CN101694683A - Method for preventing Trojans ferrying via movable memories to steal files - Google Patents
Method for preventing Trojans ferrying via movable memories to steal files Download PDFInfo
- Publication number
- CN101694683A CN101694683A CN200910235716A CN200910235716A CN101694683A CN 101694683 A CN101694683 A CN 101694683A CN 200910235716 A CN200910235716 A CN 200910235716A CN 200910235716 A CN200910235716 A CN 200910235716A CN 101694683 A CN101694683 A CN 101694683A
- Authority
- CN
- China
- Prior art keywords
- verification process
- user
- verification
- authorization information
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method for preventing Trojans ferrying via movable memories to steal files and belongs to the technical field of information security and computer software. The method includes that a monitoring module is arranged, a verification process is started when the module acquires a query of transmitting data to the movable memories, users submit verification information, and then the verification process judges whether the verification information is correct or not, if the verification information is corrected, then the query is received, and if the verification information is uncorrected, then the query is rejected. The verification process can judge correction of the verification information via methods as follows: generating a dynamic verification code by adopting a randomized algorithm after starting the verification process, displaying the verification code to users, and then judging whether the verification information is identical to the verification code by the verification process after the users submit the verification information. By aid of the method, safe data ferrying of the movable memories between the internal network and the external network can be realized.
Description
Technical field
The present invention relates to mobile memory, relate in particular to a kind of wooden horse that prevents and steal the method for Intranet file in intranet and extranet ferry-boats, belong to information security and computer software technical field by mobile memory.
Background technology
The data ferry-boat is meant takes data out of external network from the internal network of isolating, or brings the data of external network into internal network.The former is called as " outwards ferry-boat " (or be called for short " outer ferry-boat "), and the latter is called " inwardly ferry-boat " (or abbreviate as " interior ferry-boat ").Under the situation that inside and outside network isolated mutually, USB flash disk (can be other mobile memories also, such as portable hard drive) copy becomes one of main tool of data ferry-boat.Yet,, also brought a lot of potential safety hazards simultaneously to ferry-boat although that USB flash disk ferry-boat has is simple and direct, characteristics easily.
In recent years, virus (wooden horse) was ferried by mobile memory medium more and more and was stolen user file.For example, trojan horse program utilizes USB flash disk as springboard, by three simple steps, can steal the confidential information of internal network: 1. when USB flash disk externally uses, slip into USB flash disk silently; 2. when this USB flash disk uses in inside, collect the classified papers in the internal network, it is deposited in the USB flash disk; 3. when this USB flash disk externally used, the wooden horse that resides in this USB flash disk sent to the classified papers on the USB flash disk on the destination server of appointment.This behavior of stealing secret information of trojan horse program has very strong disguise and specific aim, and its harm is very big.Not only individual privacy is constituted a serious threat, also caused in a large number and divulged a secret, bring about great losses for Party and government offices, army and military enterprise and other enterprises and institutions.
In known systems, generally all be that method by hardware level realizes the control that writes to mobile memory.For example, utility model patent " anti-ferry-boat USB flash disk storer " (200720305553.3) has installed a write-protect switch device additional on common U, the data that write in the USB flash disk are controlled.Yet this type of technology can not fundamentally solve the problem that wooden horse is stolen user's classified papers, in case the user need write data to USB flash disk, and sets its switch into open mode, and trojan horse program has also obtained the authority that writes simultaneously.
Therefore, provide the method for a kind of effective discriminating user and virus (wooden horse) behavior, guarantee that by effective means mobile memory medium carries out the safety of data ferry-boat between the network of inside and outside, have great and the urgent realistic meaning.
Summary of the invention
At the problem that prior art exists, the object of the present invention is to provide a kind of safe, prevent the method for wooden horse by mobile memory ferry-boat steal files.
In order to realize above-mentioned technical purpose, the inventive method comprises:
Be provided with one and monitor module, described monitoring module is intercepted and captured when mobile memory sends the request of data, start a verification process, submit authorization information to by the user, described verification process judges whether described authorization information is correct, if correct, then described monitoring module is accepted described request, if it is incorrect or do not have an authorization information input, then described monitoring module rejecting said request.
According to different user demands, described monitoring module is established and can be arranged on the mobile memory, or is arranged at mobile memory and sets up on the main frame that data are connected.Mobile memory of the present invention comprises portable hard drive, USB flash disk or the like.
Preferably, described monitoring module is intercepted and captured the request that sends data to mobile memory by API HOOK technology.
Preferably, described verification process judges by following manner whether described authorization information is correct: judge whether described authorization information is consistent with default information.Such as by password of user preset, after each verification process starts, all need input this password by the user, described verification process judges whether the password of user's input is correct, if correct, shows that then this request is legal, accepted, if incorrect, show that then this request may be initiated by trojan horse program, will not accept.
In addition, described verification process also can judge whether described authorization information is correct by following manner: after described verification process starts, use a random algorithm to generate a dynamic verification code, show described identifying code to the user, after submitting authorization information to by the user, described verification process judges whether described authorization information is identical with described identifying code.Further, described verification process shows described identifying code with the form of image to the user, and described image is through Flame Image Process, but the user still can recognize the identifying code in the described image.Aforesaid way will be illustrated below.
In order to prevent that illegal user or trojan horse program from repeatedly attempting password reaching the purpose that cracks, but described verification process recording user is submitted the number of times of authorization information to, when described number of times reaches the numerical value (such as 3 times) of setting, and described monitoring module rejecting said request.
In addition, in order to review all operations to mobile memory, a log pattern can be set, described module is accepted by described monitoring module and the record of rejecting said request writes daily record.
Specify gordian technique content of the present invention below from several aspects:
One, the present invention adopts API HOOK technology that the request that writes mobile memory is monitored and tackled.Programming under the WINDOWS system, the transmission of message runs through it all the time, application programming interfaces (Application ProgrammingInterface is called for short API), the agreement that is connected as the different ingredients of software systems is come transmission information by message mechanism just and is issued an order.In fact will send the API request to system before the data transmission, system just carries out corresponding operation after receiving this request.
HOOK is a link in the Message Processing, is used for the transmission of monitoring message in system, and before the final processing procedure of message, carries out some specific function.This method is by the HOOK technology, code is embedded in the process of the program of being lived by HOOK, become a part of target process, by API HOOK, changed the original function of system API, the API request that sends data of oriented USB flash disk all can be intercepted and captured, and start the dynamic authentication process, have only after the correct input validation information of user, this API request just can be performed.Because trojan horse program does not possess the ability of identification dynamic verification code, can not pass through by the data transfer request that trojan horse program is initiated, prevent that trojan horse program from stealing the purpose of data thereby reach.
Two, write before request obtains allowing at mobile memory, adopt random algorithm to generate dynamic verification code, require the user to participate in identification and manually input.At present, the dynamic authentication technology has all been adopted in login page in a lot of websites, the user not only is required to import username and password, and needs to import one simultaneously to scheme the stochastic and dynamic identifying code that sheet mode represents, and this identifying code is the combination of letter and number often.The purpose of dynamic verification code is the network attack of being initiated by program in order to prevent, as the Brute Force password etc.The precondition of its enforcement is exactly not discern the ability of dynamic verification code at attacker.Although the attacker that has has at present possessed certain recognition capability, for the identifying code of handling through complicated image, attacker is often still helpless.
The present invention is incorporated into the confidential data protection to the dynamic authentication technology just according to this thinking.The API request of oriented mobile memory transmission data, all to pass through this step of dynamic authentication, prevent that trojan horse program from stealthily copying to confidential information on the mobile memory.The dynamic verification code of mentioning among the present invention all is to be generated by random algorithm, and this algorithm is uncertain.The length of identifying code can be taken all factors into consideration ease for use and validity according to the customer requirements adjustment.Identifying code is through appropriate image processing, as reverse, elongation etc., represent to the user with the form of picture box.The identifying code that generates can not be by program (wooden horse) identification automatically, and participation that must the very important person could correctly be filled in.In this way, reach the purpose of branch user behavior and wooden horse behavior.
Three, set up the complete TRSM system of a cover, be used to realize the above-mentioned anti-method of divulging a secret of mobile memory ferry-boat.So-called TRSM is the abbreviation of English Trusted Removable Storage Management, and it is made up of master agent program, background server and control desk.The master agent program is installed on the internal host of system, is mainly used in to realize above-mentioned APIHOOK and dynamic verification code verifying function, and in addition, Agent also is responsible for writing down all by writing request with unsanctioned mobile memory; By the control desk program, background server is to the Agent unified management on every main frame, unified distributing policy, and is responsible for from the Agent collector journal.
Compare with prior art, technique effect of the present invention comprises:
All requests that write mobile memory all need through checking.Have only correct input validation information, this request could be passed through, and data just can write.Because trojan horse program does not possess the ability of input correct verification information, user's manual confirmation is all passed through in all operations that write mobile memory, user behavior and wooden horse behavior are effectively distinguished, and log record also provides the means of confirming the person liable for tracing of the leakage of a state or party secret afterwards simultaneously.
Description of drawings
Fig. 1 represents the synoptic diagram of embodiment TRSM system architecture;
Fig. 2 represents the synoptic diagram at embodiment dynamic authentication interface.
Embodiment
Below in conjunction with accompanying drawing, describe the present invention in detail by specific embodiment.
Now the USB flash disk that uses with certain unit is example, at first at internal network a TRSM server and control desk are installed, each main frame is installed the TRSM client in the LAN (Local Area Network), forms a work safety territory, the system construction drawing of this security domain as shown in Figure 1, the function of each ingredient is as follows among the figure:
TRSM client (Client) is mounted in the Agent on the controlled main frame, Agent is intercepted and captured all API to USB flash disk and is write request, be responsible for the overall process and the generation system daily record of dynamic authentication, that is to say that this Agent has been born the function of monitoring module, verification process and log pattern simultaneously.
TRSM server (Server) is the place of data (user account number, daily record, strategy) centralized stores, is installed in independently on the server host;
The TRSM control desk (Console) provide human-computer interaction interface.
When certain user write file in USB flash disk when, the TRSM client was intercepted and captured this API request, suspends the USB flash disk write operation, then starts the dynamic authentication process.The dynamic authentication process is at first called built-in random algorithm, generates the dynamic verification code of letter and digital combination in any, passes through image processing module again, this identifying code is embedded in the picture hurdle of dynamic authentication dialog box.The user is input validation information in the dynamic authentication dialog box that ejects, if the information of input is correct, then client allows above-mentioned API request, and data are written in the USB flash disk.If the user does not see identifying code, can require client to generate one group of new identifying code; If user's input error, client also will regenerate one group of identifying code, be presented at the picture hurdle.The input error number of times reaches certain threshold values continuously, and client will be forbidden the execution of this API request, and log.
When trojan horse program write file in USB flash disk when, concerning the TRSM client, the API request that the API of generation request and user produce was as broad as long, and the TRSM client can eject a dynamic authentication dialog box equally.Because trojan horse program is not discerned the ability of identifying code, therefore impossible successful input validation information also just can not be written to confidential information in the USB flash disk.Simultaneously, the dynamic authentication dialog box that is started by trojan horse program can play the effect of warning concerning the user, and showing has unartificial USB flash disk write operation in the main frame, and the user can take appropriate measures, as upgrading wooden horse killing instrument etc.
In the present invention, the user initiatively write identifying code quite with approval to the USB flash disk write operation, only guaranteed under the situation that the user participates in, just can obtain allowing that trojan horse program can not be stolen user right the significant data USB flash disk that writes direct is caused and divulges a secret to the request that writes of USB flash disk.Though this has changed user's use habit to a certain extent, prevented that effectively the wooden horse process from stealing internal file by USB flash disk ferry-boat, have using value preferably.
Claims (8)
1. method that prevents wooden horse by mobile memory ferry-boat steal files, described method comprises, be provided with one and monitor module, described monitoring module is intercepted and captured when mobile memory sends the request of data, starts a verification process, submit authorization information to by the user, described verification process judges whether described authorization information is correct, if correct, then described monitoring module is accepted described request, if it is incorrect or do not have an authorization information input, then described monitoring module rejecting said request.
2. the method for claim 1 is characterized in that, described verification process judges by following manner whether described authorization information is correct: judge whether described authorization information is consistent with default information.
3. the method for claim 1, it is characterized in that, described verification process judges by following manner whether described authorization information is correct: after described verification process starts, use a random algorithm to generate a dynamic verification code, show described identifying code to the user, after submitting authorization information to by the user, described verification process judges whether described authorization information is identical with described identifying code.
4. method as claimed in claim 3 is characterized in that, described verification process shows described identifying code with the form of image to the user, and described image is through Flame Image Process, but the user still can recognize the identifying code in the described image.
5. the method for claim 1 is characterized in that, described verification process recording user is submitted the number of times of authorization information to, when described number of times reaches the numerical value of setting, and described monitoring module rejecting said request.
6. the method for claim 1 is characterized in that, a log pattern is set, and described module is accepted by described monitoring module and the record of rejecting said request writes daily record.
7. the method for claim 1 is characterized in that, described monitoring module is arranged on the mobile memory, or is arranged at mobile memory and sets up on the main frame that data are connected.
8. the method for claim 1 is characterized in that, described mobile memory comprises portable hard drive or USB flash disk.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910235716A CN101694683A (en) | 2009-10-13 | 2009-10-13 | Method for preventing Trojans ferrying via movable memories to steal files |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910235716A CN101694683A (en) | 2009-10-13 | 2009-10-13 | Method for preventing Trojans ferrying via movable memories to steal files |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101694683A true CN101694683A (en) | 2010-04-14 |
Family
ID=42093655
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910235716A Pending CN101694683A (en) | 2009-10-13 | 2009-10-13 | Method for preventing Trojans ferrying via movable memories to steal files |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101694683A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102081722A (en) * | 2011-01-04 | 2011-06-01 | 奇智软件(北京)有限公司 | Method and device for protecting appointed application program |
| CN102664758A (en) * | 2012-04-28 | 2012-09-12 | 沈阳通用软件有限公司 | Method for binding and automatically recovering network configuration |
| CN103001937A (en) * | 2011-09-19 | 2013-03-27 | 珠海市君天电子科技有限公司 | System and method for defending against mobile storage medium virus in island-like Ethernet |
| CN104079557A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | CC attack protection method and device |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN106897639A (en) * | 2017-01-06 | 2017-06-27 | 奇酷互联网络科技(深圳)有限公司 | The method and apparatus of mobile terminal and its safety verification |
| CN114189373A (en) * | 2021-12-01 | 2022-03-15 | 湖北华丛科技有限公司 | Artificial intelligence data processing storage device and storage system thereof |
-
2009
- 2009-10-13 CN CN200910235716A patent/CN101694683A/en active Pending
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102081722A (en) * | 2011-01-04 | 2011-06-01 | 奇智软件(北京)有限公司 | Method and device for protecting appointed application program |
| CN102081722B (en) * | 2011-01-04 | 2015-02-04 | 奇智软件(北京)有限公司 | Method and device for protecting appointed application program |
| CN103001937A (en) * | 2011-09-19 | 2013-03-27 | 珠海市君天电子科技有限公司 | System and method for defending against mobile storage medium virus in island-like Ethernet |
| CN102664758A (en) * | 2012-04-28 | 2012-09-12 | 沈阳通用软件有限公司 | Method for binding and automatically recovering network configuration |
| CN102664758B (en) * | 2012-04-28 | 2015-03-25 | 沈阳通用软件有限公司 | Method for binding and automatically recovering network configuration |
| CN104079557A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | CC attack protection method and device |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN106598881B (en) * | 2016-12-20 | 2020-10-09 | 北京小米移动软件有限公司 | Page processing method and device |
| CN106897639A (en) * | 2017-01-06 | 2017-06-27 | 奇酷互联网络科技(深圳)有限公司 | The method and apparatus of mobile terminal and its safety verification |
| CN106897639B (en) * | 2017-01-06 | 2020-12-22 | 奇酷互联网络科技(深圳)有限公司 | Mobile terminal and security verification method and device thereof |
| CN114189373A (en) * | 2021-12-01 | 2022-03-15 | 湖北华丛科技有限公司 | Artificial intelligence data processing storage device and storage system thereof |
| CN114189373B (en) * | 2021-12-01 | 2024-05-07 | 湖北华丛科技有限公司 | Artificial intelligence data processing storage device and storage system thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8245042B2 (en) | Shielding a sensitive file | |
| CN1229705C (en) | Biometric-based authentication in nonvolatile memory device | |
| CN102624699B (en) | Method and system for protecting data | |
| CN110166451B (en) | Lightweight electronic document transfer control system and method | |
| US20070300031A1 (en) | Memory data shredder | |
| CN101694683A (en) | Method for preventing Trojans ferrying via movable memories to steal files | |
| CN102099810A (en) | Mobile device assisted secure computer network communications | |
| CN108229220B (en) | System and method for trusted presentation of information on untrusted user devices | |
| CN113315637B (en) | Security authentication method, device and storage medium | |
| CN101635018A (en) | Method of safety ferriage of USB flash disk data | |
| CN105162763B (en) | Communication data processing method and device | |
| KR20150128328A (en) | Method of providing digital evidence collecting tools, apparatus and method of collecting digital evidence of mobile devices based on domain isolation | |
| CN101739361A (en) | Access control method, access control device and terminal device | |
| CN106790243B (en) | A kind of password remapping method of safe U disc | |
| CN103268452A (en) | Method and device for file processing | |
| CN112329050A (en) | File security management terminal and system | |
| US20150169896A1 (en) | File management system and method | |
| JP4185546B2 (en) | Information leakage prevention device, information leakage prevention program, information leakage prevention recording medium, and information leakage prevention system | |
| JP5334739B2 (en) | Log monitoring program, log monitoring system | |
| CN1321950A (en) | Content sender machine, content receiver machine, authorizing method and system | |
| CN115017480A (en) | Computer safety protection management and control system based on intelligent control | |
| CN113360877B (en) | Design method of safe mobile storage medium based on RAM | |
| CN107483462B (en) | Operation authority management system and method of outgoing USB flash disk | |
| JP4974246B2 (en) | File export monitoring system | |
| CN113961970B (en) | Cross-network-segment network disk login identity authentication method and device, network disk and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100414 |