CN101236531A - Memory and its automatic protection realization method - Google Patents
Memory and its automatic protection realization method Download PDFInfo
- Publication number
- CN101236531A CN101236531A CNA2007100631579A CN200710063157A CN101236531A CN 101236531 A CN101236531 A CN 101236531A CN A2007100631579 A CNA2007100631579 A CN A2007100631579A CN 200710063157 A CN200710063157 A CN 200710063157A CN 101236531 A CN101236531 A CN 101236531A
- Authority
- CN
- China
- Prior art keywords
- file
- write
- memory storage
- unfavorable factor
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a memory device and a method for realizing automatic protection of the memory device, wherein, the device comprises a memory device read-write interface, a storage medium and a safety control module; the safety control module is respectively connected with the memory device read-write interface and the storage medium and used for analyzing a file system of a file corresponding to a read or write operation when the read or write operation is performed by the outside world through the memory device read-write interface and the storage medium; an adverse factor control operation is performed on the file according to an analysis result of the file system and corresponding processing is performed according to a result of the adverse factor control operation. The memory device and the method for realizing automatic protection of the memory device have the advantages that: all the files of the storage media which are alternated with the outside world can be guaranteed to be detected; adverse factors in the files are guaranteed to be completely eliminated; file integrity can be guaranteed.
Description
Technical field
The present invention relates to computer security technique, particularly a kind of memory storage and realization thereof be the method for protection automatically.
Background technology
Traditional memory storage (as hard disk, digital partner etc.) mainly comprises two parts as shown in Figure 1, is respectively:
The memory storage read-write interface is used to provide and the extraneous connecting interface and the passage of exchanges data; ATAPI interface as the use of IDE hard disk;
Storage medium is used for realizing data write by the memory storage read-write interface.
Virus or rogue program are very big to the influence of computer system, for above-mentioned conventional memory device, existing antivirus software can't guarantee the invasion that thoroughly anti-locking system is avoided virus, does not particularly in time give system's patch installing the user, or upgrading is during virus base, and it mainly shows as:
Can take over the API of system (Application Programm Intercace, application programming interfaces) after the poisoning intrusion system, get around antivirus software, directly virus be deposited in memory storage by the hardware access interface;
Prevent that by the Rootkit technology from there is virus in antivirus software discovery system;
Even found, stop by the system drive mode oneself to be eliminated, or when component models is eliminated, automatically oneself is recovered by antivirus software.
Summary of the invention
The object of the present invention is to provide a kind of memory storage and realize the method for protection automatically, prevent that virus or rogue program are written in the storage medium.
To achieve these goals, the invention provides a kind of memory storage, comprise memory storage read-write interface and storage medium, wherein, also comprise:
Safety control module, be connected with storage medium with described memory storage read-write interface respectively, when being used in the external world carrying out the file read or write by memory storage read-write interface and storage medium, analyze the file system of read or write corresponding file, according to the file system analysis result this document is carried out the unfavorable factor control operation, and carry out respective handling according to the result of unfavorable factor control operation.
Above-mentioned memory storage wherein, describedly carries out the unfavorable factor control operation to this document, and carries out respective handling according to the result of unfavorable factor control operation and be specially:
For read operation, if there is no unfavorable factor then returns to file the memory storage read-write interface, if there is unfavorable factor, file is returned to the memory storage read-write interface after then eliminating unfavorable factor;
For write operation, if there is unfavorable factor, file is sent to storage medium after then can eliminating unfavorable factor, perhaps refusal storage, if there is no unfavorable factor then directly sends to storage medium with file.
Above-mentioned memory storage wherein, also comprises:
The written document cache module is used for writing at file and preserves this document before finishing;
Described safety control module file write finish after, the file in the written document cache module is carried out the unfavorable factor control operation.
Above-mentioned memory storage, wherein, described written document cache module is any read-write memory device.
Above-mentioned memory storage, wherein, described written document cache module is the untapped part of storage medium.
In order to realize that better above-mentioned purpose, the present invention also provide a kind of above-mentioned memory storage to realize the method for protection automatically, wherein, comprising:
Step S31, memory storage read-write interface obtain that ambient systems sends carry out the memory storage read write command of file interaction with memory storage after the decision instruction type whether for reading instruction, if enter step S32, otherwise enter step S34 or step S34 ';
Step S32, after obtaining corresponding file after safety control module reads instruction by file system parsing memory storage, this document is carried out unfavorable factor get rid of, and the file after this eliminating unfavorable factor is carried out according to analysis result file being written back to storage medium behind the document analysis;
Step S33, the file after safety control module will upgrade returns ambient systems according to reading instruction;
Step S34, the file that safety control module relates to the memory storage write command carry out writing storage medium after unfavorable factor is got rid of;
Step S34 ', safety control module carries out the unfavorable factor inspection to the related file of memory storage write command, writes storage medium if having unfavorable factor then refuse file, otherwise writes storage medium.
Above-mentioned memory storage is realized the method for protection automatically; wherein; also be included in file among the described step S34 and write the operation of preserving this document before finishing, safety control module writes at file and just the file in the written document cache module is carried out unfavorable factor after finishing and get rid of operation.
Above-mentioned memory storage is realized the method for protection automatically; wherein; also be included in file among the described step S34 ' and write the operation of preserving this document before finishing, safety control module writes at file and just the file in the written document cache module is carried out the unfavorable factor checked operation after finishing.
Above-mentioned memory storage is realized the method for protection automatically; wherein, file write the operation of preserving this document before finishing be specially file write preserve before finishing this document to buffer memory or file write finish before preservation this document to the untapped part of storage medium.
Memory storage of the present invention and realization thereof the method for protection automatically have the following advantages:
Safety control module is positioned at the upper strata of storage medium and adjacent, can guarantee that all storage mediums and extraneous mutual file are all by procuratorial work;
Directly file is controlled, guaranteed that the unfavorable factor in the file is thoroughly removed;
When written document that file is temporary, just carry out the control of unfavorable factor after waiting file complete, can guarantee the integrality of file.
Description of drawings
Fig. 1 is the structural representation of traditional memory storage;
Fig. 2 is the structural representation of the memory storage in the embodiment of the invention;
Fig. 3 is that the memory storage in the embodiment of the invention is realized the schematic flow sheet of the method for protection automatically.
Embodiment
Memory storage of the present invention and the method that realizes protection automatically thereof are by being provided with a safety control module between the memory storage read-write interface of conventional memory device and storage medium; this safety control module is directly checked to the file that is written to storage medium with from the file that storage medium extracts; to get rid of unfavorable factor; as virus, rogue program etc., guarantee the safety of system.
Memory storage of the present invention comprises as shown in Figure 2:
The memory storage read-write interface is used to provide and the extraneous connecting interface and the passage of exchanges data;
Storage medium is used to realize the storage of data; And
Safety control module, carry out file when reading or writing in the external world by memory storage read-write interface and storage medium, be used to analyze the file system of this document, according to the file system analysis result this document is carried out the unfavorable factor control operation, and carry out respective handling according to the result of unfavorable factor control operation.
In the eliminating that this this unfavorable factor control operation can be a unfavorable factor, also can be the inspection of unfavorable factor, also can be combination of the two and other operation.
At this, the above-mentioned result according to the unfavorable factor control operation carries out respective handling and comprises following several situation:
For read operation, if there is no unfavorable factor then returns to file the memory storage read-write interface, if there is unfavorable factor, file is returned to the memory storage read-write interface after then eliminating unfavorable factor;
For write operation, if there is unfavorable factor, file is sent to storage medium after then can eliminating unfavorable factor, perhaps refusal storage, if there is no unfavorable factor then directly sends to storage medium with file.
At this, this memory storage can be a series of memory storages such as the hard disk, digital partner in hard disc of computer, the dummy machine system.
Memory storage of the present invention is realized the automatic method of protecting as shown in Figure 3, comprises the steps:
Step S31, memory storage read-write interface obtain that ambient systems sends carry out the memory storage read write command of file interaction with memory storage after the decision instruction type whether for reading instruction, if enter step S32, otherwise enter step S34;
Step S32, after obtaining corresponding file after safety control module reads instruction by file system parsing memory storage, this document is carried out unfavorable factor get rid of, and this file that carries out the unfavorable factor control operation is carried out according to analysis result file being written back to storage medium behind the document analysis;
Step S33, the file after safety control module will upgrade returns ambient systems according to reading instruction;
Step S34, the file that safety control module relates to the memory storage write command carry out writing storage medium after unfavorable factor is got rid of.
This step S34 is a situation about can get rid of at unfavorable factor, after the unfavorable factor in the file that eliminating memory storage write command relates to file is written to storage medium, certainly, consideration based on safety, be the adverse consequences that prevents that unfavorable factor from causing, also can adopt the mode of refusal storage, therefore, this step S34 also can be:
Step S34 ' (not shown), safety control module carries out the unfavorable factor inspection to the related file of memory storage write command, writes storage medium if having unfavorable factor then refuse file, if do not have unfavorable factor then write storage medium.
Be that example is explained in further detail above-mentioned method below with the hard disk.
Among the step S31, disk read-write interface (as the ATAPI interface of IDE hard disk use) can receive the hard disk access instruction that ambient systems (as computer operating system) is sent, at this moment, judge whether this hard disk access instruction is the disk read-write instruction, if then further judge is that hard disk reads instruction or write command, then do not carry out extra processing for other hard disk access instructions outside the disk read-write instruction, handle by the existing treatment scheme of hard disk and to get final product, because other hard disk access instructions how those of ordinary skills handle outside the disk read-write instruction hard disk all have fully detailed understanding, do not do detailed description in instructions of the present invention.
Simultaneously, need also in step S31 to judge whether this disk read-write instruction relates to file, if do not relate to file, also handle getting final product according to existing treatment scheme by hard disk, in step S31, only disk read-write instruction the carrying out security control that relates to file is handled.
Among the step S32, safety control module is resolved by file system and specifically realized in the following manner after obtaining corresponding file after memory storage reads instruction: safety control module is resolved by file system and is determined read instruction corresponding sector and corresponding file.
When file being read the control of realization unfavorable factor by safety control module; because file is complete; can check and remove; yet, the method that memory storage of the present invention and realization thereof are protected automatically gets rid of because also needing to carry out unfavorable factor for the file that writes storage medium; yet no matter be various types of unfavorable factors such as virus or rogue program; the various piece that all might have file; simultaneously; in the file ablation process, when file is imperfect, just carry out procuratorial work; the inconsistency that might cause file content; therefore just carry out the eliminating operation of unfavorable factor after being necessary to wait all the elements of file all to receive; therefore, also comprise in the memory storage of the present invention:
One written document cache module is used for writing at file and preserves this document before finishing.
At this, this written document cache module can adopt RAM, and any read-write memory device such as FLASHROM realizes that this memory device should be enough greatly to preserve the involved file content of write command certainly; Also can utilize the untapped part of storage medium to realize that this part is elaborated when flow process is described in the back.
And safety control module file write finish after, the file in the written document cache module is carried out the unfavorable factor control operation.
For the memory storage that some file cache module is set, carry out the memory storage read write command of file interaction what the memory storage read-write interface obtained that ambient systems sends with memory storage, and after judging instruction type and being write command, carry out following operation:
Step S35, the write command corresponding file is temporary;
Step S36, safety control module carries out writing storage medium after unfavorable factor is got rid of to the file of having kept in.
For the memory storage write command that relates to file, at first need the write command corresponding file is kept in, can utilize following mode to realize in the embodiments of the invention:
File is kept in buffer memory, and this buffer memory can adopt RAM, and any read-write memory device such as FLASHROM realizes that this memory device should be enough greatly to preserve the involved file content of write command certainly; Or
File is temporary in the untapped part of storage medium, and with regard to hard disk, promptly temporary to untapped sector, for FAT and new technology file system, this sector and original belong to unallocated bunch in the identical file system.
Need among the step S35 to judge that file is whether temporary finishes, as for the FAT file system,, judge whether the File Open sign of file item is eliminated by checking the directory area, for new technology file system, can be by DOS among the De $STANDARD_INFORMATION in the inspection file attribute
The file mark of filepermissions is judged the file current state, if the File Open sign of file item is eliminated, then shows closing of a file, has finished temporary operation.
In the method for the present invention, safety control module carries out writing storage medium after unfavorable factor is got rid of to the file of having kept in, owing to relate to two kinds of temporary modes, illustrates respectively in two kinds of temporary modes respectively at this.
For the mode of file being kept in buffer memory, safety control module directly copies to storage medium with file content and gets final product after the file of having kept in is carried out the unfavorable factor eliminating from buffer memory;
For with the temporary mode of file to the untapped part of storage medium, can utilize new file content to cover original, the also direct information of revised file system, the data that the file content sensing is newly write can realize.
As with regard to the FAT subregion of hard disk, first place, sector of file bunch is pointed in the starting cluster address of directory area this document, and get final product after revising the chained list of this document in FAT district.And, can check among the Bitmap untapped bunch for new technology file system, file content (containing information such as file attribute) is write in untapped bunch.
Simultaneously, this safety control module is found unfavorable factor by inside or external alert prompting user when there is unfavorable factor in the detection file.
Simultaneously, this safety control module also can be provided with a upgrading module, is used for realizing by network or memory storage read-write interface the upgrading in unfavorable factor judgment data storehouse, as virus base etc.
Because this safety control module is independent of ambient systems, therefore can realize the control of unfavorable factor before alternately at ambient systems and memory storage.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (9)
1. a memory storage comprises memory storage read-write interface and storage medium, it is characterized in that, also comprises:
Safety control module, be connected with storage medium with described memory storage read-write interface respectively, when being used in the external world carrying out the file read or write by memory storage read-write interface and storage medium, analyze the file system of read or write corresponding file, according to the file system analysis result this document is carried out the unfavorable factor control operation, and carry out respective handling according to the result of unfavorable factor control operation.
2. memory storage according to claim 1 is characterized in that, described this document is carried out the unfavorable factor control operation, and carries out respective handling according to the result of unfavorable factor control operation and be specially:
For read operation, if there is no unfavorable factor then returns to file the memory storage read-write interface, if there is unfavorable factor, file is returned to the memory storage read-write interface after then eliminating unfavorable factor;
For write operation, if there is unfavorable factor, file is sent to storage medium after then can eliminating unfavorable factor, perhaps refusal storage, if there is no unfavorable factor then directly sends to storage medium with file.
3. memory storage according to claim 1 and 2 is characterized in that, also comprises:
The written document cache module is used for writing at file and preserves this document before finishing;
Described safety control module file write finish after, the file in the written document cache module is carried out the unfavorable factor control operation.
4. memory storage according to claim 3 is characterized in that, described written document cache module is any read-write memory device.
5. memory storage according to claim 3 is characterized in that, described written document cache module is the untapped part of storage medium.
6. the described memory storage of claim 1 is realized the method for protection automatically, it is characterized in that, comprising:
Step S31, memory storage read-write interface obtain that ambient systems sends carry out the memory storage read write command of file interaction with memory storage after the decision instruction type whether for reading instruction, if enter step S32, otherwise enter step S34 or step S34 ';
Step S32, after obtaining corresponding file after safety control module reads instruction by file system parsing memory storage, this document is carried out unfavorable factor get rid of, and the file after this eliminating unfavorable factor is carried out according to analysis result file being written back to storage medium behind the document analysis;
Step S33, the file after safety control module will upgrade returns ambient systems according to reading instruction;
Step S34, the file that safety control module relates to the memory storage write command carry out writing storage medium after unfavorable factor is got rid of;
Step S34 ', safety control module carries out the unfavorable factor inspection to the related file of memory storage write command, writes storage medium if having unfavorable factor then refuse file, otherwise writes storage medium.
7. memory storage according to claim 6 is realized the method for protection automatically; it is characterized in that; also be included in file among the described step S34 and write the operation of preserving this document before finishing, safety control module writes at file and just the file in the written document cache module is carried out unfavorable factor after finishing and get rid of operation.
8. memory storage according to claim 6 is realized the method for protection automatically; it is characterized in that; also be included in file among the described step S34 ' and write the operation of preserving this document before finishing, safety control module writes at file and just the file in the written document cache module is carried out the unfavorable factor checked operation after finishing.
9. realize the method for protection automatically according to claim 7 or 8 described memory storages; it is characterized in that, file write the operation of preserving this document before finishing be specially file write preserve before finishing this document to buffer memory or file write finish before preservation this document to the untapped part of storage medium.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007100631579A CN101236531B (en) | 2007-01-29 | 2007-01-29 | Memory and its automatic protection realization method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2007100631579A CN101236531B (en) | 2007-01-29 | 2007-01-29 | Memory and its automatic protection realization method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101236531A true CN101236531A (en) | 2008-08-06 |
CN101236531B CN101236531B (en) | 2011-09-21 |
Family
ID=39920161
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2007100631579A Active CN101236531B (en) | 2007-01-29 | 2007-01-29 | Memory and its automatic protection realization method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101236531B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102243636A (en) * | 2010-05-13 | 2011-11-16 | 深圳市朗科科技股份有限公司 | Method and device for storing file information to be protected and protecting file |
CN103309871A (en) * | 2012-03-09 | 2013-09-18 | 联想(北京)有限公司 | File reading-writing method and electronic equipment |
CN108986893A (en) * | 2018-08-23 | 2018-12-11 | 郑州云海信息技术有限公司 | A kind of community endowment living system based on artificial intelligence |
CN109120700A (en) * | 2018-08-23 | 2019-01-01 | 郑州云海信息技术有限公司 | Share leasing system in a kind of privately owned parking stall in residential block based on cloud computing |
CN109243601A (en) * | 2018-08-23 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of online diagnosis and therapy system based on cloud computing |
CN109242714A (en) * | 2018-08-23 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of agricultural cultivation supply and demand balance system based on artificial intelligence |
CN109274718A (en) * | 2018-08-23 | 2019-01-25 | 郑州云海信息技术有限公司 | A kind of shared bicycle data processing system based on cloud computing |
WO2020011121A1 (en) * | 2018-07-13 | 2020-01-16 | 深圳大普微电子科技有限公司 | Data processing method and storage device |
-
2007
- 2007-01-29 CN CN2007100631579A patent/CN101236531B/en active Active
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102243636A (en) * | 2010-05-13 | 2011-11-16 | 深圳市朗科科技股份有限公司 | Method and device for storing file information to be protected and protecting file |
CN103309871A (en) * | 2012-03-09 | 2013-09-18 | 联想(北京)有限公司 | File reading-writing method and electronic equipment |
CN103309871B (en) * | 2012-03-09 | 2016-12-14 | 联想(北京)有限公司 | File read/write method and electronic equipment |
WO2020011121A1 (en) * | 2018-07-13 | 2020-01-16 | 深圳大普微电子科技有限公司 | Data processing method and storage device |
CN108986893A (en) * | 2018-08-23 | 2018-12-11 | 郑州云海信息技术有限公司 | A kind of community endowment living system based on artificial intelligence |
CN109120700A (en) * | 2018-08-23 | 2019-01-01 | 郑州云海信息技术有限公司 | Share leasing system in a kind of privately owned parking stall in residential block based on cloud computing |
CN109243601A (en) * | 2018-08-23 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of online diagnosis and therapy system based on cloud computing |
CN109242714A (en) * | 2018-08-23 | 2019-01-18 | 郑州云海信息技术有限公司 | A kind of agricultural cultivation supply and demand balance system based on artificial intelligence |
CN109274718A (en) * | 2018-08-23 | 2019-01-25 | 郑州云海信息技术有限公司 | A kind of shared bicycle data processing system based on cloud computing |
Also Published As
Publication number | Publication date |
---|---|
CN101236531B (en) | 2011-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101236531B (en) | Memory and its automatic protection realization method | |
US8224796B1 (en) | Systems and methods for preventing data loss on external devices | |
CN109388538B (en) | Kernel-based file operation behavior monitoring method and device | |
CN104598823A (en) | Kernel level rootkit detection method and system in Andriod system | |
US20080222215A1 (en) | Method for Deleting Virus Program and Method to Get Back the Data Destroyed by the Virus | |
US20230045094A1 (en) | System and method for protecting network resources | |
EP3682332A1 (en) | Method and apparatus for erasing or writing flash data | |
WO2021169163A1 (en) | File data access method and apparatus, and computer-readable storage medium | |
CN106203159A (en) | A kind of method and apparatus of application program operation file | |
WO2018049883A1 (en) | File operation method and device | |
US8776232B2 (en) | Controller capable of preventing spread of computer viruses and storage system and method thereof | |
CN107863127A (en) | A kind of storage device memory cell selecting method and device | |
US9286302B2 (en) | Inode reuse systems and methods | |
CN106557572A (en) | A kind of extracting method and system of Android application program file | |
CN103049534B (en) | A kind of method of quick destruction database data | |
US20090055683A1 (en) | Method of restoring previous computer configuration | |
KR100968121B1 (en) | Method for blocking malicious code through removable disk and apparatus thereof | |
CN105260130A (en) | Read-write method for Seagate hard disk system file | |
JP2002312210A5 (en) | ||
CN106528658A (en) | Application file finding method and device | |
US7974953B1 (en) | System and method for deletion of writeable PPIS | |
CN107967142B (en) | USBKey-oriented updating method and system | |
CN104573574B (en) | SATA hard disc Write-protection method and system | |
CN101976180A (en) | Method for shielding local disk | |
CN103914263A (en) | SD card and device and method for accessing SD card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |