CN102184368A - Method for safely using mobile storage device - Google Patents
Method for safely using mobile storage device Download PDFInfo
- Publication number
- CN102184368A CN102184368A CN2011101573149A CN201110157314A CN102184368A CN 102184368 A CN102184368 A CN 102184368A CN 2011101573149 A CN2011101573149 A CN 2011101573149A CN 201110157314 A CN201110157314 A CN 201110157314A CN 102184368 A CN102184368 A CN 102184368A
- Authority
- CN
- China
- Prior art keywords
- mobile device
- thread
- storage device
- marked
- movable storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method for safely using a mobile storage device. A mobile device partition is established in a computer to ensure that a process with operation attributes of the mobile device only edits and corrects data in the mobile device partition and only reads any data outside the mobile device partition so that safety file operation and program safety operation of the mobile storage device can be realized without any virus protective program, access prohibition, only read or only write control; and an operation system does not change before and after the mobile storage device is used, and viruses and Trojans can not be possibly infected.
Description
Technical field
The present invention relates to a kind of method that prevents that the virus on the movable storage device from working the mischief to operating system.
Background technology
At present computer system infective virus and wooden horse topmost two by way of, surf the Net exactly and be connected the various movable storage devices that comprise USB flash disk.Protection to movable storage device at present has disable access; read-only or write operation only; protect by the automatic operation of forbidding program in addition; if but in case manual when carrying out the contamination program in the movable storage device or opening the data that has macrovirus; if should virus or wooden horse be unknown virus or wooden horse; or existing security protection means virus or the wooden horse that can't discern, then computer system is understood infective virus at once, and this also is the potential safety hazard of the maximum brought of movable storage device.
Summary of the invention
The purpose of this invention is to provide a kind of movable storage device safe handling method, making need not be by any antivirus protection program, also need not disable access, read-only or only write control, can realize the secure file operation and the program safety operation of movable storage device, operating system is using the movable storage device front and back without any variation, more impossible infective virus and wooden horse.
In order to achieve the above object, technical scheme of the present invention has provided a kind of movable storage device safe handling method, it is characterized in that: step is:
Step 1, in computing machine, set up the mobile device subregion, the mobile device subregion is included in the assigned catalogue of setting up on the computing machine fixed disk, this assigned catalogue is corresponding one by one with existing catalogue, and the assigned finger of setting up at registration table, this assigned finger corresponding one by one with existing registry entry to mobile device inserts the interim drive that distributes automatically behind the computing machine;
Step 2, movable storage device inserted computing machine after, computing machine is that this movable storage device distributes an interim drive;
Step 3, if the process of current operation or thread satisfy following condition is mobile device operation attribute with this process or thread marks first, its Rule of judgment is:
1) process of current startup is at the mobile device subregion;
2) executable module of the process of current operation or thread loading is under the mobile device subregion;
3) process of current operation or thread are not operating system process or thread, and open any file under the mobile device subregion;
4) parent process of the process of current operation or thread is marked as mobile device operation attribute;
Step 4, the process that is marked as mobile device operation attribute or thread all are read-only operations to all catalogues and all registry entries that removes under the mobile device subregion, if this process or thread carry out write operation to a certain catalogue or a certain registry entry, then this write operation can be redirected to and this catalogue or corresponding assigned catalogue of this registry entry or assigned finger;
Step 5, when movable storage device disconnect with being connected of computing machine after, removing mobile device subregion.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, forbid that then the installation of this process or thread drives.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, return failure when then this process or thread global application hook call.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, then this process or thread inject or return failure when writing the process address space that is labeled as beyond the mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, forbid that then this process or thread stop being marked as the process process in addition of mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, then forbid this process or thread direct read disk and internal memory.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, then forbid this process or thread editing operation system account number, restart or closing machine, the operation of formatting diskette.
A kind of movable storage device safe handling method of the present invention, by in computing machine, setting up the mobile device subregion, make process with mobile device operation attribute, can only carry out edit-modify to data in the mobile device subregion, and can only read operation to any data beyond the mobile device subregion, as carrying out editing operation to any data beyond the mobile device subregion, then can be redirected to automatically in the mobile device subregion and operate, computer system does not have any variation before and after using movable storage device like this, can definitely avoid virus or wooden horse that computing machine is infected and destroys.
Description of drawings
Fig. 1 is the protection process flow diagram of a kind of movable storage device safe handling method of the present invention.
Embodiment
For the present invention is become apparent, now with a preferred embodiment, and conjunction with figs. is described in detail below.
As shown in Figure 1, a kind of movable storage device safe handling method provided by the invention, step is:
Step 1, in computing machine, set up the mobile device subregion, the mobile device subregion is included in the assigned catalogue of setting up on the computing machine fixed disk, this assigned catalogue is corresponding one by one with existing catalogue, and the assigned finger of setting up at registration table, this assigned finger is corresponding one by one with existing registry entry, for example, file directory mobile device subregion can be created one/hu119usb catalogue at each fixed disk file partition root directory of system, and registration table mobile device subregion can increase a hu119usb item in the 3rd joint back in each registry entry;
Step 2, movable storage device inserted computing machine after, computing machine is that this movable storage device distributes an interim drive;
Step 3, if the process of current operation or thread satisfy following condition is mobile device operation attribute with this process or thread marks first, its Rule of judgment is:
1) process of current startup is at the mobile device subregion;
2) executable module of the process of current operation or thread loading is under the mobile device subregion;
3) process of current operation or thread are not operating system process or thread, and open any file under the mobile device subregion;
4) parent process of the process of current operation or thread is marked as mobile device operation attribute;
Step 4, the process that is marked as mobile device operation attribute or thread all are read-only operations to all catalogues and all registry entries that removes under the mobile device subregion, if this process or thread carry out write operation to a certain catalogue or a certain registry entry, then this write operation can be redirected to and this catalogue or corresponding assigned catalogue of this registry entry or assigned finger, therefore, can't have any impact to system, but for current process, it is fully transparent being redirected;
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, forbid that then the installation of this process or thread drives.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, return failure when then this process or thread global application hook call.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, then this process or thread inject or return failure when writing the process address space that is labeled as beyond the mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, forbid that then this process or thread stop being marked as the process process in addition of mobile device operation attribute.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, then forbid this process or thread direct read disk and internal memory.
Preferably, if the process of current operation or thread are marked as mobile device operation attribute, then forbid this process or thread editing operation system account number, restart or closing machine, the operation of formatting diskette.
Step 5, when movable storage device disconnect with being connected of computing machine after, removing mobile device subregion.
Descriptive markup is the operation of the process of mobile device operation attribute to the computer documents catalogue for example below.To any fixed disk file partition, this partition root catalogue all can be distributed a mobile device subregion catalogue "/hu119usb ", all are to the editing operation of catalogue beyond the mobile device subregion, all can be redirected in the current subregion under the corresponding catalogue of hu119usb; Have the complete operation authority for the file on the movable storage device, can read also can write, need not be redirected.
Be described in of the protection operation of the process of mobile equipment operation attribute under the windows platform below for example to registration table.To arbitrary registry operations, the courses of action that are reflected to core have only both of these case:
Registry Machine xxxxxx xxxxxx, and
\\\\Registry\\USER\\xxxxxx\\xxxxxx。
The process that is labeled as mobile device operation attribute the 3rd joint back that operation is fixed on current path to registry editor is done redirected; the registry entry that all appointments will be protected, all can be redirected to fixedly branch (hu119usb) back, the 3rd joint back to the 3rd joint all editing operations of back:
Registry Machine xxxxxx hu119usb xxxxxx, and
\\\\Registry\\USER\\xxxxxx\\hu119usb\\xxxxxx。
So be labeled as the process of mobile device operation attribute revise registration table Registry Machine system during testapp, actual be to Registry Machine system hu119usb the modification of testapp.
Introduction is labeled as the visit of the process of mobile device operation attribute to resources conseravtion for example below:
1. to the write operation of catalogue beyond the mobile device subregion, all be redirected to current disk partition /hu119usb in.As: written document c: windows system32 during smon.dll, can write in fact c: hu119usb windows system32 smon.dll.
2. to the read operation of catalogue in addition of mobile device subregion, as read file c: windows system32 smon.dll, filter Driver on FSD can read earlier c: hu119usb windows system32 smon.dll, do not exist as this file, just can go to read real file c: windows system32 smon.dll.
3. to the write operation of registry entry beyond the mobile device subregion, all be redirected to one of corresponding registration table fixedly hu119usb branch, the face introduction of seing before of hu119usb finger assignments.As: write registration table Registry Machine system testapp, the registration table filtration drive can write Registry Machine system hu119usb testapp; Write registration table Registry user HKEY_CURRENT_USER testapp, the registration table filtration drive can write Registry user HKEY_CURRENT_USER hu119usb testapp.
4. to the read operation of registry entry in addition of mobile device subregion.As: read registration table Registry Machine system testapp, the registration table filtration drive is earlier Registry Machine system hu119usb testapp earlier, then can read true true Registry Machine system testapp as failure;
Described in top access file and registration table, realize the protection of catalogue in addition of mobile device subregion by filter Driver on FSD, realize the protection of registry entry in addition of mobile device subregion by the registration table filtration drive.
The process or the thread that more than are labeled as mobile device operation attribute also can have other situations to realize to file and registry operations:
The situation that a plurality of disk partition are arranged for system, not be used in each disk partition and set up mobile device subregion catalogue, can specify a catalogue or file arbitrarily, in this catalogue or file, realize the operation in different disk district then, can realize also that for registration table mobile device subregion registration table also can be by independently file realization simultaneously by diverse location in registration table.
Claims (7)
1. movable storage device safe handling method, it is characterized in that: step is:
Step 1, in computing machine, set up the mobile device subregion, the mobile device subregion is included in the assigned catalogue of setting up on the computing machine fixed disk, this assigned catalogue is corresponding one by one with existing catalogue, and the assigned finger of setting up at registration table, this assigned finger corresponding one by one with existing registry entry to mobile device inserts the interim drive that distributes automatically behind the computing machine;
Step 2, movable storage device inserted computing machine after, computing machine is that this movable storage device distributes an interim drive;
Step 3, if the process of current operation or thread satisfy following condition is mobile device operation attribute with this process or thread marks first, its Rule of judgment is:
1) process of current startup is at the mobile device subregion;
2) executable module of the process of current operation or thread loading is under the mobile device subregion;
3) process of current operation or thread are not operating system process or thread, and open any file under the mobile device subregion;
4) parent process of the process of current operation or thread is marked as mobile device operation attribute;
Step 4, the process that is marked as mobile device operation attribute or thread all are read-only operations to all catalogues and all registry entries that removes under the mobile device subregion, if this process or thread carry out write operation to a certain catalogue or a certain registry entry, then this write operation can be redirected to and this catalogue or corresponding assigned catalogue of this registry entry or assigned finger;
Step 5, when movable storage device disconnect with being connected of computing machine after, can select to remove the mobile device subregion.
2. a kind of movable storage device safe handling method as claimed in claim 1 is characterized in that: if the process of current operation or thread are marked as mobile device operation attribute, forbid that then the installation of this process or thread drives.
3. a kind of movable storage device safe handling method as claimed in claim 1 is characterized in that: if the process of current operation or thread are marked as mobile device operation attribute, return failure when then this process or thread global application hook call.
4. a kind of movable storage device safe handling method as claimed in claim 1, it is characterized in that: if the process of current operation or thread are marked as mobile device operation attribute, then this process or thread inject or return failure when writing the process address space that is labeled as beyond the mobile device operation attribute.
5. a kind of movable storage device safe handling method as claimed in claim 1, it is characterized in that:, forbid that then this process or thread stop being marked as the process process in addition of mobile device operation attribute if the process of current operation or thread are marked as mobile device operation attribute.
6. a kind of movable storage device safe handling method as claimed in claim 1 is characterized in that: if the process of current operation or thread are marked as mobile device operation attribute, then forbid this process or thread direct read disk and internal memory.
7. a kind of movable storage device safe handling method as claimed in claim 1, it is characterized in that: if the process of current operation or thread are marked as mobile device operation attribute, then forbid this process or thread editing operation system account number, restart or closing machine, the operation of formatting diskette.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101573149A CN102184368A (en) | 2011-06-13 | 2011-06-13 | Method for safely using mobile storage device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011101573149A CN102184368A (en) | 2011-06-13 | 2011-06-13 | Method for safely using mobile storage device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102184368A true CN102184368A (en) | 2011-09-14 |
Family
ID=44570543
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011101573149A Pending CN102184368A (en) | 2011-06-13 | 2011-06-13 | Method for safely using mobile storage device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102184368A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473512B (en) * | 2013-08-26 | 2016-06-15 | 北京明朝万达科技股份有限公司 | A kind of mobile memory medium management method and device |
CN106024046A (en) * | 2016-05-24 | 2016-10-12 | 深圳市硅格半导体股份有限公司 | Data storage method and device |
CN106897636A (en) * | 2017-02-28 | 2017-06-27 | 郑州云海信息技术有限公司 | A kind of mobile memory medium method for managing security based on API HOOK |
CN108959903A (en) * | 2018-06-11 | 2018-12-07 | 山东超越数控电子股份有限公司 | A kind of movable storage device security control method and system |
CN112579202A (en) * | 2020-12-17 | 2021-03-30 | 深圳软牛科技有限公司 | Method, device, equipment and storage medium for editing service program of Windows system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101221510A (en) * | 2008-01-24 | 2008-07-16 | 清华大学 | Method for reappearing user configuration surroundings on computer by mobile memory device |
CN101458667A (en) * | 2009-01-10 | 2009-06-17 | 汤放鸣 | Electronic apparatus with electronic security level identification, information exchange flow control system based on electronic security level identification, method and mobile memory |
CN201465120U (en) * | 2009-07-01 | 2010-05-12 | 北京鼎普科技股份有限公司 | USB movable storage medium management system |
-
2011
- 2011-06-13 CN CN2011101573149A patent/CN102184368A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101221510A (en) * | 2008-01-24 | 2008-07-16 | 清华大学 | Method for reappearing user configuration surroundings on computer by mobile memory device |
CN101458667A (en) * | 2009-01-10 | 2009-06-17 | 汤放鸣 | Electronic apparatus with electronic security level identification, information exchange flow control system based on electronic security level identification, method and mobile memory |
CN201465120U (en) * | 2009-07-01 | 2010-05-12 | 北京鼎普科技股份有限公司 | USB movable storage medium management system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473512B (en) * | 2013-08-26 | 2016-06-15 | 北京明朝万达科技股份有限公司 | A kind of mobile memory medium management method and device |
CN106024046A (en) * | 2016-05-24 | 2016-10-12 | 深圳市硅格半导体股份有限公司 | Data storage method and device |
CN106024046B (en) * | 2016-05-24 | 2019-09-20 | 深圳市硅格半导体有限公司 | Date storage method and device |
CN106897636A (en) * | 2017-02-28 | 2017-06-27 | 郑州云海信息技术有限公司 | A kind of mobile memory medium method for managing security based on API HOOK |
CN108959903A (en) * | 2018-06-11 | 2018-12-07 | 山东超越数控电子股份有限公司 | A kind of movable storage device security control method and system |
CN112579202A (en) * | 2020-12-17 | 2021-03-30 | 深圳软牛科技有限公司 | Method, device, equipment and storage medium for editing service program of Windows system |
CN112579202B (en) * | 2020-12-17 | 2024-04-05 | 深圳软牛科技有限公司 | Method, device, equipment and storage medium for editing server program of Windows system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102184368A (en) | Method for safely using mobile storage device | |
WO2016019893A1 (en) | Application installation method and apparatus | |
CN104268468B (en) | It is a kind of to the guard method of android system dynamic link library and system | |
CN104143069B (en) | A kind of method and system of protection system file | |
CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
CN104715209B (en) | A kind of outgoing document encryption protecting method | |
CN103473501B (en) | A kind of Malware method for tracing based on cloud security | |
CN106682497A (en) | System and method of secure execution of code in hypervisor mode | |
CN104123495B (en) | A kind of method for being used to remove the Malware for preventing computer from running | |
CN102222189A (en) | Method for protecting operating system | |
CN106909829A (en) | Suitable for the Software security protection system of Godson desktop computer and its guard method | |
CN102646079B (en) | Disk data protection method oriented to Linux operating system | |
CN102063317A (en) | Method and system for renewedly burning application program by embedded equipment | |
CN110659491B (en) | Computer system recovery method, device, equipment and readable storage medium | |
CN105608150A (en) | Business data processing method and system | |
CN101950339A (en) | Security protection method and system of computer | |
CN113031944B (en) | Business opening device and method based on template | |
CN108280353A (en) | A kind of judgment method and device of security document operation | |
CN104462898A (en) | Object file protecting method and device based on Android system | |
CN104573563A (en) | Safety use method of mobile storage equipment | |
CN104392189B (en) | The method and apparatus for realizing file system safe operation | |
KR102262680B1 (en) | Multimedia file security method and recording medium | |
CN102073558B (en) | Method for realizing safety and integrity of files in smart card | |
TW201115384A (en) | Read-only protection method for removable storage medium | |
KR20190096686A (en) | Malware preventing system anf method based on access controlling for data file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110914 |