CN1021089C - Protecting mechanism for stored information - Google Patents
Protecting mechanism for stored information Download PDFInfo
- Publication number
- CN1021089C CN1021089C CN 90101742 CN90101742A CN1021089C CN 1021089 C CN1021089 C CN 1021089C CN 90101742 CN90101742 CN 90101742 CN 90101742 A CN90101742 A CN 90101742A CN 1021089 C CN1021089 C CN 1021089C
- Authority
- CN
- China
- Prior art keywords
- information
- present
- bus
- computer system
- stored information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a stored information protecting mechanism which belongs to the field of computer system and information security. The present invention provides an effective method for a computer system in an open bus structure, and the effective method has the advantages of independence of a system main CPU and system software, no modification of system hardware and capability of preventing the illegal access to stored information. The present invention is characterized in that the external information of the mechanism is reserved and registered on the basis of a first-level protecting mechanism of circuit signals, and internal online interception, internal real-time detection, internal rapid verification, advance lockout and conversion operation among the states are carried out. The method of the present invention has the advantages of simplicity, safety, reliability and easy realization and has active effects on the resistance to the intrusion of computer viruses and on the suppression of computer crimes.
Description
The present invention relates to a kind of protecting mechanism for stored information, belong to department of computer science's information security field of unifying.
In the computer system of bus-type architecture especially personal computer system, because the opening of system bus, memory device seems that very fragile-canned data (program and data) is easy to be stolen or suffers consciously or unconsciously destruction.In order to address this problem technically, people have taked thousand and one way, be divided into two classes substantially: the one, to information encryption (as the DES Standard Encryption algorithm of the U.S.), the 2nd, restriction is to the access rights (as password in the computer lan system and access right function) of information.Obviously, encrypt only relatively to tackle and steals (" reading " operation), unablely tackle destructions (" writing " operates), therefore, the limiting access authority is the way of essence.Yet, be the key point of problem but implement to limit how effectively, reliably.Known way (as the WATCHDOG software of Fisher Innis company, and the STOP LOCKIIR hardware of SDI company) be check on different levels-shell, kernel or the basic I/O system-based in operating system and restriction to the visit of canned data.But the defective of these ways is, they mainly rely on system's host CPU the corresponding software of operation or program is finished; And in fact as long as use special Software tool, or the operating system of the even not same copy of different editions, the restriction that just might walk around them directly conducts interviews to canned data.Therefore, such method also is not very reliable.Up to now, protection mechanism that Shang Weiyou is such or method, it is independent of system's host CPU and operating system, can either prevent the unauthorized access to canned data reliably, does not hinder the Lawful access to canned data again.
Purpose of the present invention; be that computer system for the bus-type architecture provides a kind of protecting mechanism for stored information; it is a kind of technical method; it is independent of system's host CPU and comprises the system software of operating system; and need not to change system hardware; just can prevent unauthorized access effectively, reliably, not influence Lawful access simultaneously again canned data to canned data.
Basic thought of the present invention is additional protection mechanism hardware in the original system hardware environment, intercepts unauthorized access to canned data at the bottom of system as much as possible.On function logic, protection mechanism (3) placed on the read/write servo control mechanism (2) and under read/write control interface parts (4).So user (6) handles processor (5) through read/write control interface parts (4), go to drive the visit of read/write servo control mechanism (2) to the physical medium (1) that is loaded with canned data, just must pass through the filtration of protection mechanism (3).Protection mechanism (3) is transparent for Lawful access, and can not pass through for unauthorized access.
Functional characteristic of the present invention is embodied in outside and inner two aspects of protection mechanism.
The applications characteristic of protection mechanism mainly is that the information of required protection is done preregistration.Based on concrete computer system, there are two class users in mechanism: an initial power user and some domestic consumers of being authorized generation by the power user.All users of mechanism communicate by letter with mechanism by an external utility that operates on system's host CPU.At first to check password; can make following operation then: the information (file/sector/bunch/piece) that change password, registration will be protected, the summary that shows protected information, the access rights (system, implicit, read-only, read/write) of appointment/protected information of modification, and the protection of revocation information.Mechanism occupies some reserve sectors or piece on storage medium, perhaps adopt metal-oxide-semiconductor memory, in order to putting down in writing whole passwords, preregistration, and necessary system information and status information.These reserve sectors or piece are subjected to the protection of mechanism automatically, and the metal-oxide-semiconductor memory that is adopted also can only be visited by mechanism oneself.
The built-in system characteristic of protection mechanism comprises and onlinely intercepts, detects in real time, examines fast and block in advance.The in-house course of work can be described by state transition graph.Mechanism is in the state of intercepting all the time by address unit (2); And if only if when there is the visit of pair memory device in the discovery system from address bus, just enters detected state.Mechanism according to the position and scope (cylinder, head, sector, the piece) set of data of the storage medium that is about to accessing storage device that intercepts from data bus, judges whether current accessed relates to the information of registered protection by data component (1); If the state of intercepting is then returned in irrelevant visit, if relevant visit then enters the state of examining.Mechanism is by control assembly (3) and data component (1), and according to the accessing operation of knowing from control bus and data bus (read, write, format etc.), whether the access rights of the information of the registered protection of reference verify Lawful access; Be the state of intercepting that then returns, otherwise enter blockage.Mechanism is forced rapidly to be blocked through system bus by control assembly (3) at unauthorized access, makes its inefficacy; Show error message simultaneously, the warning of sounding, and write down the unauthorized access incident automatically.Blockade finishes, and returns the state of intercepting.
Feasibility of the present invention is based upon on the basis of bus-structured opening.That is protection mechanism can be connected into and the using system bus equally coequally with other equipment or parts on the bus.Simultaneously, the running of protection mechanism and system's host CPU walk abreast, and are independent of the latter.The lock-out facility of protection mechanism, be to the interference of circuit signal on sequential of read/write store equipment with deprive.
The present invention compared with prior art has obvious advantage: the one, and method letter refining, clear thinking, system is complete; Two are based on the protection mechanism of circuit signal one-level, more safe and reliable; The 3rd, be independent of concrete computer system, be convenient to exploitation and realize.Enforcement of the present invention and application for resisting computing machine " virus " invasion and attack harm and suppressing computer crime, provide a kind of strong technological means and will produce positive effect.For the computer system of open bus architecture especially personal computer system, the present invention and realize that product has general practical value.
Fig. 1 expresses the function logic relation of the present invention in computer system.Among the figure, 1 is physical medium and canned data, and 2 is the read/write servo control mechanism, and 3 is protection mechanism, and 4 is read/write control interface parts, and 5 is processor, and 6 is the user.
Fig. 2 is a protection mechanism internal work process status transition diagram.Wherein, " intercept " be initial state be again final state.
Fig. 3 shows that the inside of protection mechanism constitutes.Among the figure, 1 is data component, and 2 is address unit, and 3 is control assembly, and 4 is CPU, and 5 is random access memory, and 6 is ROM (read-only memory), and 7 is clock generator, and 8 is metal-oxide-semiconductor memory, and 9 is battery.Wherein, 8 and 9 can be sky.
Realize a kind of preferred plan of the present invention below in conjunction with figure three explanations.
Protection mechanism is implemented with the bus connector form as an entity.Wherein,
1) address unit (2) comprises an address buffer, an address register and one and door.In address that impact damper receives and the register by CPU(4) address of the memory device that presets, through with door mutually " with ", its result is by positive logic, as the condition of " detection " state of activation and turn-on data parts (1) and control assembly (3).
2) data component (1) comprises a bi-directional data latch.
3) control assembly (3) is corresponding compatible with the system control bus.
4) CPU(4) adopt INTELL 8088.
5) random access memory (5) adopts static RAM (SRAM), to save refresh circuit and to improve access speed.
6) ROM (read-only memory) (6) adopts a slice 27256.
7) clock generator (7) is provided for oneself, so that mechanism and system's host CPU are independent and parallel.
8) MOS circuit (8) adopts the cmos device of low-power consumption.
9) battery (9) adopts the 6V rechargeable battery, in order to keep the information of depositing among the CMOS.Charge power supply is taken from motherboard via system bus.
Claims (2)
1, a kind of canned data guard method; it is characterized in that; in computer system, be connected into a hardware; protected automatically in outside preregistration information to be protected and register content; pass through system bus in inside: the online address of intercepting; detect memory location and the scope of institute's visit information on storage medium in real time, examine access rights fast, block unauthorized access in advance.
2, a kind of protecting mechanism for stored information; comprise address unit, data component, control assembly and program curing; form connector; it is characterized in that also comprising the monitoring bus circuit; link computer system by bus expansion slot; can be by detecting the visit of host CPU on the system bus to memory device, and access process is postponed or interrupt.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 90101742 CN1021089C (en) | 1990-04-05 | 1990-04-05 | Protecting mechanism for stored information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 90101742 CN1021089C (en) | 1990-04-05 | 1990-04-05 | Protecting mechanism for stored information |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1046620A CN1046620A (en) | 1990-10-31 |
CN1021089C true CN1021089C (en) | 1993-06-02 |
Family
ID=4877236
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 90101742 Expired - Fee Related CN1021089C (en) | 1990-04-05 | 1990-04-05 | Protecting mechanism for stored information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1021089C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1311315C (en) * | 2003-08-18 | 2007-04-18 | 英特尔公司 | Low pin count docking architecture for a trusted platform |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1117322C (en) * | 1999-03-04 | 2003-08-06 | 英业达股份有限公司 | Dynamic monitoring and controlling method for files system |
-
1990
- 1990-04-05 CN CN 90101742 patent/CN1021089C/en not_active Expired - Fee Related
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1311315C (en) * | 2003-08-18 | 2007-04-18 | 英特尔公司 | Low pin count docking architecture for a trusted platform |
Also Published As
Publication number | Publication date |
---|---|
CN1046620A (en) | 1990-10-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9547772B2 (en) | Secure vault service for software components within an execution environment | |
Shieh et al. | On a pattern-oriented model for intrusion detection | |
CN107066311B (en) | Kernel data access control method and system | |
US5708715A (en) | Integrated circuit device with function usage control | |
CN101416195B (en) | Computer system to control access to a storage device | |
US8719925B1 (en) | Content-addressable memory based enforcement of configurable policies | |
US20080022129A1 (en) | Secure platform voucher service for software components within an execution environment | |
CA2014868A1 (en) | Computer file protection system | |
JPS63127335A (en) | Security system | |
Shieh | A pattern-oriented intrusion-detection model and its applications | |
CN106951789B (en) | A kind of USB Anti-ferry method based on safety label | |
CN103020553A (en) | Anti-theft protection method for mobile terminal | |
CN106228078A (en) | Method for safe operation based on enhancement mode ROST under a kind of Linux | |
JPH06223000A (en) | Method and apparatus for preservation of system platform | |
CN102194074A (en) | Computer protection method based on process right | |
CN1021089C (en) | Protecting mechanism for stored information | |
CN103605597B (en) | Configurable computer protection system and method | |
Peisert et al. | Dynamic, flexible, and optimistic access control | |
CN1068212A (en) | Read-write controller for hard disk of microcomputer | |
Zimmermann et al. | Introducing reference flow control for detecting intrusion symptoms at the os level | |
US20040268143A1 (en) | Trusted input for mobile platform transactions | |
Zaharis et al. | Live forensics framework for wireless sensor nodes using sandboxing | |
Young | Taxonomy of computer virus defense mechanisms | |
JPH1173372A (en) | Method for detecting illegal access due to computer virus | |
CN111563269A (en) | Sensitive data security protection method and system based on shadow system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C19 | Lapse of patent right due to non-payment of the annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |