage can be prevented by removing the handle of file I/O when the user does not have file I/O permission.

Such DLP technology may not be able to prevent unauthorized media from being connected in an area where physical security cannot be controlled and there is a limit to applying a security policy in a telecommuting environment using a personally owned terminal. Furthermore, the DLP technology for tracking a specific action may not be able to prevent, for example, an action of directly loading and transmitting a file without a file selection window by a malicious code other than the user when the specific action is not performed. In addition, since the DLP technology, which tracks the file input/output of a specific application, tracks the input/output of a file for a specific application and blocks it in batches, it may be difficult to allow file transfer in the network to which the application is connected. In the case of DLP, which provides a method to release file input/output restrictions by identifying the access address window of the Internet browser, there is a limit to controlling the reception and transmission of files because the network access information cannot be traced in the case of applications without the access address window. there may be

In addition, since physical network separation technology cannot be used in a cloud environment, a terminal may have unrestricted access to files received from or transmitted to the cloud. For example, a file containing a potential risk may be introduced from the Internet, or a file including important information received from the cloud may be leaked through the Internet.

Various embodiments disclosed in this document are intended to provide a system for solving the above-described problems in a network environment and a method therefor.

A server according to an embodiment disclosed in this document includes a communication circuit, a processor operatively connected to the communication circuit, and a memory operatively connected to the processor and storing a database, wherein the memory includes the processor When executed by the server, receives a file IO (input output) information check request from the access control application of the node, the file IO information check request includes the file identification information of the file IO target file, the file identification information to check whether file IO table information for the target file exists in the database using , to transmit a response indicating the result of the file check to the access control application of the node.

A node according to an embodiment disclosed herein comprises a communication circuit, a processor operatively coupled to the communication circuitry, and a memory operatively coupled to the processor to store a connection control application and a target application, The memory, when executed by the processor, causes the node, via the connection control application, to identify a file input output (IO) information check event by the target application, and, via the connection control application, to the target application and Based on the authorized file IO information of the related data flow, check whether the file IO information check is necessary, and based on the confirmation that the file IO information check is necessary, through the access control application, the file IO information to the external server request inspection, the file IO information inspection request includes the target file of the file IO information inspection, and based on the file IO information inspection result received from the external server, through the access control application, Commands for controlling file IO for the target file may be stored.

The method of operating a server according to an embodiment disclosed in this document includes the operation of receiving a file IO information inspection request from a node access control application, the file IO information inspection request includes file identification information of a file IO target file, Checking whether or not file IO table information for the target file exists in the database of the server using the file identification information. If the file IO table information exists, the target file based on the file IO table information performing a file check on the , and transmitting a response indicating a result of the file check to the access control application of the node.

An operation method of a node according to an embodiment disclosed in this document, through the access control application of the node, the operation of identifying a file input output (IO) information check event by the target application of the node, the access control application Through, based on the authorized file IO information of the data flow related to the target application, the operation of determining whether the file IO information check is necessary, based on the confirmation that the file IO information check is necessary, through the access control application , requesting an external server to check the file IO information, the file IO information check request includes a target file of the file IO information check, and based on the file IO information check result received from the external server, the access It may include an operation of controlling the file IO for the target file of the target application through the control application.

According to the embodiments disclosed in this document, it is checked whether to allow the file input/output of the identified target, and file input/output is allowed only for the allowed connection target, thereby enabling file reception and transmission control for each application and network do.

According to the embodiments disclosed in this document, when receiving or transmitting a file, the file is scanned to determine whether the file is a file with potential risks (eg, malicious code) and important information (eg, personal information or company sensitive information) By blocking file reception and transmission depending on whether or not is included, it is possible to prevent downloading and uploading of dangerous files.

In addition, various effects directly or indirectly identified through this document may be provided.

1 illustrates an architecture within a network environment in accordance with various embodiments.
2 is a functional block diagram illustrating a database stored in a controller according to various embodiments of the present disclosure;
3 illustrates control flow information, data flow information, and file IO table information among information included in a database according to various embodiments of the present disclosure.
4 is a functional block diagram of a node in accordance with various embodiments.
5 illustrates an operation of controlling transmission of a data packet according to various embodiments.
6 illustrates a signal flow diagram for controller connection according to various embodiments.
7 illustrates a signal flow diagram for user authentication according to various embodiments.
8 illustrates a user interface screen for accessing a controller according to various embodiments of the present disclosure;
9 illustrates a signal flow diagram for a network connection according to various embodiments.
10 is a flowchart illustrating an operation of a node for monitoring file input/output access according to various embodiments of the present disclosure.
11 is a flowchart illustrating an operation of a node for checking a file input/output table according to various embodiments of the present disclosure;
12 illustrates a signal flow diagram for checking file write information according to various embodiments of the present disclosure;
13 illustrates a signal flow diagram for checking file read information according to various embodiments of the present disclosure;
14 illustrates a user interface screen indicating file upload and download failures according to various embodiments of the present disclosure;
15 is a flowchart illustrating an operation of a node for transmitting a data packet according to various embodiments.
16 illustrates a signal flow diagram for control flow update according to various embodiments.
17 illustrates a signal flow diagram for control flow cancellation in accordance with various embodiments.
18 illustrates a signal flow diagram for data flow cancellation in accordance with various embodiments.

Hereinafter, various embodiments of the present invention will be described with reference to the accompanying drawings. However, this is not intended to limit the present invention to specific embodiments, and it should be understood that various modifications, equivalents, and/or alternatives of the embodiments of the present invention are included.

In this document, the singular form of a noun corresponding to an item may include one or more items, unless the context clearly dictates otherwise. As used herein, "A or B", "at least one of A and B", "at least one of A or B", "A, B or C", "at least one of A, B and C" and "A; Each of the phrases "at least one of B, or C" may include any one of, or all possible combinations of, items listed together in the corresponding one of the phrases. Terms such as "first", "second", or "first" or "second" may simply be used to distinguish an element from other elements in question, and may refer elements to other aspects (e.g., importance or order) is not limited. It is said that one (eg, first) component is “coupled” or “connected” to another (eg, second) component, with or without the terms “functionally” or “communicatively”. When referenced, it means that one component can be connected to the other component directly (eg by wire), wirelessly, or through a third component.

Each component (eg, a module or a program) of components described in this document may include a singular or a plurality of entities. According to various embodiments, one or more components or operations among the corresponding components may be omitted, or one or more other components or operations may be added. Alternatively or additionally, a plurality of components (eg, a module or a program) may be integrated into one component. In this case, the integrated component may perform one or more functions of each component of the plurality of components identically or similarly to those performed by the corresponding component among the plurality of components prior to the integration. . According to various embodiments, operations performed by a module, program, or other component are executed sequentially, in parallel, repeatedly, or heuristically, or one or more of the operations are executed in a different order, or omitted. , or one or more other operations may be added.

As used herein, the term “module” may include a unit implemented in hardware, software, or firmware, and may be used interchangeably with terms such as, for example, logic, logic block, component, or circuit. A module may be an integrally formed part or a minimum unit or a part of the part that performs one or more functions. For example, according to an embodiment, the module may be implemented in the form of an application-specific integrated circuit (ASIC).

Various embodiments of the present document may be implemented as software (eg, a program or an application) including one or more instructions stored in a storage medium (eg, memory) readable by a machine. For example, the processor of the device may call at least one of the one or more instructions stored from the storage medium and execute it. This makes it possible for the device to be operated to perform at least one function according to the called at least one command. The one or more instructions may include code generated by a compiler or code executable by an interpreter. The device-readable storage medium may be provided in the form of a non-transitory storage medium. Here, 'non-transitory' only means that the storage medium is a tangible device and does not contain a signal (eg, electromagnetic wave), and this term is used in cases where data is semi-permanently stored in the storage medium and It does not distinguish between temporary storage cases.

Methods according to various embodiments disclosed in this document may be included and provided in a computer program product. Computer program products may be traded between sellers and buyers as commodities. The computer program product is distributed in the form of a machine-readable storage medium (eg compact disc read only memory (CD-ROM)), or via an application store or between two user devices (eg smartphones). It can be distributed directly or online (eg, downloaded or uploaded). In the case of online distribution, at least a part of the computer program product may be temporarily stored or temporarily created in a machine-readable storage medium such as a memory of a server of a manufacturer, a server of an application store, or a relay server.

1 illustrates an architecture in a network environment according to various embodiments.

The node 201 shown in FIG. 1 may be various types of devices capable of performing data communication. For example, the node 201 may be a portable device such as a smartphone or tablet, a computer device such as a desktop or laptop, a multimedia device, a medical device, a camera, a wearable device, a virtual reality (VR) device, or a home appliance, and is not limited to the above-described devices. For example, node 201 may include a server or gateway capable of sending data packets through an application. The node 201 may also be referred to as an 'electronic device' or a 'terminal'.

The node 201 may store a plurality of target applications 211-1, 211-2, and 211-3 and an access control application 212 .

Each of the target applications 211-1, 211-2, and 211-3 is controlled by the access control application 212 to the service servers 205-1 and 205-2 through the gateways 203-1 and 203-2. It can transmit data packets and vice versa.

Some of the target applications (211-1, 211-2, 211-3) are allowed and/or secured applications, such as web browsers or business applications, while others are disallowed programs (e.g. malware, ransomware). , other unauthorized applications) or unsecured malicious programs (applications infected with malware, forged or tampered with). According to embodiments, the access control application 212 identifies a program (or a target application, a process of the target application) requesting transmission of a data packet, and transmits a data packet of an unauthorized program to the outside of the node 201 . can be prevented from becoming In addition, according to embodiments, the access control application 212 is an unauthorized program through the secure sessions 220-1 and 220-2 between the access control application 212 and the gateways 203-1 and 203-2. It is possible to block access to the service servers 205-1 and 205-2 and isolate the corresponding program.

For example, before the target applications 211-1, 211-2, and 211-3 according to the embodiments communicate with the service servers 205-1 and 205-2, the access control application 212 is the controller 202 ), and if the connection is possible, authentication can be performed with the gateways 203-1 and 203-2 through the data packet authenticated by the controller 202. When authentication is completed, the access control application 212 may create the gateways 203 - 1 and 203 - 2 and secure sessions 220 - 1 and 220 - 2 .

According to various embodiments, the node 201 includes an access control application 212 and a network driver (not shown) for managing network connections of target applications 211-1, 211-2, and 211-3 stored in the node 201. city) may be included. For example, when a connection event to the service servers 205-1 and 205-2 of the target applications 211-1, 211-2, and 211-3 stored in the node 201 occurs, the access control application 212 ) may determine whether the target applications 211-1, 211-2, and 211-3 are accessible. If the target applications 211-1, 211-2, and 211-3 are accessible, the access control application 212 is connected to the gateways 203-1 and 203-2 through the secure sessions 220-1 and 220-2. data packets can be transmitted. The access control application 212 may control transmission of a data packet through a network driver and a kernel including an operating system in the node 201 .

In addition, the access control application 212 may monitor and control the file system input output (IO) in the kernel. File system IO refers to input and/or output generated in the file system of the kernel by any application (or any process). The file system IO includes an operation of writing specific information to the file system, reading specific information of the file system, or updating the file system. For file system IO, any application (or any process) must obtain a handle (eg a file handle) to use the file system.

The access control application 212 includes a file system driver (not shown) or a file system IO control module (not shown) capable of monitoring file system IO through hooking for a file system IO event in order to monitor the file system IO. may include File system IO can also be referred to as file IO.

The file IO control module may monitor the file IO and identify which application among the target applications 211-1, 211-2, and 211-3 accesses the file system (or accesses the file IO).

The file IO control module may check whether the file IO access of the corresponding application is possible in connection with the network to which the corresponding application is connected through identification information and process identifier (PID) of the application related to the data flow. The file IO control module allows the node 201 to control file transmission and file reception in detail by processing so that the application can no longer access the file IO when the file IO access of the application is impossible. The file IO control module can remove the file IO handle so that the application can no longer access the file IO if the application cannot access the file IO. The removal of a file IO handle may also be referred to as a file IO removal.

The controller 202 may be, for example, a server (or a cloud server). The controller 202 manages data transmission between the node 201, the gateways 203-1 and 203-2, and the service servers 205-1 and 205-2, thereby ensuring reliable data transmission within the network environment. can For example, the controller 202 may allow network access of the authorized node 201 (or the access control application 212 ) through policy information or blacklist information.

In addition, the controller 202 mediates the creation of secure sessions 220-1 and 220-2 between the access control application 212 and the gateways 203-1 and 203-2, or the node 201 or the gateway 203 The security sessions 220-1 and 220-2 may be removed according to the security event collected from -1 and 203-2). The access control application 212 can communicate with the service servers 205-1 and 205-2 only through the secure sessions 220-1 and 220-2 authorized by the controller 202, and the authorized secure session ( If 220 - 1 and 220 - 2 do not exist, network access of the node 201 and the access control application 212 may be blocked. In an embodiment, the target applications 211-1, 211-2, and 211-3 only access the service servers 205-1 and 205 through the secure sessions 220-1 and 220-2 authorized by the controller 202. -2), and if an authorized secure session 220-1, 220-2 does not exist, the network connection of the target application 211-1, 211-2, 211-3 is the access control application 212 ), the controller 202 or the gateway 203 . According to an embodiment, the controller 202 is a connection control application ( 212) and control data packets can be transmitted and received. A flow (eg, 230 ) through which a control data packet is transmitted may be referred to as a 'control flow'.

The gateways 203 - 1 and 203 - 2 may be located at the boundary of the network to which the node 201 belongs or the boundary of the network to which the service servers 205 - 1 and 205 - 2 belong. According to an embodiment, the gateways 203 - 1 and 203 - 2 may be connected to the controller 202 based on a cloud. The gateways 203 - 1 and 203 - 2 may forward only the authorized data packets among the data packets received from the access control application 212 to the service servers 205 - 1 and 205 - 2 . A flow (eg, 240-1, 240-2) through which data packets are transmitted between the access control application 212 and the gateways 203-1 and 203-2 may be referred to as a 'data flow'. .

A data flow can be created not only on a node or IP basis, but also on a more granular basis (eg, an application unit). Gateways 203-1 and 203-2 are the access control applications 212 and the gateways 203-1 and 203-2 before the creation of secure sessions 220-1 and 220-2 of the access control application 212. By performing authentication and forwarding only the data packets transmitted through the secure sessions 220-1 and 220-2 among the data packets transmitted from the access control application 212 to the service servers 205-1 and 205-2, You can block network access in advance.

2 is a functional block diagram illustrating a database stored in the controller 202 according to various embodiments, and FIG. 3 is control flow information 340, data flow information 350, and file IO table information ( 360) is shown.

Referring to FIG. 2 , the controller 202 may store databases 311 to 317 for controlling network access and data transmission in the memory 330 . 2 shows only the memory 330 , the controller 202 is an external electronic device (eg, the node 201 in FIG. 1 , the gateways 203 - 1 and 203 - 2 ) or the service servers 205 - 1 and 205 - 2)) and a communication circuit for performing communication (eg, the communication circuit 430 of FIG. 4 ) and a processor (eg, the processor 410 of FIG. 4 ) for controlling the overall operation of the controller 202 ) can do. Since the administrator can access the controller 202 and set a connection-oriented policy for controlling the connection between the access control application 212 and the service servers 205-1 and 205-2, managing sessions at the service end You can control network access more precisely and safely.

The access policy database 311 may include information on networks and/or services to which the identified network, node, or application can connect. For example, when the access control application 212 requests a network access, the controller 202 identifies a network (eg, a network to which the node 201 belongs) based on the policy of the access policy database 311 , a node, and a user. (eg, users of node 201), and/or applications (eg, target applications 211-1, 211-2, 211-3) included in node 201) are service servers 205-1, 205 It is possible to determine whether access to -2) is possible. In an embodiment, the controller 202 whitelists the target applications 211-1, 211-2, and 211-3 that can be accessed by a specific service (eg, IP and port) based on the access policy database 311 . can create

The file IO policy database 312 is associated with the access policy, and may include information for establishing the file IO policy for the target applications 211-1, 211-2, and 211-3. For example, the file IO policy database 312 may include information on whether to allow or not allow the file reception and transmission of the target applications 211-1, 211-2, and 211-3. The file IO policy database 312 includes information on whether to perform a file check on the terminal and/or server when downloading (or receiving) and uploading (or transmitting) a file, and a vaccine or malicious code to be applied when checking the file. and information for detecting a file that cannot be downloaded or uploaded including personal information detection pattern information.

The blacklist policy database 313 is a target ( Example: A blacklist registration policy for blocking access to at least one of a node identifier (identifier), IP address, media access control (MAC) address, or user ID) may be indicated.

The blacklist database 314 may include a list of objects blocked by the blacklist policy database 313 . For example, the controller 202 may isolate the node 201 by rejecting the network connection request when the identification information of the node 201 requesting the network connection is included in the blacklist database 314 .

The control flow table 315 is an example of a session table for managing the flow (ie, control flow) of control data packets generated between the access control application 212 and the controller 202 .

For example, referring to FIG. 3 , when the access control application 212 successfully accesses the controller 202 , the control flow information 340 and the control flow ID 342 (also referred to as 'control flow identification information') may be generated by the controller 202 . The control flow information 340 may include identification information 344 indicating at least one of an IP, a node, an application, or a target additionally identified through association with a service server, which is identified during controller access and authentication. For example, when a network access request of the access control application 212 is received, the controller 202 sets the control flow ID and identification information included in the access request to the control flow ID 342 included in the control flow information 340 and By mapping with the identification information 344 , it is possible to determine whether the access control application 212 can connect to the service servers 205 - 1 and 205 - 2 and create secure sessions 220 - 1 and 220 - 2 with the gateway 203 . It can be determined whether data flow can be created for The state information 346 may indicate various states such as creation, authentication, update, termination, and the like of a control flow.

According to an embodiment, since the control flow has an expiration time, the node 201 needs to update the expiration time of the control flow based on the time information 348, and if the expiration time is not updated for a certain period of time, the control flow ( Alternatively, the control flow information 340 may be removed. In addition, it is determined that immediate access blocking is required according to the security event collected from the node 201, the access control application 212, another security application (not shown), or the gateway 203-1, 203-2, When a connection termination request is received from them, the controller 202 may remove the control flow. When the control flow is removed, the associated data flow is also removed, and the gateways 203-1 and 203-2 are connected to the access control application 212 or the service server 205 of the target applications 211-1, 211-2, 211-3. -1, 205-2) can be blocked.

The data flow table 316 shows a flow (eg, a data flow) through which detailed data packets are transmitted between the node 201 and the gateways 203-1 and 203-2, and the service servers 205-1 and 205-2. ) is a table for managing Data flows can be created in TCP sessions, applications, or more granular units. The data flow table 316 may include an application ID, a destination IP address, and/or a service port for identifying whether a data packet transmitted from a source is an authorized data packet.

Referring to FIG. 3 , the data flow information 350 may include a data flow ID 351 and a control flow ID 352 when the data flow is dependent on the control flow. In addition, the data flow information 350 includes authorized target information 353 for determining forwarding of the data packet based on the source IP and destination IP and port of the data packet, and a state indicating whether the data flow is in a usable and valid state. information 356 , and/or time information 357 indicating authentication expiration time information of the data flow. In addition, the data flow information 350 may further include authorized file IO information 354 . The authorized file IO information 354 may include information on whether to allow an application's file IO access (eg, access such as read or write). For example, the authorized file IO information 354 may include writable path information and whether or not a file is writable during file IO for receiving a file of an application. For example, the authorized file IO information 354 may include readable path information and whether a file IO for file transfer of an application is readable. Also, for example, the authorized file IO information 354 includes information on whether or not to allow file IO of an application applying a data flow (eg, file IO processing exception, etc.). Also, for example, the authorized file IO information 354 determines whether the file write information check in the controller 202 is required when the file is written by the application, and whether the file read information check in the controller 202 is required when the file is read by the application. may include information about Also, the data flow information 350 may further include file check information 355 . For example, the file inspection information 355 determines whether a file inspection is performed by a terminal (eg, node 201) or a file inspection is performed by a server (eg, controller 202) when downloading and uploading a file may include information about Also, for example, the file inspection information 355 may include information for detecting a file that cannot be downloaded or uploaded, including vaccine or malicious code to be applied during file inspection, and personal information detection pattern information.

The file IO table 317 is a database for recording and managing file IOs generated in the node 201 , and may include file IO table information 360 .

Referring to FIG. 3 , the file IO table information 360 includes the PID 361 of the process in which the file system IO is generated and application identification information 362 for identifying the application (eg, application name and execution path, unique information, etc.) ) may be included. The file IO table information 360 may include a data flow ID 363 for association with network access control information when a file system IO is generated in a state in which a data flow is identified. The file IO table information 360 includes the file IO information 364 on which form (eg, read and/or write) the file system IO occurred, the path where the file system IO occurred, the file name, and/or the file management File information (365), including unique information (e.g. hash and signature, header information, etc.) for Status information 366 including information on whether or not a file write request (or may be referred to as 'file write information check request') is required and/or whether or not it is required. It may include file IO time information 367 indicating the time when the file IO occurred.

4 is a functional block diagram of a node 201 according to various embodiments. At least some of the configurations illustrated in FIG. 4 may be applied to the controller 202 , the gateways 203 - 1 and 203 - 2 , or the service servers 205 - 1 and 205 - 2 .

Referring to FIG. 4 , the node 201 may include a processor 410 , a memory 420 , and a communication circuit 430 . According to an embodiment, the node 201 may further include a display 440 to provide a user interface.

The processor 410 may control the overall operation of the node. In various embodiments, the processor 410 may include one processor core or a plurality of processor cores. For example, the processor 410 may include a multi-core such as a dual-core, a quad-core, or a hexa-core. According to embodiments, the processor 410 may further include a cache memory located inside or outside. According to embodiments, the processor 410 may be configured with one or more processors. For example, the processor 410 may include at least one of an application processor, a communication processor, and a graphical processing unit (GPU).

All or part of processor 410 may be electrically or operatively (eg, memory 420 , communication circuitry 430 , or display 440 ) with other components within node 201 (eg, memory 420 , communication circuitry 430 , or display 440 ). operatively) coupled with or connected to. The processor 410 may receive commands from other components, interpret the received commands, and perform calculations or process data according to the interpreted commands. The processor 410 may interpret and process a message, data, command, or signal received from the memory 420 , the communication circuit 430 , or the display 440 . The processor 410 may generate a new message, data, instruction, or signal based on the received message, data, instruction, or signal. The processor 410 may provide the processed or generated messages, data, instructions, or signals to the memory 420 , the communication circuitry 430 , or the display 440 .

The processor 410 may process data or signals generated or generated in a program. For example, the processor 410 may request instructions, data, or signals from the memory 420 to execute or control a program. The processor 410 may write (or store) or update instructions, data, or signals to the memory 420 to execute or control a program.

The memory 420 may store a command for controlling a node, a control command code, control data, or user data. For example, the memory 420 may include at least one of an application program, an operating system (OS), middleware, or a device driver. The memory 420 may include one or more of volatile memory and non-volatile memory. Volatile memory includes dynamic random access memory (DRAM), static RAM (SRAM), synchronous DRAM (SDRAM), phase-change RAM (PRAM), magnetic RAM (MRAM), resistive RAM (RRAM), and ferroelectric RAM (FeRAM). may include The nonvolatile memory may include a read only memory (ROM), a programmable ROM (PROM), an electrically programmable ROM (EPROM), an electrically erasable programmable ROM (EEPROM), a flash memory, and the like. The memory 420 includes a nonvolatile medium such as a hard disk drive (HDD), a solid state disk (SSD), an embedded multi media card (eMMC), and a universal flash storage (UFS). may include more.

According to an embodiment, the memory 420 may store the target applications 211-1, 211-2, and 211-3 and the access control application 212 of FIG. 1 . The access control application 212 may perform network connection and secure sessions 220-1 and 220-2 creation with the gateways 203-1 and 203-2, and control flow creation and update functions with the controller 202. have. To this end, the access control application 212 may include one or more security modules. In an embodiment, the memory 420 may store the control flow information 340 of FIG. 3 , the data flow information 350 , and the file IO table information 360 .

In one embodiment, the target application 211-1, 211-2, 211-3 is one or more security modules to create a secure session (220-1, 220-2) with the gateway (203-1, 203-2) may include

The communication circuit 430 establishes a wired or wireless communication connection between the node 201 and an external electronic device (eg, the controller 202 or the gateways 203-1 and 203-2), and performs communication through the established connection. can support According to an embodiment, the communication circuit 430 is a wireless communication circuit (eg, a cellular communication circuit, a short-range wireless communication circuit, or a global navigation satellite system (GNSS) communication circuit) or a wired communication circuit (eg, a local area network (LAN) ) communication circuit, or power line communication circuit), and using the corresponding communication circuit among them, a short-distance communication network such as Bluetooth, WiFi direct or IrDA (infrared data association) or a cellular network, Internet, or long-distance communication such as a computer network It can communicate with an external electronic device through a network. The above-described various types of communication circuits 430 may be implemented as a single chip or as separate chips.

The display 440 may output content, data, or a signal. In various embodiments, the display 440 may display image data processed by the processor 410 . According to embodiments, the display 440 may be configured with an integrated touch screen by being combined with a plurality of touch sensors (not shown) capable of receiving a touch input or the like. When the display 440 is configured as a touch screen, a plurality of touch sensors may be disposed above the display 440 or below the display 440 .

5 illustrates an operation for controlling transmission of a data packet according to various embodiments of the present disclosure.

Referring to FIG. 5 , the access control application 212 detects a network access request to the service server 205 from the target application 211 included in the node 201 , and the node 201 or the access control application 212 . ) may determine whether the controller 202 and the connected state. When the node 201 or the access control application 212 is not connected to the controller 202 , the access control application 212 may block transmission of a data packet from a kernel or a network driver including the operating system. Through the access control application 212 , the node 201 may in advance block access of a malicious application in an application layer among seven open system interconnection (OSI) layers.

In one embodiment, the access control application 212 is not connected to the controller 202 , the access control application 212 is not authenticated by the gateway 203 , or the access control application 212 and If a secure session between the gateways 203 is not created, the data packet transmitted from the access control application 212 is blocked by the gateway 203 and the access control application 212 may request a connection to the controller 202 . only According to an embodiment, even if the access control application 212 is not authenticated by the gateway 203 , the data packet transmitted from the access control application 212 may not be blocked by the gateway 203 .

According to another embodiment, when the access control application 212 is not installed in the node 201 or a malicious application bypasses the control of the access control application 212 , an unauthorized data packet may be transmitted from the node 201 . have. In this case, the gateway 203 existing at the boundary of the network blocks data packets received with unauthorized secure sessions and data packets with no data flow, so data packets transmitted from the node 201 (eg, TCP session) are blocked. data packets for generation) may not reach the service server 205 . In other words, node 201 may be isolated from service server 205 .

6 is a signal flow diagram illustrating a controller connection according to various embodiments of the present disclosure.

Since the node 201 needs to be authorized by the controller 202 to access the network, the access control application 212 of the node 201 requests the controller 202 to create a control flow to the node 201 You can try to connect to the controller of

Referring to FIG. 6 , in operation 605 , the node 201 may detect a controller access event. For example, when the access control application 212 is installed and/or executed within the node 201 , the node 201 may detect that a connection to the controller 202 is requested.

In operation 610 , the node 201 may request a controller connection from the controller 202 . For example, the access control application 212 may transmit identification information of the access control application 212 to the controller 202 . Additionally, the access control application 212 may include identification information of the node 201 (eg, terminal ID, IP address, MAC address), type, location, environment, identification information of a network to which the node 201 belongs, and/or network Any identification information generated by the system itself may be further transmitted.

In operation 615 , the controller 202 may identify whether a target (eg, the access control application 212 and the node 201 ) requesting controller access can access the controller. According to an embodiment, the controller 202 controls whether the information received from the node 201 is included in the access policy database 311 or whether the node 201, the network to which the node 201 belongs, and/or access control. Based on at least one of whether the identification information of the application 212 is included in the blacklist database 314, it is possible to check whether the controller access of the target requesting the controller access is possible.

If the controller connection of the target requesting the controller connection is possible, the controller 202 may generate a control flow between the node 201 (or the access control application 212 ) and the controller 202 . In this case, the controller 202 generates control flow identification information in the form of a random number, and stores identification information of at least one of the node 201 , the network to which the node 201 belongs, or the access control application 212 in the control flow table ( 315) can be stored. Information stored in the control flow table 315 (eg, control flow information 340 ) includes user authentication of the node 201 , information update of the node 201 , policy confirmation for network access of the node 201 , and / Or it can be used for validation.

In operation 620 , the controller 202 may check an access policy corresponding to information identified in the access policy database 311 (eg, node 201 and source network information to which node 201 belongs). The controller 202 may generate whitelist information of accessible applications based on the checked access policy. In another embodiment, the controller 202 may not perform operation 620 . For example, if it is not possible to access the controller of the target that has requested access, the controller 202 may not perform operation 620 .

In operation 625 , the controller 202 may transmit a response to the controller connection request to the node 201 . In an embodiment, the controller 202 may transmit the control flow information 340 including the control flow identification information to the node 201 in response to the controller access request. In an embodiment, the controller 202 may transmit the white list generated by performing operation 620 to the access control application 212 . According to an embodiment, when a target requesting controller access is unavailable or is included in the blacklist, the controller 202 may notify the controller access unavailable in response to the controller access request without generating a control flow.

In an embodiment, the node 201 may process the result value according to the received response. For example, the access control application 212 may store the received control flow identification information and display a user interface screen (not shown) indicating that the controller connection is complete to the user. When the controller connection is completed, the network connection request of the node 201 to the service server 205 may be controlled by the controller 202 .

According to an embodiment, the controller 202 may determine that the node 201 is not accessible. For example, when the controller connection impossible information is received, the node 201 may output a user interface screen indicating that the controller connection is impossible to the user. For example, the user interface screen may include a user interface indicating that access to the node 201 is blocked and guiding the release of isolation through an administrator (eg, the controller 202 ).

In an embodiment, the access control application 212 of the node 201 , the controller 202 , and the gateway 203 may further perform operations 630 to 650 . According to an embodiment, the access control application 212 , the controller 202 , and the gateway 203 of the node 201 may perform all or part of operations 630 to 650 .

In operation 630 , the access control application 212 may perform an inspection of the application. For example, when the white list is received from the controller 202 , the access control application 212 may check whether an application included in the white list is installed in the node 201 . In the case of applications included in the white list among applications installed in the node 201, the access control application 212 determines whether the integrity and stability of the application (application forgery and tampering, code signing inspection, fingerprint inspection) according to the validation policy. at least one of them) can be checked.

In operation 635 , the access control application 212 may transmit a test result of the application to the controller 202 .

The controller 202 may check whether the application is valid based on the test result. If the application is valid, the controller 202 checks the gateways 203-1 and 203-2 where the node 201 is located in the access policy for the node 201 to allow the node 201 to access the network, Thereafter, operation 640 may be performed.

In operation 640, the controller 202 sends the data packet to the service server 205-1 and 205-2 through the gateways 203-1 and 203-2 without the node 201 requesting a network connection. A data flow can be created based on IP, destination IP and port information.

The controller 202 may check a file IO policy when generating a data flow, and may generate authorized file IO information 354 based on the file IO policy. The data flow information 350 of the data flow may include the generated authorized file IO information 354 . The authorized file IO information 354 may include policy information related to file IO access of an application using a data flow. For example, the authorized file IO information 354 may include information on whether to allow an application's file IO access (eg, access such as read or write). In addition, the authorized file IO information 354 may include information about a file path to which an application is allowed to access, and/or information about a file path to which an access is not allowed.

In operation 645 , the controller 202 may transmit a response to the transmission of the application check result of the access control application 212 . For example, the controller 202 may send the data flow information 350 including the authorized file IO information 354 to the access control application 212 . Also, in operation 650 , the controller 202 may transmit the data flow information 350 including the authorized file IO information 354 to the gateway 203 .

7 illustrates a signal flow diagram for user authentication according to various embodiments of the present disclosure, and FIG. 8 illustrates a user interface screen for controller access according to various embodiments of the present disclosure. The operations shown in FIG. 7 may be implemented, for example, after the signal flow diagram of FIG. 6 .

In order for the node 201 to be granted detailed access to the destination network, the access control application 212 of the node 201 may be authenticated by the controller 202 for the user of the node 201 .

Referring to FIG. 7 , in operation 705 , the node 201 may receive an input for user authentication. The input for user authentication may be, for example, a user input inputting a user ID and password. As another example, the input for user authentication may be a user input (eg, biometric information) for more enhanced authentication.

For example, referring to FIG. 8 , when the access control application 212 is executed, the node 201 may display a user interface screen 810 for receiving information required for access to the controller. The user interface screen 810 may include an input window 811 for inputting a user ID, and/or an input window 812 for inputting a password. After information is input into the input windows 811 and 812 , the node 201 may detect a controller connection event by receiving an input for the button 813 for user authentication.

In operation 710 , the node 201 may request user authentication from the controller 202 . For example, the access control application 212 may transmit input information for user authentication to the controller 202 . If the control flow between the node 201 and the controller 202 has already been created, the access control application 212 may transmit input information for user authentication together with the control flow identification information.

In operation 715 , the controller 202 may authenticate the user based on the information received from the node 201 . For example, the controller 202 may include a user ID, password, and/or enhanced authentication information included in the received information, and a database included in the memory of the controller 202 (eg, the access policy database 311 of FIG. 2 ). ) or the blacklist database 314), it is possible to determine whether the user is accessible according to the access policy and whether the user is included in the blacklist.

When the user is authenticated, the controller 202 checks the control flow information 340 in the control flow table 315 based on the control flow identification information transmitted by the node 201, and enters the checked control flow information 340. You can add user identification information (eg user ID). The added user identification information may be used for an authenticated user's controller access or network access.

In operation 720 , the controller 202 may check an access policy corresponding to information identified in the access policy database 311 (eg, node 201 and source network information to which node 201 belongs). The controller 202 may generate white list information of accessible applications based on the checked access policy. In another embodiment, the controller 202 may not perform operation 720 . For example, if it is not possible to access the controller of the target that has requested access, the controller 202 may not perform operation 720 .

In operation 725 , the controller 202 may transmit a response to the user authentication request to the node 201 . In an embodiment, the controller 202 may transmit information indicating that the user is authenticated to the node 201 in response to the user authentication request. In an embodiment, the controller 202 may transmit the white list generated by performing operation 720 to the access control application 212 . According to an embodiment, when a target requesting controller access is unavailable or included in a blacklist, the controller 202 may notify the controller access unavailable in response to the user authentication request.

In an embodiment, the node 201 may process a result value for user authentication. For example, the node 201 may output a user interface screen indicating that user authentication is completed to the user through the display.

According to another embodiment, the controller 202 may determine that user authentication is impossible. For example, if the user's identification information is included in the blacklist database, the controller 202 may determine that user authentication is impossible. In this case, in operation 725, the controller 202 may transmit information indicating that user authentication is impossible to the node 201, and the node 201 may output a user interface screen indicating that user authentication has failed through the display. can For example, referring to FIG. 8 , the node 201 may display the user interface screen 820 through the access control application 212 . The user interface screen 820 may include a user interface 825 that indicates that access to the node 201 is blocked, and guides release of isolation through an administrator (eg, the controller 202 ).

In an embodiment, the access control application 212 of the node 201 , the controller 202 , and the gateway 203 may further perform operations 730 to 750 . According to an embodiment, the access control application 212 , the controller 202 , and the gateway 203 of the node 201 may perform all or part of operations 730 to 750 .

In operation 730 , the access control application 212 may perform an application check. For example, when the white list is received from the controller 202 , the access control application 212 may check whether an application included in the white list is installed in the node 201 . In the case of applications included in the white list among applications installed in the node 201, the access control application 212 determines whether the integrity and stability of the application (application forgery and tampering, code signing inspection, fingerprint inspection) according to the validation policy. at least one of them) can be checked.

In operation 735 , the access control application 212 may transmit a test result of the application to the controller 202 .

The controller 202 may validate whether the application is valid based on the test result. If the application is valid, the controller 202 checks the gateways 203-1 and 203-2 where the node 201 is located in the access policy for the node 201 to allow the node 201 to access the network, Thereafter, operation 740 may be performed.

In operation 740, the controller 202 transmits the data packet to the service servers 205-1 and 205-2 through the gateways 203-1 and 203-2 without the node 201 requesting a network connection. A data flow can be created based on IP, destination IP and port information.

The controller 202 may check a file IO policy when generating a data flow, and may generate authorized file IO information 354 based on the file IO policy. The data flow information 350 of the data flow may include the generated authorized file IO information 354 . The authorized file IO information 354 may include policy information related to file IO access of an application using a data flow. For example, the authorized file IO information 354 may include information on whether to allow an application's file IO access (eg, access such as read or write). In addition, the authorized file IO information 354 may include information about a file path to which an application is allowed to access, and/or information about a file path to which an access is not allowed.

In operation 745 , the controller 202 may transmit a response to the transmission of the application check result of the access control application 212 . For example, the controller 202 may send the data flow information 350 including the authorized file IO information 354 to the access control application 212 . Also, in operation 750 , the controller 202 may transmit the data flow information 350 including the authorized file IO information 354 to the gateway 203 .

9 illustrates a signal flow diagram for network connection according to various embodiments of the present disclosure, and the operations illustrated in FIG. 9 may be implemented after, for example, the signal flow diagram of FIG. 6 or 7 .

Referring to FIG. 9 , in operation 905 , the node 201 may detect a network access event. For example, the node 201 may detect, through the access control application 212 , that the target application is attempting to connect to the service server 205 .

In an embodiment, the access control application 212 may inspect the data flow when a network access event is detected. For example, the access control application 212 may check whether a data flow corresponding to identification information, destination IP and/or port information of the target application exists. Also, the access control application 212 may check whether the data flow is valid even if the data flow exists. For example, the access control application 212 performs an integrity and safety check (eg, whether the application is forged or tampered with, code signing check, fingerprint check) of the access control application 212 and the target application according to the validation policy. and whether access to the destination IP and port of the target application installed in the node 201 is possible according to the access policy received from the controller 202 .

If a valid data flow exists, the access control application 212 may omit the following operations and transmit the data packet of the target application to the gateway 203 through the secure session.

If the data flow exists but is not valid, the connection control application 212 may output a user interface screen indicating that the network connection fails without sending the data packet.

When the data flow does not exist, the authentication time of the data flow has expired and an update is required, or when the data flow needs to be updated for other reasons, the access control application 212 may request the controller 202 to access the network. have. According to an embodiment, the access control application 212 performs integrity and safety checks of the access control application 212 and the target application according to the validation policy before requesting network access, and when the integrity and stability of the application is confirmed, the controller 202 may request a network connection.

In operation 910 , the access control application 212 may request a network connection to the service server 205 from the controller 202 . In this case, the access control application 212 may transmit the target application identification information and identification information (eg, IP and service port) of the service server 205 to the controller 202 together with the identification information of the control flow.

In operation 915 , the controller 202 may check the access policy and the file IO policy related to the target application in response to the request received from the access control application 212 .

The controller 202 may check whether the target application satisfies the access policy of the access policy database 311 . For example, the controller 202 determines whether identification information of a target (eg, a target application) and a requested target (eg, the service server 205) that has requested a network connection is included in the access policy database 311 and whether the network connection You can check whether the gateway connection of the requesting target is possible.

If the target application is not accessible, the controller 202 may transmit information indicating that the connection is impossible to the node 201 in operation 920 . In this case, the access control application 212 may output a user interface screen indicating that access is not possible through the display.

If the target application is accessible, the controller 202 checks the authorized file IO information 354 related to the target (eg, the target application) that has requested the connection, and establishes the connection based on the authorized file IO information 354 . You can check whether the file IO access of the requested target (eg target application) is allowed. Checking whether to allow file IO access is checking whether to allow the application's file IO access (eg, access such as read or write), or the file path to which the application is allowed to access, and/or This may include checking for file paths that are not allowed to access.

The controller 202 may check whether a data flow accessible to the corresponding destination IP and port exists in the data flow table 316 in order to allow the node 201 to access the network.

If there is no valid data flow, the controller 202 creates a data flow that allows the target (eg, the target application) to connect to the network between the node 201 and the service servers 205-1 and 205-2. can The controller 202 may generate the data flow information 350 based on information such as source IP, destination IP and port information, and authorized file IO information 354 . Here, the authorized file IO information 354 may be generated according to the file IO policy.

The controller 202 may check a file IO policy when generating a data flow, and may generate authorized file IO information 354 based on the file IO policy. The data flow information 350 of the data flow may include the generated authorized file IO information 354 . The authorized file IO information 354 may include policy information related to file IO access of an application using a data flow. For example, the authorized file IO information 354 may include information on whether to allow an application's file IO access (eg, access such as read or write). In addition, the authorized file IO information 354 may include information about a file path to which an application is permitted to access, and/or information about a file path to which an access is not permitted.

In operation 920 , the controller 202 may transmit a response to the network access request of the access control application 212 to the node 201 . For example, the controller 202 may transmit the data flow information 350 generated by performing operation 915 to the access control application 212 . According to an embodiment, when the target requesting access is unavailable, the controller 202 may notify the network access unavailable in response to the network access request.

The node 201 may process the result according to the received response. For example, the access control application 212 may store the received data flow information 350 and perform a file IO table check if a network connection is possible. As another example, when receiving a response indicating that the network connection is unavailable, the node 201 may drop a data packet of the target application. As another example, when receiving a response indicating that the network connection is unavailable, the node 201 may remove the file system IO of the target application (or remove the file system IO handle).

Also, in operation 925 , the controller 202 may transmit the data flow information 350 to the gateway 203 .

10 is a flowchart illustrating an operation of a node for monitoring file input/output access according to various embodiments of the present disclosure. The following operation flowchart may be implemented by the node 201 or the access control application 212 installed in the node 201 .

In operation 1005 , the access control application 212 may detect a file input/output access event. For example, the access control application 212 may determine that a file input/output access event has occurred when the target applications 211-1, 211-2, and 211-3 (or processes thereof) access the file IO system.

In operation 1010 , the access control application 212 may check the PID of a process accessing the file IO system, and check whether a data flow assigned to the corresponding PID exists. If the data flow exists, the access control application 212 may perform operation 1020 . If the data flow does not exist, the access control application 212 may perform operation 1015 .

In operation 1015 , the access control application 212 may store the file IO information in the file IO table 317 . For example, the access control application 212 may store the identified file IO information (eg, file location, file name, type of file IO (eg, file read or write), and/or file IO time information) of the process. Can be stored in the file IO table (317). After that, when the corresponding process accesses the network, the access control application 212 inquires the details in the file IO table 317 so that the data packet can be inspected.

In operation 1020 , the access control application 212 may check the type of file IO accessed by the corresponding process. When the file IO type is write (or all file access types related to writing), the access control application 212 may perform operation 1025 . When the file IO type is read (or all file access types related to read), the access control application 212 may perform operation 1030 . The type of file IO accessed by the process may require one or more reads and/or one or more writes at the same time, and when multiple file IOs exist, each step may be performed sequentially and/or in parallel. For example, operations 1025 and 1030 may be performed sequentially and/or in parallel.

In operation 1025 , the access control application 212 may perform a file write information check. The file write information check of the access control application 212 will be described later with reference to FIG. 12 . The access control application 212 may check whether the file is writable through the file write information checking process shown in FIG. 12 .

In operation 1030, the access control application 212 may perform a file read information check. The file read information check of the access control application 212 will be described later with reference to FIG. 13 . The access control application 212 may check whether the file can be read through the file read information checking process shown in FIG. 13 .

11 is a flowchart illustrating an operation of a node for checking a file input/output table according to various embodiments of the present disclosure; The following operation flowchart may be implemented by the node 201 or the access control application 212 installed in the node 201 .

In operation 1105 , the access control application 212 may detect a file input/output table check event. The access control application 212 may detect a file IO table check event when a data flow for which a network connection occurs is detected. The access control application 212 may detect when the data flow information 350 is obtained (or updated) as a file IO table check event.

In operation 1110 , the access control application 212 may perform a file IO table check. The access control application 212 checks the file IO table 317 to see if there is a target application 211-1, 211-2, 211-3 (or a process thereof) that is using the file IO for the data flow. can be checked. The access control application 212 may search the file IO table information 360 corresponding to the PID 361, which is one of identification information of the target application included in the data flow. If there is a file IO being used by the target application, the access control application 212 may perform operation 1120 . If the file IO being used by the target application does not exist, the access control application 212 may perform operation 1115 .

At operation 1115 , the access control application 212 may send a data packet.

In operation 1120 , the access control application 212 may check the type of file IO. When the type of file IO is write (or all file access types related to writing), the access control application 212 may perform operation 1125 . When the file IO type is read (or all file access types related to read), the access control application 212 may perform operation 1130 . The type of file IO accessed by the process may require one or more reads and/or one or more writes at the same time, and when multiple file IOs exist, each step may be performed sequentially and/or in parallel. For example, operations 1125 and 1130 may be performed sequentially and/or in parallel.

In operation 1125 , the access control application 212 may perform a file write information check. The file write information check of the access control application 212 will be described later with reference to FIG. 12 . The access control application 212 may check whether the file is writable through the file write information checking process shown in FIG. 12 .

In operation 1130, the access control application 212 may perform a file read information check. The file read information check of the access control application 212 will be described later with reference to FIG. 13 . The access control application 212 may check whether the file can be read through the file read information checking process shown in FIG. 13 .

12 illustrates a signal flow diagram for checking file write information according to various embodiments of the present disclosure;

In operation 1205 , the access control application 212 may detect a file write information check event. For example, when it is determined that the file input/output type is write in operation 1020 of FIG. 10 or operation 1120 of FIG. 11 , the access control application 212 may start checking file write information. The access control application 212 checks whether or not to complete the final storage of the file and whether to allow the file write for the application and the corresponding file (or the target file) for which the file input/output access is detected through the file write information check. can do.

In operation 1210 , the access control application 212 may check a data flow based on the application identification information and the network identification information. When file write is permitted according to the file IO information 354 authorized of the data flow and file check is unnecessary according to the file check information 355 , the access control application 212 may allow file write processing. When file write is not allowed according to the authorized file IO information 354 of the data flow, the access control application 212 may suspend file access (file write) of the target application. For example, the access control application 212 may use an application programming interface (API) provided by the operating system to suspend file access, including removal or crashing of a file handle, and initialization of a file write buffer. And file access (file writing) may be stopped by hooking, forcibly terminating the process, or executing a command to stop a series of file access control. In addition, the access control application 212 may change the state of the file IO in the file IO table 317 to the access stop processing. In addition, the access control application 212 may change the state of the corresponding data flow and block the network connection, thereby blocking the data packet received from (or flowing in) from the network. If there is a data packet being transmitted, the access control application 212 may drop the data packet.

When a file write is permitted according to the authorized file IO information 354 of the data flow, but a file inspection is required according to the file inspection information 355, the access control application 212 determines the file information of the target application to identify the file information. You can wait for IO access to be released (eg, write all file information and finish writing the file). When the file IO access is released, the access control application 212 determines whether to perform file inspection in the terminal (eg, node 201) based on the file inspection information 355 and whether the server (eg, the controller 202) ), you can check whether or not to perform a file check.

In operation 1215 , the access control application 212 may perform a file check. For example, when the node 201 performs file inspection, the access control application 212 performs at least one of a vaccine or malicious code to be applied when scanning a file included in the file inspection information 355 , or personal information detection pattern information. can be used to detect files that cannot be written to. If it is impossible to write the target file as a result of the file check, the target application can stop writing the file. Regarding the interruption processing, the above description is equally applicable. As a result of the file check, if the file can be written to the file, the target application can write the file. As another example, when the controller 202 performs file inspection, the access control application 212 provides the binary of the file, and unique information and identification information of the file (eg, file name, partial contents of the file, header information, hash information, and / or signature information) may be acquired (or extracted), and a file inspection may be requested from the controller 202 .

In operation 1220 , the access control application 212 may send a file inspection request to the controller 202 . The access control application 212 sends a file inspection request including data flow identification information, file identification information, and file binary to the controller 202, or sends the application identification information, network identification information, file identification information, and file binary to the controller 202 . It may send a request to check the file containing it to the controller 202 .

In operation 1225 , the controller 202 identifies a data flow corresponding to the target application based on the received data flow identification information, or the received application identification information and network identification information, and identifies the data flow and the received file identification information. It can be checked whether the target file exists in the file IO table 317 based on . If the target file exists in the file IO table 317, the controller 202 in operation 1245, according to the state information 356 of the file IO table 317, information indicating that the file write is allowed or the file write is not allowed information indicating can be transmitted to the node 201 . When the target file does not exist in the file IO table 317, the controller 202 stores a user, a terminal (eg, node 201), an application (target application 211-1, 211) in the file IO policy database 312 -2, or 211-3)), and whether to allow file writes through a file IO policy matching the network. In addition, the controller 202 inquires whether to allow the file write to the external linkage system 207 (operation 1530) and receives a response (operation 1535), thereby determining whether to allow file writing based on the received response. have. The controller 202 may add the corresponding information to the file IO table 317 based on the result of checking whether to allow the file to be written and the file input/output information. If file write is not allowed as a result of checking through the file IO policy and/or external linkage system 207 , the controller 202 may transmit information indicating that file writing is not allowed to the node 201 in operation 1245 . . As a result of checking through the file IO policy and/or external linkage system 207 , if the file write is allowed and the file check in the controller 202 is not required, the controller 202 indicates that the file write is allowed in operation 1245 . Information may be transmitted to node 201 . As a result of checking through the file IO policy and/or the external linkage system 207 , when file writing is permitted and file inspection is required in the controller 202 , the controller 202 may perform the file inspection.

In operation 1240 , the controller 202 may perform a file check. The controller 202 may detect a file that cannot be written to by using at least one of a vaccine or malicious code to be applied during file inspection included in the file inspection information 355 , or personal information detection pattern information.

In operation 1245 , the controller 202 may transmit a response to the file inspection request to the node 201 . The response to the file check request may include a file check result. The response to the file check request may include information on whether to allow file writing.

In operation 1250 , the access control application 212 may process the received result value. When the received result value indicates that file writing to the target application and target file is permitted, the access control application 212 indicates that file writing is permitted to the file IO table 317 including the corresponding file IO information and status information You can add or update information. When the received result value indicates that file writing to the target application and target file is not permitted, the access control application 212 may delete the target file so that the corresponding file cannot be used.

13 illustrates a signal flow diagram for checking file read information according to various embodiments of the present disclosure;

In operation 1305 , the access control application 212 may detect a file read information check event. For example, when it is determined that the file input/output type is read in operation 1020 of FIG. 10 or operation 1120 of FIG. 11 , the access control application 212 may start checking the file read information. The access control application 212 may check whether reading of a file is allowed for an application and a target file for which file input/output access is detected through file read information checking.

In operation 1310 , the access control application 212 may check a data flow based on the application identification information and the network identification information. When a file read is permitted according to the file IO information 354 authorized of the data flow and file check is unnecessary according to the file check information 355 , the access control application 212 may allow file read processing. When file read is not permitted according to the authorized file IO information 354 of the data flow, the access control application 212 may suspend file access (file read) of the target application. For example, the access control application 212 may use an application programming interface (API) provided by the operating system to suspend file access, including removing or crashing a file handle, and initializing a file read buffer. And file access (file read) may be interrupted by hooking, forcibly terminating the process, or executing a command to stop a series of file access control. In addition, the access control application 212 may change the state of the corresponding file IO in the file IO table 317 to access stop processing, or add the file IO information of the corresponding file IO to the file input/output table 317 . In addition, the access control application 212 may change the state of the corresponding data flow and block the network connection to block the data packet received from the network. If there is a data packet being transmitted, the access control application 212 may drop the data packet.

When a file read is allowed according to the authorized file IO information 354 of the data flow, but a file inspection is required according to the file inspection information 355, the access control application 212 is based on the application identification information and the file IO information. It can be checked whether the corresponding file IO exists in the file IO table 317 . When the corresponding file IO exists in the file input/output table 317 and the target file can be read, the access control application 212 may allow and process the target application and the file read of the target file. When the corresponding file IO exists in the file IO table 317 and it is impossible to read the target file, the access control application 212 may stop reading the target application and the file for the target file. Regarding the interruption processing, the above description is equally applicable. If the file IO does not exist in the file IO table 317, or if the file IO exists in the file IO table but file inspection is required, the access control application 212 is configured to the terminal based on the file inspection information 355 Whether to perform file inspection on (eg, node 201 ) and whether or not file inspection is performed on server (eg, controller 202 ) can be checked.

In operation 1315, the access control application 212 may perform a file check. For example, when the node 201 performs file inspection, the access control application 212 performs at least one of a vaccine or malicious code to be applied when scanning a file included in the file inspection information 355 , or personal information detection pattern information. can be used to detect files that cannot be read. If it is impossible to read the target file as a result of the file check, the target application and file reading for the target file may be stopped. Regarding the interruption processing, the above description is equally applicable. If it is possible to read the file of the target file as a result of the file inspection, the target application and file reading of the target file may be allowed. As another example, when the controller 202 performs file inspection, the access control application 212 provides the binary of the file, and unique information and identification information of the file (eg, file name, partial contents of the file, header information, hash information, and / or signature information) may be acquired (or extracted), and a file inspection may be requested from the controller 202 .

In operation 1320 , the access control application 212 may send a file inspection request to the controller 202 . The access control application 212 sends a file inspection request including data flow identification information, file identification information, and a file binary to the controller 202, or sends the application identification information, network identification information, file identification information, and file binary to the controller 202 . It may transmit a file inspection request including the file to the controller 202 .

In operation 1325 , the controller 202 identifies a data flow corresponding to the target application based on the received data flow identification information, or the received application identification information and the network identification information, and identifies the data flow and the received file identification information. Based on , it may be checked whether the target file exists in the file input/output table 317 . If the target file exists in the file input/output table 317, the controller 202 determines that the file read is permitted according to the state information 356 of the file IO table 317 in operation 1345, or the file read is not allowed. information indicating can be transmitted to the node 201 . If the target file does not exist in the file IO table 317, the controller 202 stores the user, the terminal (eg, node 201), and the application (eg, the target application 211-1) in the file IO policy database 312 . , 211-2, or 211-3)), and whether to allow file reading through a file IO policy matching the network can be checked. In addition, the controller 202 inquires the external linkage system 207 whether to allow file reading (operation 1330) and receives a response (operation 1335), thereby determining whether to allow file reading based on the received response. have. The controller 202 may add the corresponding information to the file IO table 317 based on the result of checking whether the file is allowed to read and the file IO information. If the file IO policy and/or the file read is not allowed as a result of checking through the external linkage system 207 , the controller 202 may transmit information indicating that the file read is not allowed to the node 201 in operation 1345 . . As a result of checking through the file IO policy and/or the external linkage system 207 , if the file read is allowed and the file check in the controller 202 is not required, the controller 202 indicates that the file read is allowed in operation 1345 . Information may be transmitted to node 201 . As a result of checking the file IO policy and/or the external linkage system 207 , when file reading is permitted and file inspection is required in the controller 202 , the controller 202 may perform the file inspection.

In operation 1340 , the controller 202 may perform a file check. The controller 202 may detect a file that cannot be read by using at least one of a vaccine or malicious code to be applied during file inspection included in the file inspection information 355 , or personal information detection pattern information.

In operation 1345 , the controller 202 may transmit a response to the file inspection request to the node 201 . The response to the file check request may include a file check result. The response to the file check request may include information on whether to allow file reading.

In operation 1350 , the access control application 212 may process the received result value. When the received result value indicates that file reading of the target application and target file is permitted, file access (file read) of the target application to the target file may be permitted. The access control application 212 may add or update information indicating that file reading is permitted to the file IO table 317 including the corresponding file IO information and state information. When the received result value indicates that file reading of the target application and target file is not permitted, the access control application 212 may suspend file access (read file) of the target application to the target file. For example, the access control application 212 may use an application programming interface (API) provided by the operating system to suspend file access, including removing or crashing a file handle, and initializing a file read buffer. And file access (file read) may be interrupted by hooking, forcibly terminating the process, or executing a command to stop a series of file access control. In addition, the access control application 212 may change the state of the corresponding file IO in the file IO table 317 to access stop processing, or add the file IO information of the corresponding file IO to the file IO table 317 . In addition, the access control application 212 may change the state of the corresponding data flow and block the network connection to block the data packet transmitted to the network. If there is a data packet being transmitted, the access control application 212 may drop the data packet.

14 is a diagram illustrating a user interface screen indicating file upload and download failures according to various embodiments of the present disclosure;

When the file download (or file reception) through the network is blocked, the node 201 or the access control application 212 may display the first user interface screen 1410 on the display 440 . For example, when file write is not permitted as a result of the file write information check according to the process of FIG. 12 , the node 201 or the access control application 212 may output the first user interface screen 1410 . The first user interface screen 1410 may include a notification window 1411 including a message indicating that the file download is blocked.

When the file upload (or file transmission) through the network is blocked, the node 201 or the access control application 212 may display the second user interface screen 1420 on the display 440 . For example, if the file read is not allowed as a result of the file read information check according to the process of FIG. 13 , the node 201 or the access control application 212 may output the second user interface screen 1420 . The second user interface screen 1420 may include a notification window 1421 including a message indicating that file upload is blocked.

When the file upload (or file transmission) over the network is blocked, the node 201 or the access control application 212 may terminate the network connection of the target application. In this case, the access control application 212 may display the third user interface screen 1430 on the display 440 . The third user interface screen 1430 may include a notification window 1431 including a message indicating that the network connection is terminated. For example, the notification window 1431 may further include a message indicating why the network connection is terminated (eg, an unauthorized file upload is detected).

15 is a flowchart illustrating an operation of the node 201 for transmitting a data packet according to various embodiments of the present disclosure. The following operation flowchart may be implemented by the node 201 or the access control application 212 installed in the node 201 .

Referring to FIG. 15 , in operation 1510 , the access control application 212 may detect a data packet transmission event. The access control application 212 may detect a data packet transmission request requested by the target applications 211-1, 211-2, 211-3 (or a process thereof) as a data packet transmission event.

In operation 1520, when a data packet transmission event is detected after the network access is permitted, the access control application 212 identifies the transmitted data packet and the target application 211-1, 211-2, and 211-3 for a data flow You can check whether . Identifies the target application 211-1, 211-2, 211-3 (or a process thereof) requesting transmission of the data packet, and the identified target application 211-1, 211-2, 211-3 ( Alternatively, the PID of the process) may be checked and whether a data flow assigned to the corresponding PID exists.

If a data flow exists, the access control application 212 may proceed to operation 1530 . If the data flow does not exist, the connection control application 212 may proceed to operation 1535 . At operation 1535 , the connection control application 212 may drop the data packet if no data flow exists.

In operation 1530 , the access control application 212 may check the file IO table if there is a data flow.

In operation 1540 , the access control application 212 may check whether the file IO or read of the target application (or its process) is permitted in the authorized file IO information 354 of the data flow information 350 . If file IO, or read, is permitted, the access control application 212 may proceed to operation 1555 . If the file IO and read are not allowed, the access control application 212 may proceed to operation 1545 . At operation 1555 , the connection control application 212 may send the data packet to the network.

In operation 1545 , the access control application 212 may check whether the file IO does not exist in the file IO table 317 . The access control application 212 uses the PID, which is one of the application identification information, to determine whether a read-type file IO exists, or whether it is being accessed as a read-type file IO, and whether there is a file IO that has been used after access. can be checked The access control application 212 determines whether there is a file IO of a read type performed by the target application (or a process thereof), or whether it is being accessed as a file IO of a read type, whether there is a file IO that has been accessed and then used is terminated can check whether

If the file IO does not exist, the connection control application 212 may proceed to operation 1555 . If the file IO exists, the connection control application 212 can proceed to operation 1550 . At operation 1555 , the connection control application 212 may send the data packet to the network.

At operation 1550 , the connection control application 212 may examine the data packet if the file IO exists. The access control application 212 checks the target file of the file IO, and whether a part of the target file or unique information for managing the target file (eg, hash, header information, signature information, etc.) is included in the data packet. can be inspected. The access control application 212 may check whether the transmitted data packet includes partial content of the file or unique information for managing the file (eg, hash, header information, signature information, etc.).

At operation 1560 , the access control application 212 may verify whether the inspection of the data packet was successful. The access control application 212 determines that the data packet inspection has failed when the data packet includes partial contents of the file or unique information (eg, hash, header information, signature information, etc.) for managing the file. can If the inspection of the data packet is successful, the access control application 212 may proceed to operation 1555 . If the inspection of the data packet fails (that is, when the data packet does not contain some contents of the file or unique information for managing the file (eg, hash, header information, signature information, etc.), the access control application ( 212) may proceed to operation 1550. At operation 1570 , the connection control application 212 may send the data packet to the network.

At operation 1570 , the connection control application 212 may drop the data packet and block the network connection.

16 is a flowchart illustrating a signal flow for updating a control flow according to various embodiments of the present disclosure;

Referring to FIG. 16 , in operation 1605 , the access control application 212 may request a control flow update.

In one embodiment, the access control application 212 may request a control flow update from the controller 202 to maintain the control flow and data flow. In an embodiment, the access control application 212 may request to update the control flow in order to transmit the file IO access blocked history when a file is stored or read through a network connection in the file IO table 317 . In addition, the access control application 212 may request a control flow update including identification information of the control flow every specified period.

In operation 1610 , the controller 202 may update (check) the control flow. For example, the controller 202 determines whether the control flow information 340 indicated by the received identification information exists in the control flow table 315, and if the control flow information 340 exists, the data flow information 350 dependent on it. It can be checked whether . A control flow may not exist if a connection is released by another security system, an update time elapses, or a connection is released due to risk detection.

For example, if the update (check) fails, the controller 202 may cause the node 201 to terminate the access control application 212 or block the access control application 212 from connecting to the network. For another example, if the update (check) is successful, the controller 202 may update the expiration time of the control flow and the data flow dependent thereon. In this case, the node 201 may update the control flow information 340 and the data flow information 350 .

When there is the file IO table information 360 received from the node 201, the controller 202 updates the file IO table 317 existing in the controller 202, and stores the updated file IO table 317 to Based on the data, it is used as an inquiry and audit data for actions from the user and the node 201, and when an abnormal action occurs, the control flow can be terminated.

In operation 1615 , the controller 202 may transmit update (inspection) result information to the access control application 212 . For example, if the update (check) fails, the controller 202 may transmit connection unavailable information. For another example, if the update (check) is successful, the controller 202 may transmit the updated control flow information 340 and data flow information 350 dependent thereon to the access control application 212 . In this case, the node 201 may update the control flow information 340 and the data flow information 350 .

The access control application 212 may process the update (check) result information.

If the control flow update result indicates that the connection is unavailable, the access control application 212 may terminate the target application or block all network connections of the target application. When the control flow update result indicates normal and there is updated data flow information 350 , the access control application 212 may update the data flow table 316 in the access control application 212 .

17 is a diagram illustrating a signal flow for removing a control flow according to various embodiments of the present disclosure.

Referring to FIG. 17 , in operation 1705 , the node 201 may request the controller 202 to terminate the control flow. For example, the node 201 may terminate the access control application 212 , request the end of the control flow when the network connection is not used for a specified time, or a connection termination request is received from another system.

In operation 1710 , the controller 202 may remove a control flow corresponding to the identification information received from the node 201 . The controller 202 may also remove data flows that are dependent on the removed control flow.

In operation 1715 , the controller 202 requests the gateway 203 to remove the data flow, and in operation 1720 , the gateway 203 may block the network access of the access control application 212 by removing the data flow.

18 illustrates a signal flow diagram for data flow removal according to various embodiments of the present disclosure;

Referring to FIG. 18 , in operation 1805 , the access control application 212 may detect termination of the target application. The access control application 212 may monitor whether the target application running in the node 201 is terminated in real time.

In operation 1810 , the access control application 212 may examine the data flow table 316 . The access control application 212 may check whether a data flow corresponding to identification information and PID (or PID of a child) of the terminated target application exists in the data flow table 316 . When the data flow of the target application is confirmed, the access control application 212 may delete the corresponding data flow from the data flow table 316 .

In order to track the termination of multiple executable target applications, when the terminated target application does not exist in the running process list, the access control application 212 records a data flow corresponding to identification information of the terminated application in the data flow table ( 316) can be deleted.

In operation 1815 , the access control application 212 may request the controller 202 to end the data flow. For example, the access control application 212 may transmit a data flow list deleted in operation 1810 to the controller 202 to request termination of the data flow.

In operation 1820 , the controller 202 may remove a data flow corresponding to the data flow list from the node 201 . In operation 1825 , the controller 202 requests the gateway 203 to remove the data flow, and in operation 1830 , the gateway 203 removes the data flow, thereby providing a service corresponding to the removed data flow of the access control application 212 . Access to the server 205 may be blocked.

The above description is merely illustrative of the technical idea disclosed in this document, and those of ordinary skill in the art to which the embodiments disclosed in this document belong are not departing from the essential characteristics of the embodiments disclosed in this document. Various modifications and variations will be possible.

Accordingly, the embodiments disclosed in this document are for explanation rather than limiting the technical ideas disclosed in this document, and the scope of the technical ideas disclosed in this document is not limited by these embodiments. The scope of protection of the technical ideas disclosed in this document should be interpreted by the claims below, and all technical ideas within the equivalent range should be interpreted as being included in the scope of the present document.

Claims (16)

in the server,
communication circuit;
a processor operatively coupled to the communication circuitry; and
a memory operatively coupled to the processor and configured to store a database, wherein the memory, when executed by the processor, causes the server to:
Receive a file input output (IO) information check request from the access control application of the node, the file IO information check request includes file identification information of the file IO target file and the target file,
Checking whether file IO table information for the target file exists in the database using the file identification information,
If the file IO table information exists, performing a file check on the target file based on the file IO table information,
Stores instructions for transmitting a response indicating the result of the file check to the access control application of the node, and the file check result includes information on whether to allow file IO for the target file. The method according to claim 1,
The commands are executed by the server,
Check whether file IO for the target file is allowed according to the file IO table information,
When the file IO is allowed, the server to transmit information on whether to allow the file IO for the target file to the access control application of the node. The method according to claim 1,
The commands are executed by the server,
If the file IO table information does not exist, check whether file IO to the target file is allowed through a file IO policy and an external server. 4. The method of claim 3,
The commands are executed by the server,
if the file IO is not allowed, sending information indicating that the file IO is not allowed to the access control application of the node;
if the file IO is allowed and no file inspection at the server is required, sending information indicating that the file IO is allowed to the access control application of the node;
When the file IO is allowed and file inspection in the server is required, the server uses at least one of vaccine, malicious code, or personal information detection pattern information to scan the target file. 4. The method of claim 3,
The commands are executed by the server,
To add information on whether to allow file IO for the identified target file to the file IO table, the server. The method according to claim 1,
The target file is a binary (binary) format, server. In the method of operating a server,
Receiving a file IO information check request from the access control application of the node, the file IO information check request includes file identification information of the file IO target file and the target file,
Checking whether or not file IO table information for the target file exists in the database of the server using the file identification information;
If the file IO table information exists, performing a file check on the target file based on the file IO table information, and
and transmitting a response indicating a result of the file check to the access control application of the node, wherein the result of the file check includes information on whether to allow file IO for the target file. In the node,
communication circuit;
a processor operatively coupled to the communication circuitry; and
a memory operatively coupled to the processor and storing a connection control application and a target application, wherein the memory, when executed by the processor, causes the node to:
Through the access control application, identify the file IO (input output) information check event by the target application,
Through the access control application, based on the authorized file IO information of the data flow related to the target application, check whether the file IO information check is necessary,
On the basis of determining that the file IO information inspection is necessary, a file IO information inspection request is made to an external server through the access control application, and the file IO information inspection request includes a target file of the file IO information inspection,
On the basis of the file IO information check result received from the external server, through the access control application, store commands to control the file IO for the target file of the target application, the file IO information check result is the A node, containing information about whether file IO is allowed for the target file. 9. The method of claim 8,
The instructions cause the node to
If, through the access control application, the authorized file IO information indicates that the file IO is not allowed, block the file IO of the target application,
If, through the access control application, the authorized file IO information indicates that the file IO is allowed, and it is confirmed that the file IO information check is not necessary, the file IO of the target application is allowed;
If, through the access control application, the authorized file IO information indicates that the file IO is allowed, and it is determined that the file IO information check is necessary, the node to request the file IO information check from the external server. 9. The method of claim 8,
The instructions cause the node to
If, through the access control application, the authorized file IO information indicates that file writing is permitted, and it is confirmed that the file IO information check is necessary, the node performs a file check based on the file check information of the data flow. Check whether or not to perform file inspection on the external server,
When it is confirmed that the node performs file inspection through the access control application, the target file is inspected using at least one of vaccine, malicious code, and personal information detection pattern information included in the file inspection information,
When it is confirmed through the access control application that the external server performs the file check, the node transmits a file write information check request including the target file to the external server. 11. The method of claim 10,
The instructions cause the node to
When the result of performing the file check in the node indicates that file writing is not permitted, the access control application blocks writing of the file by the target application;
and when the result of performing the file check in the node indicates that file writing is permitted, the node transmits the file write information check request to the external server through the access control application. 9. The method of claim 8,
The instructions cause the node to
If, through the access control application, the authorized file IO information indicates that file reading is allowed, and it is confirmed that the file IO information check is necessary, check whether the file IO exists in the file IO table,
Through the access control application, if the file IO exists in the file IO table and it is confirmed that the file read is allowed, the target application allows the file read,
If it is confirmed through the access control application that the file IO exists in the file IO table and file read is not allowed, the target application blocks the file read,
If it is determined through the access control application that the file IO does not exist in the file IO table or the file IO exists in the file IO table and a file read information check is required, based on the file check information of the data flow to check whether the node performs the file check or the external server performs the file check. 13. The method of claim 12,
The instructions cause the node to
When it is confirmed that the node performs file inspection through the access control application, the target file is inspected using at least one of vaccine, malicious code, and personal information detection pattern information included in the file inspection information,
When it is confirmed that the external server performs the file inspection through the access control application, the node transmits a file read information inspection request including the target file to the external server. 14. The method of claim 13,
The instructions cause the node to
When the result of performing the file check in the node indicates that file reading is not allowed, blocking the file reading of the target application through the access control application,
When the result of performing the file check in the node indicates that the file read is permitted, the node transmits the file read information check request to the external server through the access control application. 9. The method of claim 8,
The instructions cause the node to
When the file IO information check result received from the external server indicates that the file IO is allowed, the file IO of the target application is allowed through the access control application,
When the file IO information check result indicates that the file IO is not allowed, to block the file IO of the target application through the access control application. In the operation method of the node,
Through the access control application of the node, the operation of identifying a file input output (IO) information check event by the target application of the node,
Through the access control application, based on the authorized file IO information of the data flow related to the target application, the operation of determining whether the file IO information check is necessary;
An operation of requesting an external server to check the file IO information through the access control application based on it is confirmed that the file IO information check is necessary, the file IO information check request includes the target file of the file IO information check, and , and
based on the file IO information check result received from the external server, through the access control application, comprising the operation of controlling the file IO for the target file of the target application, wherein the file IO information check result is the target A method of operation, including information about whether to allow file IO to the file.

Images