CN100499476C - File protection method based on user protection rule - Google Patents
File protection method based on user protection rule Download PDFInfo
- Publication number
- CN100499476C CN100499476C CNB2004100139608A CN200410013960A CN100499476C CN 100499476 C CN100499476 C CN 100499476C CN B2004100139608 A CNB2004100139608 A CN B2004100139608A CN 200410013960 A CN200410013960 A CN 200410013960A CN 100499476 C CN100499476 C CN 100499476C
- Authority
- CN
- China
- Prior art keywords
- file
- protected
- safeguard rule
- rule
- protection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
A file protection method based on user protection rule which is conducted on the basis of network server filing system, wherein the user file protection method comprises file name of protected document, monitoring time interval, file monitoring attribute and whether recording alarm log, the invention realizes increases safety control capability for the filing system of the network server, and automatic file protection can be provided automatically.
Description
Technical field
The present invention relates to the webserver, particularly a kind of file integrality guard method based on user's safeguard rule.
Background technology
The webserver is widely used in various network information systems such as portal website, E-Government, ecommerce.The safety problem of information system more and more comes into one's own.In information system, the file system of the webserver has comprised a large amount of important executable programs, system configuration and user profile, is the main object of system attack always.On the other hand, file system still is the carrier of security mechanisms such as operating system itself, authenticating user identification and access control.The file security protective capability of the webserver must be strengthened.Present document protection method lacks flexibly that the user protects the policy selection ability, needs manual process frequently, does not have special consideration for the protection of file protect use characteristic information.Therefore, the file protect ability of the webserver is not enough at present, needs further to improve aspect security of system, use flexibility and convenience.
Summary of the invention
Main purpose of the present invention is more weak to the safety assurance ability of file system at the present webserver and problem that can not provide autofile to protect; provide a kind of and can avoid a large amount of loaded down with trivial details manual operationss; can formulate the document protection method that safeguard rule carries out safeguard protection according to the user; realization is for the protection of file protect self use characteristic information, to improve the security service performance of the webserver.
For realizing described purpose of the present invention, the invention provides a kind of document protection method based on user's safeguard rule, this method is carried out on the basis of network server file system 10, may further comprise the steps: the user file guard method by protected file name, Looking Out Time at interval, the surveillance attribute of file and whether write down alarm log etc. and constitute, and may further comprise the steps: (1) is if there is new safeguard rule to need initialization, then execution in step 2, otherwise forward step 6 to; (2) read new safeguard rule; (3) spanned file feature database and file backup; (4) generate regularly protected file set; (5) if also have other new safeguard rule, then forward step 2 to; (6) start timing and protect trigger mechanism; Described startup makes the file protect device start working according to the set of timing safeguard rule after regularly protecting trigger mechanism: step 27 obtains a regularly safeguard rule set, and it is to carry out the set of protected file by having identical fixed time interval in the system; Identical with the safeguard rule definition, be the timing safeguard rule set at interval of 1,3,5 or 7 multiples; Step 28 is chosen in the protection set file and is protected processing; Described step 28 is chosen in the protection set file and is protected the step of processing to be: from step 280 initial state, read the file monitoring attribute through step 281, step 282 is calculated the file characteristic value of protected file, step 283 is stored in the file attribute that obtains and characteristic value during with initialization in the file characteristic storehouse character pair value and compares, step 284 judges whether to equate, if more all equate then do not need special processing, forward step 287 to; Otherwise execution in step 285: step 285 is carried out file protect and is recovered to handle; Step 286 is reported to the police and recording processing; Write protection action record in the system alarm daily record; Step 287 finishes; The step of carrying out file protect recovery processing is: utilize file characteristic storehouse and backup library number
Embodiment
As shown in Figure 1; the network server file protection mechanism is on the basis of legacy network server file system 10; increase functional modules such as rule processor 12, file protect device 11 and file back-up device 16, and add data structures such as user file safeguard rule 13, internal file backup library 15, timing safeguard rule set 14, alarm log 17.For realizing the file protect function based on the user file safeguard rule, the protection that the user formulates requires by 13 definition of user file safeguard rule.For the user file safeguard rule,, form regularly safeguard rule set 14, internal file backup library 15 and be placed on file characteristic storehouse and file backup library in the file back-up device 16 by the initialization process of rule processor 12.File protect device 11 is according to timing safeguard rule set 14, and the file of regular appointment is carried out periodic monitor and protection, and registration alarm log 17.
Method of the present invention as shown in Figure 2.Step 20 is initial actuatings.Step 21 judges whether the file protect rule of user's redetermination, if execution in step 22 then; Otherwise execution in step 26.User file guard method by protected file name, Looking Out Time at interval, the surveillance attribute of file and whether write down alarm log etc. and constitute.Minimum supervision at interval of system definition was as 0.1 second.Looking Out Time is spaced apart the minimum multiple that monitors the interval, but value is 1,3,5,7 equimultiple values.The surveillance attribute of file comprises file content, file attribute.File content is the surveillance attribute of acquiescence, and other file attribute can be surveillance attribute by the file protect rule definition.Step 22 reads new user's safeguard rule.Step 23 generates the used file characteristic value of protected file according to safeguard rule, carries out the file backup.To the protected file calculation document characteristic value of regular appointment, file content F is calculated hash function, as MD5 (F), resultant value is the file characteristic value.File characteristic value and file monitoring attribute, the file backup of protected file are stored in file characteristic storehouse and file backup library in the file back-up device of strange land respectively.Deposit the file backup in the internal file backup library simultaneously.Step 24 generates regularly protected file set according to safeguard rule.Regularly safeguard rule set 14 is to have the identical set of file at interval that monitors, each element is made up of filename and surveillance attribute.The protected file sign is put into the corresponding set that monitors timing safeguard rule at interval.Step 25 differentiates whether also have new user policy, continues to handle if then forward step 22 to; Otherwise forward step 26 to.
Fig. 3 describes Fig. 2 step 28 in detail, and its effect is monitoring and maintenance documentation integrality, makes vital document avoid unauthorised broken.The step 280 of Fig. 3 is an initial state.Step 281 reads the file monitoring attribute, as file access authority, size and access time etc.Step 282 is calculated the file characteristic value of protected file, and computational methods are identical with step 23.Step part safeguard rule is if execution in step 22 then; Otherwise execution in step 26.User file guard method by protected file name, Looking Out Time at interval, the surveillance attribute of file and whether write down alarm log etc. and constitute.Minimum supervision at interval of system definition was as 0.1 second.Looking Out Time is spaced apart the minimum multiple that monitors the interval, but value is 1,3,5,7 equimultiple values.The surveillance attribute of file comprises file content, file attribute.File content is the surveillance attribute of acquiescence, and other file attribute can be surveillance attribute by the file protect rule definition.Step 22 reads new user's safeguard rule.Step 23 generates the used file characteristic value of protected file according to safeguard rule, carries out the file backup.To the protected file calculation document characteristic value of regular appointment, file content F is calculated hash function, as MD5 (F), resultant value is the file characteristic value.File characteristic value and file monitoring attribute, the file backup of protected file are stored in file characteristic storehouse and file backup library in the file back-up device of strange land respectively.Deposit the file backup in the internal file backup library simultaneously.Step 24 generates regularly protected file set according to safeguard rule.Regularly safeguard rule set 14 is to have the identical set of file at interval that monitors, each element is made up of filename and surveillance attribute.The protected file sign is put into the corresponding set that monitors timing safeguard rule at interval.Step 25 differentiates whether also have new user policy, continues to handle if then forward step 22 to; Otherwise forward step 26 to.
Fig. 3 describes Fig. 2 step 28 in detail, and its effect is monitoring and maintenance documentation integrality, makes vital document avoid unauthorised broken.The step 280 of Fig. 3 is an initial state.Step 281 reads the file monitoring attribute, as file access authority, size and access time etc.Step 282 is calculated the file characteristic value of protected file, and computational methods are identical with step 23.Step 283 is stored in the file attribute that obtains and characteristic value during with initialization in the file characteristic storehouse character pair value and compares.Step 284 judges whether to equate, if more all equate then do not need special processing, forwards step 287 to; Otherwise execution in step 285.Step 285 is carried out file protect and is recovered to handle.Utilize file characteristic storehouse and backup library data that reformed file attribute or file content are recovered.When file content is recovered, earlier judge whether file available in the inner backup library, the characteristic value that promptly compares file in the backup library whether with the file characteristic storehouse in the characteristic value of storing whether identical.If identical then internally backup library obtain restore data; Otherwise from the file back-up device of strange land, obtain.Step 286 is reported to the police and recording processing.Write protection action record in the system alarm daily record.Step 287 is the done state of Fig. 3.
Claims (1)
1, a kind of document protection method based on user's safeguard rule, on the basis of network server file system (10), carry out, it is characterized in that the user file guard method by protected file name, Looking Out Time at interval, the surveillance attribute of file and whether write down alarm log etc. and constitute, and may further comprise the steps: 1) if there is new safeguard rule to need initialization, then execution in step 2), otherwise forward step 6) to; 2) read new safeguard rule; 3) spanned file feature database and file backup; 4) generate regularly protected file set; 5) if also have other new safeguard rule, then forward step 2 to); 6) start timing and protect trigger mechanism; Described startup makes the file protect device start working according to the set of timing safeguard rule after regularly protecting trigger mechanism: step 27 obtains a regularly safeguard rule set, and it is to carry out the set of protected file by having identical fixed time interval in the system; Identical with the safeguard rule definition, be the timing safeguard rule set at interval of 1,3,5 or 7 multiples; Step 28 is chosen in the protection set file and is protected processing; Described step 28 is chosen in the protection set file and is protected the step of processing to be: from step 280 initial state, read the file monitoring attribute through step 281, step 282 is calculated the file characteristic value of protected file, step 283 is stored in the file attribute that obtains and characteristic value during with initialization in the file characteristic storehouse character pair value and compares, step 284 judges whether to equate, if more all equate then do not need special processing, forward step 287 to; Otherwise execution in step 285; Step 285 is carried out file protect and is recovered to handle; Step 286 is reported to the police and recording processing; Write protection action record in the system alarm daily record; Step 287 finishes; The step of carrying out file protect recovery processing is: utilize file characteristic storehouse and backup library data that reformed file attribute or file content are recovered, when file content is recovered, earlier judge whether file available in the inner backup library, the characteristic value that promptly compares file in the backup library whether with the file characteristic storehouse in the characteristic value of storing whether identical; If identical then internally backup library obtain restore data; Otherwise from the file back-up device of strange land, obtain; 7) read regularly protected file set; Regularly safeguard rule set (14) is to have the identical set of file at interval that monitors, each element is made up of filename and surveillance attribute; To the protected file calculation document characteristic value of regular appointment, file content F is calculated hash function, resultant value is the file characteristic value; File characteristic value and file monitoring attribute, the file backup of protected file are stored in file characteristic storehouse and file backup library in the file back-up device of strange land respectively; Deposit the file backup in the internal file backup library simultaneously; File protect device (11) is according to timing safeguard rule set (14), and the file of regular appointment is carried out periodic monitor and protection, and registration alarm log (17); 8) file is protected processing in the fetch protection file set; 9) if also have other file in the protected file set, then forward step 8) to; The method of network server file protection is on the basis of legacy network server file system (10), increase rule processor (12), file protect device (11) and file back-up device (16) and carry out above-mentioned user file guard method, and add user file safeguard rule (13), internal file backup library (15), the set of timing safeguard rule (14), alarm log (17) data structure; For the user file guard method,, form regularly safeguard rule set (14), internal file backup library (15) and be placed on file characteristic storehouse and file backup library in the file back-up device (16) by the initialization process of rule processor (12); Define minimum a supervision at interval, Looking Out Time is spaced apart the minimum multiple at interval that monitors, value is 1,3,5 or 7 multiple value; 10) finish.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100139608A CN100499476C (en) | 2004-01-19 | 2004-01-19 | File protection method based on user protection rule |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100139608A CN100499476C (en) | 2004-01-19 | 2004-01-19 | File protection method based on user protection rule |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1558600A CN1558600A (en) | 2004-12-29 |
CN100499476C true CN100499476C (en) | 2009-06-10 |
Family
ID=34351212
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100139608A Expired - Fee Related CN100499476C (en) | 2004-01-19 | 2004-01-19 | File protection method based on user protection rule |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100499476C (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101231682B (en) * | 2007-01-26 | 2011-01-26 | 李贵林 | Computer information safe method |
CN101087237B (en) * | 2007-07-03 | 2010-07-14 | 中兴通讯股份有限公司 | A magnetic array share file system and its implementation method |
US20120191658A1 (en) * | 2010-03-10 | 2012-07-26 | Gopakumar Ambat | Data protection |
CN103309768B (en) * | 2012-03-16 | 2015-03-11 | 腾讯科技(深圳)有限公司 | Method and device for repairing system files |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1349167A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Automatic SOLARIS process protecting system |
-
2004
- 2004-01-19 CN CNB2004100139608A patent/CN100499476C/en not_active Expired - Fee Related
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1349167A (en) * | 2001-12-04 | 2002-05-15 | 上海复旦光华信息科技股份有限公司 | Automatic SOLARIS process protecting system |
Non-Patent Citations (2)
Title |
---|
基于数字指纹的网页监控与恢复系统. 于冷,陈波.计算机工程与应用,第2期. 2002 |
基于数字指纹的网页监控与恢复系统. 于冷,陈波.计算机工程与应用,第2期. 2002 * |
Also Published As
Publication number | Publication date |
---|---|
CN1558600A (en) | 2004-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3374922B1 (en) | Systems and methods for protecting backed-up data from ransomware attacks | |
US10169586B2 (en) | Ransomware detection and damage mitigation | |
CN102902928B (en) | Method and device for webpage integrity assurance | |
US9069955B2 (en) | File system level data protection during potential security breach | |
CN102081722B (en) | Method and device for protecting appointed application program | |
US9317686B1 (en) | File backup to combat ransomware | |
US8721738B1 (en) | System and method for ensuring security of data stored on data storage devices | |
KR101828600B1 (en) | Context-aware ransomware detection | |
JP2001142764A (en) | Log file protecting system | |
TW201901514A (en) | Program change monitoring and strain system and method | |
US8528105B1 (en) | System and method for ensuring security of data stored on electronic computing devices | |
May et al. | Combating ransomware using content analysis and complex file events | |
CN100499476C (en) | File protection method based on user protection rule | |
US10896085B2 (en) | Mitigating actions | |
US7620983B1 (en) | Behavior profiling | |
Vasudevan | MalTRAK: Tracking and eliminating unknown malware | |
WO2008051607A3 (en) | Security for physically unsecured software elements | |
CN110874495B (en) | Solid state disk based on automatic locking write protection function and tamper-proof method | |
CN109583204B (en) | Method for monitoring static object tampering in mixed environment | |
CN102902913A (en) | Preservation method for preventing software in computer from being damaged maliciously | |
CN111931171A (en) | Shared file security protection method, device, equipment and storage medium | |
US11636021B2 (en) | Preserving system integrity using file manifests | |
US20230325103A1 (en) | Data protection against mass deletion based on data storage period | |
US20230229589A1 (en) | Monitoring garbage collection cycles to protect storage systems from data loss | |
US20230229792A1 (en) | Runtime risk assessment to protect storage systems from data loss |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090610 Termination date: 20100219 |