CN102693388A - Data safety protection processing system, method and storage medium - Google Patents
Data safety protection processing system, method and storage medium Download PDFInfo
- Publication number
- CN102693388A CN102693388A CN201210185835XA CN201210185835A CN102693388A CN 102693388 A CN102693388 A CN 102693388A CN 201210185835X A CN201210185835X A CN 201210185835XA CN 201210185835 A CN201210185835 A CN 201210185835A CN 102693388 A CN102693388 A CN 102693388A
- Authority
- CN
- China
- Prior art keywords
- file
- attribute information
- security protection
- protection attribute
- unified cache
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a data safety protection processing system, a data safety protection processing method and a storage medium. The data safety protection processing system comprises a service module, a uniform caching module, an inquiring interface and an adding interface, wherein the uniform caching module is used for caching a file identifier corresponding to a process and safety protection attribute information corresponding to the file identifier; after a monitoring point of the service module is triggered by the process, the inquiring interface is called by the service module to inquire the file identifier of a file corresponding to the process and/or the safety protection attribute information from the uniform caching module, and then the specific data safety protection processing is performed; and if the file identifier and/or the corresponding safety protection attribute information are/is not inquired, the file identifier and the safety protection attribute information corresponding to the process are confirmed and the adding interface is called for adding the confirmed file identifier and safety protection attribute information to the uniform caching module. According to the invention, the whole performance cost of the data safety protection processing system is reduced and the consistency of safety protection processing of all services is increased.
Description
Technical field
The present invention relates to the data security guard technology field of data processing equipment, relate in particular to a kind of data security protective treatment system and method and storage medium.
Background technology
At present; Along with the safety problem of data processing equipment (equipment that has data-handling capacity like computing machine, smart mobile phone, panel computer etc.) is more and more severeer, the data security protective treatment system of protected data treatment facility hardware/software/data has appearred being used in industry.These data security protective treatment systems often install and operate on the data processing equipment with the mode of software, with hardware/software/data of avoiding data processing equipment not because of chance or malice former thereby suffer to destroy, change, appear.
In the data security protective treatment system that industry is used always at present, often be integrated with two or more business modules, every kind of business module is used to carry out the corresponding service processing logic, realizes function of safety protection targetedly.For example, be integrated with real-time protection business module, wooden horse scanning business module, file monitor business module, download protection business module etc. in the previous security protection system of order usually.At present, said each business module has all been used process file eigenwert caching technology when the process business logic processing.
So-called process file eigenwert caching technology is meant: in the process initiation of some programs; Read the pairing disk file content of this process; Carry out the file characteristic value and calculate, and be saved in the file characteristic value that calculates in the buffer structure of internal memory.Simultaneously; Also can inquire about the server that the file characteristic value of this process uploads to the backstage, obtain the security protection attribute information of this document, after receiving the result of server acknowledge; Also be saved in the security protection attribute information in the buffer structure, and bind with the corresponding file feature value.Said security protection attribute information has mainly comprised the whether information of safety of this document, or further comprises corresponding safe handling policy information etc.Whether safe information for example can be the black-white-gray attribute information to said file: common " deceiving " represented this document is dangerous (being generally files such as virus), and corresponding safe handling strategy normally stops processing such as operation, removing immediately; " in vain " expression this document is safe, and corresponding safe handling strategy normally allows processing such as operation; Safety is unknown for " ash " expression this document, the normally processing such as report and alarm of corresponding safe handling strategy.Certain described safe handling strategy can be adjusted according to service needed, is not changeless.In internal memory buffer memory after file characteristic value and the corresponding security protection attribute information of said process; When this process triggers in the data security protective treatment system during monitoring point of certain business module; This business module just reads the pairing disk file content of this process; Carry out the file characteristic value and calculate, inquire about the security protection attribute information of this file in the buffer memory, and make corresponding judgment and processing according to Query Result according to the file characteristic value that calculates; The black-white-gray attribute information that for example inquires this document is " deceiving ", then can stop this process of operation according to the safe handling strategy.
For example, Fig. 1 process flow diagram of utilizing process file eigenwert caching technology to carry out protective treatment for the real-time protection business module in the existing a kind of data security protective treatment system.Referring to Fig. 1, this flow process comprises:
Said monitoring point is meant the action monitoring target of this business module to program process.For example for real-time protection business module; Said monitoring point can for: the monitoring facilities process is added the action of registrations in registration table; Triggered this monitoring point of protection business module in real time if certain process has been added registrations in registration table, protected business module in real time and will protect business processing in real time this process.Again for example for downloading the protection business module, said monitoring point can for: whether monitoring has file to download is accomplished, if then triggered should downloads protection business module the monitoring point, download the protection business module and this process is downloaded protected processing.
After obtaining the file characteristic value, generally can judge earlier and whether preserve the corresponding security protection attribute information of this document eigenwert in the local memory cache.In order to improve the efficient of caching query, divided three buffer structures in the described example of Fig. 1, be respectively the whole buffer memory of real-time protection, local file black and white buffer memory and cloud access vector cache, respectively corresponding following step 103 ~ step 105.Be used for cache file eigenwert and corresponding user prompt result thereof in the whole buffer memory of said real-time protection; Said local file black and white buffer memory is used for cache file eigenwert and corresponding black and white attribute information thereof, can certainly comprise the black-white-gray attribute information; Said cloud access vector cache is used for the safe handling policy information in the high in the clouds of cache file eigenwert and correspondence thereof.Certainly; Content in said three buffer structures also can be come buffer memory with a buffer structure; Promptly come cache file description value and corresponding security protection attribute informations such as user prompt result, black and white attribute information and high in the clouds safe handling policy information thereof with a buffer structure, just a little at processing timeliness rate variance.Three buffer memorys judgements described in Fig. 1 specifically comprise:
If step 107 inquires the user prompt result, then show said user prompt result.
In general; After a process triggers the monitoring point of real-time protection business module for the first time; Because the record of the file characteristic value of this process respective file not in the buffer memory, therefore need execution in step 106 to inquire the corresponding security protection attribute information of file characteristic value and be kept in the buffer memory.If this process has triggered the monitoring point of real-time protection business module once more later on; Then can calculate the file characteristic value of this process respective file; From local cache, inquire about corresponding security protection attribute information according to this document eigenwert; For example the said instance of Fig. 1 can protect the inquiry of whole buffer memory, local file black and white buffer memory, cloud access vector cache successively in real time; The condition of inquiry is this process corresponding file feature value, as long as a cache hit is arranged, then directly notifies the driver module of bottom to handle accordingly according to buffer memory.
The defective of prior art is:
Each business module adopts separate caching process mechanism, and each business module is all set up own proprietary spatial cache in internal memory.Such as wooden horse killing business module the file characteristic value (such as the MD5 hashed value) of oneself and the caching mechanism of corresponding black and white attribute are arranged, protect file characteristic value and the caching mechanism of corresponding black and white attribute that business module also has the maintenance process file of oneself in real time.For the data security protective treatment system that is integrated with two or more business modules; If same process triggers the monitoring point of different service modules; Then this each business module each other independently caching mechanism can cause repeatedly double counting and the file characteristic value information that obtains same process respective file and to the operation of the corresponding security protection attribute information of high in the clouds server lookup identical file; Be that repeated file system input and output (IO) operation, repeated CPU calculate and reach EMS memory occupation, repeated network inquiry etc., make that the overall performance expense of data security protective treatment system is very big.
In addition; In the prior art since each business module caching mechanism in update strategy have difference; Can cause being integrated with the data security protective treatment system of two or more business modules the security protection attribute information (for example black and white attribute) of identical file is judged the phenomenon that appearance is not complementary; The performance of each business module when handling same process file differs like this, and be conflicting, causes the consistance of each service security protective treatment relatively poor.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of data security protective treatment system and method and storage medium, to reduce the overall performance expense of data security protective treatment system, improves the consistance of each service security protective treatment.
Technical scheme of the present invention is achieved in that
A kind of data security protective treatment system comprises business module, unified cache module, query interface and interpolation interface, wherein:
Said unified cache module is used for the corresponding data recording of buffer memory process, and said data recording comprises the file identification and the corresponding security protection attribute information thereof of process respective file;
Said query interface is used for from said unified cache module inquiry file sign and/or corresponding security protection attribute information;
Said interpolation interface is used for adding file identification and corresponding security protection attribute information thereof to said unified cache module;
Said business module is used for: behind the monitoring point of certain this business module of process triggers; Call said query interface and from said unified cache module, inquire about the file identification and/or the corresponding security protection attribute information of this process respective file, carry out concrete data security protective treatment afterwards; If do not inquire the file identification and/or the corresponding security protection attribute information of this process respective file; Then confirm this process corresponding file sign and security protection attribute information; And call said interpolation interface, file identification and security protection attribute information after confirming are added in the said unified cache module.
Data security protection processing method in a kind of data security protective treatment system comprises:
Setting is independent of the unified cache module of the business module of said data security protective treatment system; This is unified cache module and is used for the corresponding data recording of buffer memory process, and said data recording comprises the file identification and the corresponding security protection attribute information thereof of process respective file;
Behind the monitoring point of certain process triggers business module, the file identification of this process respective file of inquiry and/or corresponding security protection attribute information carry out concrete data security protective treatment from said unified cache module; If do not inquire the file identification and/or the corresponding security protection attribute information of this process respective file; Then confirm this process corresponding file sign and security protection attribute information, file identification and security protection attribute information after confirming are added in the said unified cache module.
A kind of storage medium wherein stores computer program, and this computer program is used to carry out method of the present invention.
Compared with prior art; Scheme of the present invention adopts the unified cache module of the business module that is independent of said data security protective treatment system; In process triggers behind the monitoring point of business module; From this unified cache module, inquire about the file identification and/or the security protection attribute information of this process respective file by this business module,, confirm that then this process corresponding file sign and security protection attribute information are (in this process if do not inquire; Need carry out IO operation, CPU calculating and EMS memory occupation and network inquiry), file identification and the security protection attribute information after confirming added in the said unified cache module.Through this processing scheme; For same process triggers the scene of different service modules monitoring point; Only need to carry out IO operation, CPU calculating and EMS memory occupation and network inquiry one time; Promptly confirm the operation of this process corresponding file sign and security protection attribute information; If same afterwards process has triggered the monitoring point of other business module once more, then needn't repeat corresponding IO operation, CPU calculating and EMS memory occupation and network inquiry, file identification and/or the security protection attribute information that only need from said unified cache module, inquire about this process respective file get final product.Therefore; Scheme of the present invention has reduced the repeated and redundant operation of file system IO; Reduced the double counting of CPU redundant and to internal memory repeat take and the network inquiry etc. that has reduced repeated and redundant, and then reduced the overall performance expense of data security protective treatment system.
In addition; Each business module of the present invention adopts unified cache module; Unified process file sign and the security protection attribute information thereof that be each business module buffer memory wherein; Can guarantee that each business module is only for the judgement of the security protection attribute (like the black-white-gray attribute) of identical file, inconsistent problem is handled in the security protection of avoiding the caching mechanism update strategy difference of different business module to cause, has improved the consistance of each service security protective treatment.
Description of drawings
The process flow diagram that Fig. 1 utilizes process file eigenwert caching technology to carry out protective treatment for the real-time protection business module in the existing a kind of data security protective treatment system;
Fig. 2 is the composition synoptic diagram of a kind of embodiment of data security protective treatment of the present invention system;
Fig. 3 is the composition synoptic diagram of another embodiment of data security protective treatment of the present invention system;
Fig. 4 is a kind of processing flow chart of data security protection processing method according to the invention after triggering the monitoring point.
Embodiment
Below in conjunction with accompanying drawing and specific embodiment the present invention is remake further detailed explanation.
Fig. 2 is the composition synoptic diagram of a kind of embodiment of data security protective treatment of the present invention system; Referring to Fig. 2, this data security protective treatment system comprises: business module, unified cache module 201, query interface 202 and interpolation interface 203, wherein:
Said unified cache module 201 is used for the corresponding data recording of buffer memory process, and said data recording specifically can be a kind of file logging, and this document record comprises the file identification and the corresponding security protection attribute information thereof of process respective file.
Said query interface 202 is used for from said unified cache module 201 inquiry files sign and/or corresponding security protection attribute information; Its input value is file identification (like file complete trails information or a file characteristic value), and output valve is file identification (like the file eigenwert) and/or corresponding security protection attribute information.
Said interpolation interface 203 is used for adding file identification and corresponding security protection attribute information thereof to said unified cache module 201; Its input value is file identification and security protection attribute information, and output valve is whether to add successful object information.
At least comprise two business modules in the data security protective treatment according to the invention system, comprise four kinds of business modules among the embodiment for example shown in Figure 2, be respectively applied for and carry out concrete data security protective treatment.For example protect business module 241 in real time and be used for webpage fire wall real-time guard processing, USB flash disk fire wall real-time guard processing, camera real-time guard processing etc.; Said wooden horse scanning business module 242 is used for the trojan horse program in the scan-data treatment facility; Said file monitor business module 243 is used for the file of certain appointment is carried out monitoring and protection; Said download protection business module 244 is used for when downloading the completion data file, this document being carried out monitoring protection processing etc.
Said each business module of the present invention has a common processing capacity; Promptly may be used to: behind the monitoring point of certain this business module of process triggers; Call said query interface 202 and from said unified cache module 201, inquire about the file identification and/or the corresponding security protection attribute information of this process respective file, carry out concrete data security protective treatment afterwards; If do not inquire the file identification and/or the corresponding security protection attribute information of this process respective file; Then confirm this process corresponding file sign and security protection attribute information; And call said interpolation interface 203, file identification and security protection attribute information after confirming are added in the said unified cache module 201.
Said monitoring point is meant the action monitoring target of this business module to program process.For example for real-time protection business module 241; Said monitoring point can for: the monitoring facilities process is added the action of registrations in registration table; Triggered this monitoring point of protection business module in real time if certain process has been added registrations in registration table, protected business module in real time and will protect business processing in real time this process.Again for example for downloading protection business module 244; Said monitoring point can for: whether the monitoring downloading process has file download to accomplish; If then triggered the monitoring point of this download protection business module, download the protection business module and will download the protection processing this downloading process institute downloaded files.
The file logging of 201 buffer memorys of unified cache module according to the invention can comprise many, and each bar file record comprises the file identification and the corresponding security protection attribute information thereof of this document.Said security protection attribute information has mainly comprised the whether information of safety of this document, or further comprises corresponding safe handling policy information and/or effective time of this security protection attribute information etc.Whether safe information for example can be the black-white-gray attribute information to said file: common " deceiving " represented this document is dangerous (being generally files such as virus), and corresponding safe handling strategy normally stops processing such as operation, removing immediately; " in vain " expression this document is safe, and corresponding safe handling strategy normally allows processing such as operation; Safety is unknown for " ash " expression this document, the normally processing such as report and alarm of corresponding safe handling strategy.Certain described safe handling strategy can be adjusted according to service needed, is not changeless.
In one embodiment, said file identification is: the file characteristic value; Said business module specifically is used for: behind the monitoring point of certain this business module of process triggers, confirm the file characteristic value of this process respective file, promptly from disk, find this document; Calculate the file characteristic value of this document according to the content of file; Such as utilizing the MD5 algorithm computation to go out the MD5 hashed value of this document, promptly be a kind of file characteristic value, can identify this document uniquely; As long as file content is constant; Then this document eigenwert just can not change, and calls said query interface 202 then and from said unified cache module 201, inquires about the corresponding security protection attribute information of this document eigenwert, according to the security protection attribute information that inquires said process corresponding file is carried out handled then; The content and the policy information that comprise in concrete processing mode and the security protection attribute information are relevant, and the present invention does not limit.
But when initialization; There is not the file logging of said process respective file in the said unified cache module 201; At this moment said business module can not inquire the corresponding security protection attribute information of said file characteristic value from unified cache module 201; Need to confirm corresponding security protection attribute information this moment; Specifically be to the server of high in the clouds, to inquire about the corresponding security protection attribute information of this document eigenwert (normally file characteristic value and corresponding security protection attribute information binding storage on the server of high in the clouds) with said file characteristic value; And call said interpolation interface 203, said file characteristic value and corresponding security protection attribute information are added in the said unified cache module 201.
In another kind of embodiment, said file identification is: file complete trails information and file characteristic value.Said file complete trails information can be file complete trails character string, perhaps can be the cryptographic hash of this document complete trails character string.Said business module specifically is used for: behind the monitoring point of certain this business module of process triggers; Confirm the file complete trails information of this process respective file; Specifically can call said query interface 202 then and from said unified cache module 201, inquire about this document complete trails information corresponding file feature value and/or corresponding security protection attribute information from the file complete trails information of this in-process intercepting respective file.According to the security protection attribute information that inquires said process corresponding file is carried out handled then, the content and the policy information that comprise in concrete processing mode and the security protection attribute information are relevant, and the present invention does not limit.The said file characteristic value that inquires can be carried out follow-up business at business module and handled the differentiation process file, for example when reporting the process file statistical information, distinguishes different process files with this document eigenwert.
But when initialization; There is not the file logging of said process respective file in the said unified cache module 201; At this moment said business module can not inquire said file complete trails information corresponding file feature value and/or corresponding security protection attribute information from unified cache module 201; Need to confirm the file characteristic value and corresponding security protection attribute information of this document this moment, concrete definite mode is the same, calls said interpolation interface 203 afterwards; Said file complete trails information and file characteristic value as file identification, are added to file identification and corresponding security protection attribute information in the said unified cache module 201 as a file record.
A field information that the file record is comprised for said unified cache module institute buffer memory as shown in table 1 below:
Table 1
Through above-mentioned initialization process; For same process triggers the scene of different service modules monitoring point; Only need to carry out IO operation, CPU calculating and EMS memory occupation and network inquiry one time; Promptly confirm the operation of this process corresponding file sign and security protection attribute information; If same afterwards process has triggered the monitoring point of other business module once more, then needn't repeat corresponding IO operation, CPU calculating and EMS memory occupation and network inquiry, file identification and/or the security protection attribute information that only need from said unified cache module 201, inquire about this process respective file get final product.Therefore, scheme of the present invention has reduced the repeated and redundant operation of file system IO, reduced the double counting of CPU redundant and to internal memory repeat take and the network inquiry etc. that has reduced repeated and redundant.
In addition in the prior art, when the frequent triggering of a certain process some (or one group) control point, just need its file characteristic value of calculating repeatedly.Equally, if during a plurality of monitoring group of a plurality of process triggers, calculation document eigenwert that also can be frequent.Loss on the performances such as the calculation document eigenwert can cause the disk I expense of system to become big, and CPU usage uprises, and network traffics are big causes user's security protective treatment system phenomenon slowly to occur moving, and user experience is very bad.And the scheme of employing the foregoing description; Inquire about corresponding security protection attribute information and/or file characteristic value by said file complete trails information as a kind of file identification; Needn't carry out the calculating of file characteristic value repeatedly and (only when in unified cache module, adding, calculate a file characteristic value; Needn't calculate once more when inquiring about afterwards), but the file characteristic value is calculated and corresponding high in the clouds query manipulation is converted into buffer memory in the internal memory reads query manipulation, the disk I and the CPU calculation consumption that are produced when therefore further the first mate reduces the calculating of file characteristic value; The first mate has improved the performance of system, has strengthened the handling capacity of system.It can effectively must solve frequent IO expense, CPU usage that each professional independent caching mechanism brings high, repeatedly the network traffics expense brought of cloud inquiry and the problem of backstage inquiry load.
Fig. 3 is the composition synoptic diagram of another embodiment of data security protective treatment of the present invention system; Referring to Fig. 3, this data security protective treatment system also further comprises updating interface 205 except comprising described module of Fig. 2 and interface, is used for upgrading the file identification and/or the corresponding security protection attribute information of said unified cache module 201 buffer memorys; Its input value is file identification and/or corresponding security protection attribute information, and output valve is whether to upgrade successful object information.
Said system also comprises following arbitrary module at least:
Background administration module 261; Can be arranged on server end; Be used for initiatively calling said updating interface 205, upgrade the corresponding security protection attribute information of a certain (or a few) file identification of buffer memory in the said unified cache module 201 according to the backstage steering order; This update processing operation is initiatively initiated by back-stage management person; Be used for responding timely fast the client of security protection disposal system wrong report, situation such as fail to report; And can guarantee further that each business module is only for the black-white-gray determined property of identical file, the attribute different problems of further avoiding the caching mechanism update strategy difference of different business to cause.
Scan module 263 when not busy; The All Files record that is used for the said unified cache module 201 of timing scan; Whether file identification and/or its security protection attribute information in the inquiry file record have change, if change is arranged then the file identification in the said unified cache module 201 and/or its security protection attribute information are carried out corresponding renewal; Thereby guarantee the ageing of all records.For example all file loggings in the said unified cache module 201 of run-down week about; According to finding corresponding file in the file complete trails information degaussing dish in the file logging; Calculate the file characteristic value of this document; Check whether original file characteristic value is identical in this document eigenwert and the unified cache module 201, if difference then upgrade original file characteristic value; Utilize said file characteristic value to the server of high in the clouds, to inquire about the corresponding security protection attribute information of this document eigenwert (normally file characteristic value and corresponding security protection attribute information binding storage on the server of high in the clouds) simultaneously; Check again whether original security protection attribute information is identical in this security protection attribute information and the unified cache module 201, if difference then upgrade original security protection attribute information.
In addition, system of the present invention can also comprise a delete interface 207, is used for the file identification according to input, deletion this document sign corresponding file record from said unified cache module 201.Said any module invokes that common this delete interface 207 supplies in system according to the invention; As long as the file identification (like file complete trails information) of the input deleted file of wanting; Then delete this document sign corresponding file record, whether the result that this interface returns deletes information of successful.For example said file monitor module 262 has disappeared at the file that monitors under a certain file complete trails; Then call said delete interface 207; To delete interface 207 input this document complete trails information; This delete interface 207 is deleted this document complete trails information corresponding file record from said unified cache module 201, thereby avoids the spatial cache of the unified cache module 201 of garbage waste.
Certainly; Above-mentioned query interface 202, the relation of being called of adding interface 203, updating interface 205, delete interface 207 are not limited to the relation of being called illustrated in figures 1 and 2; These interfaces can be opened to any one module invokes in the said security protection disposal system; As long as this module has relevant demand, just can call corresponding interface, as long as the value of this interface regulation input of input; For example said background administration module 261 also can call and add interface 203; To adding interface 203 input files sign and security protection attribute information, then add interface 203 and can in said unified cache module 201, add a file record, comprise file identification and the security protection attribute information imported.
The invention also discloses the data security protection processing method in a kind of data security protective treatment system, this method comprises:
Setting is independent of the unified cache module of the business module of said data security protective treatment system.This is unified cache module and is used for the corresponding data recording of buffer memory process, and said data recording specifically can be a kind of file logging, and said file logging comprises the file identification and the corresponding security protection attribute information thereof of this document;
If the monitoring point of certain process triggers business module then referring to Fig. 4, specifically comprises:
The monitoring point of step 401, certain process triggers business module.
Step 402, this business module are inquired about the file identification and/or the corresponding security protection attribute information of this process respective file from said unified cache module.
Step 403 ~ 404, whether inquire said file identification and/or corresponding security protection attribute information, if then carry out concrete data security protective treatment, otherwise execution in step 405.
Step 405, confirm this process corresponding file sign and security protection attribute information to file identification and security protection attribute information after confirming to be added in the said unified cache module.
In one embodiment, the file identification of buffer memory is in the said unified cache module: the file characteristic value; Behind the monitoring point of certain process triggers business module; Said from unified cache module the file identification of this process respective file of inquiry and/or the concrete mode of corresponding security protection attribute information be: the file characteristic value of confirming this process respective file; Promptly from disk, find this document; Calculate the file characteristic value of this document according to the content of file; Such as utilizing the MD5 algorithm computation to go out the MD5 hashed value of this document, the corresponding security protection attribute information of inquiry this document eigenwert from said unified cache module carries out handled according to the security protection attribute information that inquires to said process corresponding file then then; The content and the policy information that comprise in concrete processing mode and the security protection attribute information are relevant, and the present invention does not limit.
But when initialization; There is not the file logging of said process respective file in the said unified cache module; At this moment said business module can not inquire the corresponding security protection attribute information of said file characteristic value from unified cache module; Need to confirm corresponding security protection attribute information this moment; Specifically be to the server of high in the clouds, to inquire about the corresponding security protection attribute information of this document eigenwert, and said file characteristic value and corresponding security protection attribute information are added in the said unified cache module with said file characteristic value.
In one embodiment, the file identification of buffer memory is in the said unified cache module: file complete trails information and file characteristic value; Said file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.And; Behind the monitoring point of certain process triggers business module; Said from unified cache module the file identification of this process respective file of inquiry and/or the concrete grammar of corresponding security protection attribute information be: the file complete trails information of confirming this process respective file; Inquiry this document complete trails information corresponding file feature value and/or corresponding security protection attribute information from said unified cache module; According to the security protection attribute information that inquires said process corresponding file is carried out handled then, the content and the policy information that comprise in concrete processing mode and the security protection attribute information are relevant, and the present invention does not limit.The said file characteristic value that inquires can be carried out follow-up business at business module and handled the differentiation process file, for example when reporting the process file statistical information, distinguishes different process files with this document eigenwert.
When initialization; There is not the file logging of said process respective file in the said unified cache module; At this moment said business module can not inquire said file complete trails information corresponding file feature value and/or corresponding security protection attribute information from unified cache module; Need to confirm the file characteristic value and corresponding security protection attribute information of this document this moment, concrete definite mode is the same, calls said interpolation interface 203 afterwards; Said file complete trails information and file characteristic value as file identification, are added to file identification and corresponding security protection attribute information in the said unified cache module as a file record.
Method of the present invention can further include: the file identification of buffer memory in the said unified cache module and/or corresponding security protection attribute information are upgraded, concrete update method comprise at least following any:
(a) upgrade the corresponding security protection attribute information of file identification of buffer memory in the said unified cache module according to the backstage steering order;
(b) whether the monitoring process corresponding file is changed, and when change takes place file, upgrades the file identification of this document in the said unified cache module;
(c) the All Files record in the said unified cache module of timing scan; Whether file identification and/or its security protection attribute information in the inquiry file record have change, if change is arranged then the file identification in the said unified cache module and/or its security protection attribute information are carried out corresponding renewal;
(d) receive the update instruction that the user imports, the file identification in the said unified cache module and/or its security protection attribute information are carried out corresponding renewal according to the file identification of appointment in this update instruction and/or the security protection attribute information of correspondence.
Method of the present invention can further include: after said unified buffer module file record corresponding file disappears in disk, and deletion corresponding file record from said unified cache module.For example the present invention can monitor the file situation under the file complete trails described in said each bar file record in real time; After file under monitoring a certain file complete trails disappears (like user's deleted this document or user unloading relative program etc.); Then from said unified cache module, delete this document complete trails information corresponding file record, thereby avoid the spatial cache of the unified cache module of garbage waste.
In the prior art, when the frequent triggering of a certain process some (or one group) control point, just need its file characteristic value of calculating repeatedly.Equally, if during a plurality of monitoring group of a plurality of process triggers, calculation document eigenwert that also can be frequent.Loss on the performances such as the calculation document eigenwert can cause the disk I expense of system to become big, and CPU usage uprises, and network traffics are big causes user's security protective treatment system phenomenon slowly to occur moving, and user experience is very bad.
In order to overcome above-mentioned defective of the prior art; The invention also discloses a kind of data security protection processing method; This method can be applied in above-mentioned having and be independent of in the security protection disposal system of unified cache module of business module, also can be applied in each business module and adopt in the security protection disposal system of separate caching process mechanism.This method comprises:
Adopt the file of file complete trails data separation local client; Buffer memory process corresponding file record in the buffer memory of business module, said file logging comprise file complete trails information of this document and the file characteristic value and the corresponding security protection attribute information thereof of this document; Said file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.
Behind the monitoring point of certain process triggers business module; Confirm the file complete trails information of this process respective file; From this business module corresponding cache, (can be the independent buffer memory of this business module; Also can be the unified buffer module of security protection disposal system, of above-mentioned embodiment) the file complete trails information corresponding file feature value of middle this process respective file of inquiry and/or the security protection attribute information of correspondence, carry out concrete data security protective treatment; If do not inquire the file characteristic value and/or the corresponding security protection attribute information (promptly when initialization) of this process respective file; Then confirm this process corresponding file feature value and security protection attribute information; Promptly from disk, find this document according to file complete trails information; Calculating the file characteristic value of this document according to the content of file, such as utilizing the MD5 algorithm computation to go out the MD5 hashed value of this document, promptly is a kind of file characteristic value; Can identify this document uniquely; As long as file content is constant, then this document eigenwert just can not change, and afterwards the file characteristic value after confirming and security protection attribute information and said file complete trails information is added in the said buffer memory of this business module correspondence as a file record.
Adopt such scheme; Inquire about corresponding security protection attribute information and/or file characteristic value by said file complete trails information; Needn't carry out the calculating of file characteristic value repeatedly and (only when in the business module corresponding cache, adding, calculate a file characteristic value; Needn't calculate once more when inquiring about afterwards), but the file characteristic value is calculated and corresponding high in the clouds query manipulation is converted into the query manipulation that reads of buffer memory in the internal memory, therefore can the first mate reduce disk I and the CPU calculation consumption that is produced when the file characteristic value is calculated; The first mate has improved the performance of system, has strengthened the handling capacity of system.It can effectively must solve frequent IO expense, CPU usage that each professional independent caching mechanism brings high, repeatedly the network traffics expense brought of cloud inquiry and the problem of backstage inquiry load.
Because the present invention has adopted the mode of query caching to obtain the file characteristic value; Its calculated amount compares that the calculated amount according to file content calculation document eigenwert will reduce greatly in the prior art, even therefore do not use the described three layers of caching technology of prior art also can reduce the total system expense of data security protective treatment system.Certainly, the present invention also can adopt existing three layers of caching technology to come further to reduce the performance cost of data security protective treatment system in said unified buffer memory.
Each embodiment of the present invention can realize through the program of being carried out by data processing equipment such as computing machine.Obviously, program has constituted the present invention.In addition, be stored in a program in the storage medium usually through directly program being read out storage medium or middle execution of memory device (like hard disk and or internal memory) through program being installed or copied to data processing equipment.Therefore, such storage medium has also constituted the present invention.Storage medium can use the recording mode of any kind, for example paper storage medium (like paper tape etc.), magnetic storage medium (like floppy disk, hard disk, flash memory etc.), optical storage media (like CD-ROM etc.), magnetic-optical storage medium (like MO etc.) etc.
Therefore the invention also discloses a kind of storage medium, wherein store computer program, this computer program is used for any embodiment of said method of the present invention.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within the scope that the present invention protects.
Claims (16)
1. a data security protective treatment system is characterized in that, comprises business module, unified cache module, query interface and interpolation interface, wherein:
Said unified cache module is used for the corresponding data recording of buffer memory process, and said data recording comprises the file identification and the corresponding security protection attribute information thereof of process respective file;
Said query interface is used for from said unified cache module inquiry file sign and/or corresponding security protection attribute information;
Said interpolation interface is used for adding file identification and corresponding security protection attribute information thereof to said unified cache module;
Said business module is used for: behind the monitoring point of certain this business module of process triggers; Call said query interface and from said unified cache module, inquire about the file identification and/or the corresponding security protection attribute information of this process respective file, carry out concrete data security protective treatment afterwards; If do not inquire the file identification and/or the corresponding security protection attribute information of this process respective file; Then confirm this process corresponding file sign and security protection attribute information; And call said interpolation interface, file identification and security protection attribute information after confirming are added in the said unified cache module.
2. system according to claim 1 is characterized in that this system further comprises updating interface, is used for upgrading the file identification and/or the corresponding security protection attribute information of said unified cache module buffer memory;
Also comprise following arbitrary module at least:
Background administration module is used to call said updating interface, upgrades the corresponding security protection attribute information of file identification of buffer memory in the said unified cache module according to the backstage steering order;
Whether the file monitor module is used for the monitoring process corresponding file and changes, and when change takes place file, calls the file identification that said updating interface is upgraded this document in the said unified cache module;
Scan module when not busy; All data recording that are used for the said unified cache module of timing scan; Whether file identification and/or its security protection attribute information in the data query record have change, if change is arranged then the file identification in the said unified cache module and/or its security protection attribute information are carried out corresponding renewal;
The manual scanning module is used to receive the update instruction that the user imports, and calls file identification and/or corresponding security protection attribute information that said updating interface is upgraded this update instruction appointment.
3. system according to claim 1 is characterized in that this system further comprises delete interface, is used for the file identification according to input, the corresponding data recording of deletion this document sign from said unified cache module.
4. system according to claim 1 is characterized in that,
The file identification of buffer memory is in the said unified cache module: file complete trails information and file characteristic value;
Said business module specifically is used for: behind the monitoring point of said this business module of process triggers; Confirm the file complete trails information of this process respective file, call said query interface and from said unified cache module, inquire about this document complete trails information corresponding file feature value and/or corresponding security protection attribute information.
5. system according to claim 4 is characterized in that, said file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.
6. system according to claim 1 is characterized in that,
The file identification of buffer memory is in the said unified cache module: the file characteristic value;
Said business module specifically is used for: behind the monitoring point of said this business module of process triggers; Confirm the file characteristic value of this process respective file, call said query interface and from said unified cache module, inquire about the corresponding security protection attribute information of this document eigenwert.
7. system according to claim 1; It is characterized in that; The security protection attribute information that the file identification of buffer memory is corresponding in the said unified cache module comprises the whether information of safety of this document, or further comprises the safe handling policy information that this document is corresponding and/or the effective time of this security protection attribute information.
8. system according to claim 1 is characterized in that, comprises at least two business modules in the said data security protective treatment system.
9. a data security protection processing method is characterized in that, comprising:
Setting is independent of the unified cache module of the business module of data security protective treatment system; This is unified cache module and is used for the corresponding data recording of buffer memory process, and said data recording comprises the file identification and the corresponding security protection attribute information thereof of process respective file;
Behind the monitoring point of certain process triggers business module, the file identification of this process respective file of inquiry and/or corresponding security protection attribute information carry out concrete data security protective treatment from said unified cache module; If do not inquire the file identification and/or the corresponding security protection attribute information of this process respective file; Then confirm this process corresponding file sign and security protection attribute information, file identification and security protection attribute information after confirming are added in the said unified cache module.
10. method according to claim 9; It is characterized in that; This method further comprises: the file identification of buffer memory in the said unified cache module and/or corresponding security protection attribute information are upgraded, concrete update method comprise at least following any:
Upgrade the corresponding security protection attribute information of file identification of buffer memory in the said unified cache module according to the backstage steering order;
Be used for the monitoring process corresponding file and whether change, when change takes place file, upgrade the file identification of this document in the said unified cache module;
All data recording in the said unified cache module of timing scan; Whether file identification and/or its security protection attribute information in the data query record have change, if change is arranged then the file identification in the said unified cache module and/or its security protection attribute information are carried out corresponding renewal;
Receive the update instruction of user's input, the file identification in the said unified cache module and/or its security protection attribute information are carried out corresponding renewal according to the file identification of appointment in this update instruction and/or the security protection attribute information of correspondence.
11. method according to claim 9 is characterized in that,
The file identification of buffer memory is in the said unified cache module: file complete trails information and file characteristic value;
Behind the monitoring point of certain process triggers business module; Said file identification and/or the corresponding security protection attribute information of from unified cache module, inquiring about this process respective file; Be specially: confirm the file complete trails information of this process respective file, inquiry this document complete trails information corresponding file feature value and/or corresponding security protection attribute information from said unified cache module.
12. method according to claim 9 is characterized in that,
The file identification of buffer memory is in the said unified cache module: the file characteristic value;
Behind the monitoring point of certain process triggers business module; Said file identification and/or the corresponding security protection attribute information of from unified cache module, inquiring about this process respective file; Be specially: confirm the file characteristic value of this process respective file, call said query interface and from said unified cache module, inquire about the corresponding security protection attribute information of this document eigenwert.
13. method according to claim 9 is characterized in that, said definite said process corresponding file sign and security protection attribute information specifically comprise: in disk, search said process corresponding file; According to the content calculation document eigenwert of this document, this document eigenwert as file identification, is perhaps further obtained the file complete trails information of this document, with the file characteristic value of this document and file complete trails information as file identification; Obtain the corresponding security protection attribute information of this document eigenwert according to this document eigenwert to the high in the clouds server lookup.
14., it is characterized in that said file complete trails information is according to claim 11 or 13 described methods: the cryptographic hash of file complete trails character string or this document complete trails character string.
15. method according to claim 9; It is characterized in that; The security protection attribute information that the file identification of buffer memory is corresponding in the said unified cache module comprises the whether information of safety of this document, or further comprises the safe handling policy information that this document is corresponding and/or the effective time of this security protection attribute information.
16. a storage medium is characterized in that, wherein stores computer program, this computer program is used to carry out each described method of said claim 9 to 15.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210185835.XA CN102693388B (en) | 2012-06-07 | 2012-06-07 | Data safety protection processing system, method and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210185835.XA CN102693388B (en) | 2012-06-07 | 2012-06-07 | Data safety protection processing system, method and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102693388A true CN102693388A (en) | 2012-09-26 |
| CN102693388B CN102693388B (en) | 2014-03-19 |
Family
ID=46858813
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210185835.XA Active CN102693388B (en) | 2012-06-07 | 2012-06-07 | Data safety protection processing system, method and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102693388B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102982275A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Security control method and device for running applications |
| CN103281325A (en) * | 2013-06-04 | 2013-09-04 | 北京奇虎科技有限公司 | Method and device for processing file based on cloud security |
| CN103617381A (en) * | 2013-11-21 | 2014-03-05 | 北京奇虎科技有限公司 | Permission configuration method and permission configuration system of equipment |
| CN104102358A (en) * | 2014-07-18 | 2014-10-15 | 北京奇虎科技有限公司 | Privacy information protecting method and privacy information protecting device |
| CN106302641A (en) * | 2016-07-27 | 2017-01-04 | 北京小米移动软件有限公司 | A kind of methods, devices and systems of upper transmitting file |
| CN108073823A (en) * | 2016-11-18 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Data processing method, apparatus and system |
| CN110059110A (en) * | 2019-04-12 | 2019-07-26 | 北京百度网讯科技有限公司 | Business datum security processing, device, computer equipment and storage medium |
| US10383083B2 (en) | 2016-09-18 | 2019-08-13 | Beijing Xiaomi Mobile Software Co., Ltd. | Wireless local area network based positioning method and device |
| US10567422B2 (en) | 2014-11-26 | 2020-02-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for processing attack behavior of cloud application in cloud computing system |
| CN111931177A (en) * | 2020-07-16 | 2020-11-13 | 深信服科技股份有限公司 | Information processing method, information processing device, electronic equipment and computer storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101090401A (en) * | 2007-05-25 | 2007-12-19 | 金蝶软件(中国)有限公司 | Data buffer store method and system at duster environment |
| CN101882156A (en) * | 2010-06-13 | 2010-11-10 | 用友软件股份有限公司 | Controllable cache method and system of Silverlight client side |
-
2012
- 2012-06-07 CN CN201210185835.XA patent/CN102693388B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101090401A (en) * | 2007-05-25 | 2007-12-19 | 金蝶软件(中国)有限公司 | Data buffer store method and system at duster environment |
| CN101882156A (en) * | 2010-06-13 | 2010-11-10 | 用友软件股份有限公司 | Controllable cache method and system of Silverlight client side |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102982275A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Security control method and device for running applications |
| US9948670B2 (en) | 2013-06-04 | 2018-04-17 | Beijing Qihoo Technology Company Limited | Cloud security-based file processing by generating feedback message based on signature information and file features |
| CN103281325A (en) * | 2013-06-04 | 2013-09-04 | 北京奇虎科技有限公司 | Method and device for processing file based on cloud security |
| WO2014194803A1 (en) * | 2013-06-04 | 2014-12-11 | 北京奇虎科技有限公司 | Cloud security-based file processing method and device |
| CN103281325B (en) * | 2013-06-04 | 2018-03-02 | 北京奇虎科技有限公司 | Document handling method and device based on cloud security |
| CN103617381A (en) * | 2013-11-21 | 2014-03-05 | 北京奇虎科技有限公司 | Permission configuration method and permission configuration system of equipment |
| CN104102358A (en) * | 2014-07-18 | 2014-10-15 | 北京奇虎科技有限公司 | Privacy information protecting method and privacy information protecting device |
| US10567422B2 (en) | 2014-11-26 | 2020-02-18 | Huawei Technologies Co., Ltd. | Method, apparatus and system for processing attack behavior of cloud application in cloud computing system |
| CN106302641B (en) * | 2016-07-27 | 2019-10-01 | 北京小米移动软件有限公司 | A kind of methods, devices and systems of upper transmitting file |
| CN106302641A (en) * | 2016-07-27 | 2017-01-04 | 北京小米移动软件有限公司 | A kind of methods, devices and systems of upper transmitting file |
| US10694001B2 (en) | 2016-07-27 | 2020-06-23 | Beijing Xiaomi Mobile Software Co., Ltd. | Method, apparatus and system for uploading a file |
| US10383083B2 (en) | 2016-09-18 | 2019-08-13 | Beijing Xiaomi Mobile Software Co., Ltd. | Wireless local area network based positioning method and device |
| CN108073823A (en) * | 2016-11-18 | 2018-05-25 | 阿里巴巴集团控股有限公司 | Data processing method, apparatus and system |
| CN110059110A (en) * | 2019-04-12 | 2019-07-26 | 北京百度网讯科技有限公司 | Business datum security processing, device, computer equipment and storage medium |
| CN110059110B (en) * | 2019-04-12 | 2021-05-28 | 北京百度网讯科技有限公司 | Business data security processing method and device, computer equipment and storage medium |
| CN111931177A (en) * | 2020-07-16 | 2020-11-13 | 深信服科技股份有限公司 | Information processing method, information processing device, electronic equipment and computer storage medium |
| CN111931177B (en) * | 2020-07-16 | 2023-12-29 | 深信服科技股份有限公司 | Information processing method, apparatus, electronic device, and computer storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102693388B (en) | 2014-03-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102693388B (en) | Data safety protection processing system, method and storage medium | |
| US11960441B2 (en) | Retention management for data streams | |
| EP3404948B1 (en) | Centralized selective application approval for mobile devices | |
| US8578374B2 (en) | System and method for managing virtual machines | |
| CN106133743B (en) | System and method for optimizing the scanning of pre-installation application program | |
| CN105677250B (en) | The update method and updating device of object data in object storage system | |
| US20070294266A1 (en) | Management of time-variant data schemas in data warehouses | |
| US9600486B2 (en) | File system directory attribute correction | |
| US9305146B2 (en) | License management device, license management system, license management method, and program | |
| US11630744B2 (en) | Methods and systems relating to network based storage retention | |
| CN110659259A (en) | Database migration method, server and computer storage medium | |
| CN103197987A (en) | Data backup method, data recovery method and cloud storage system | |
| CN106294842A (en) | A kind of data interactive method, platform and distributed file system | |
| US9002908B2 (en) | System and method for automatically routing and managing stored documents based on document content | |
| US11223528B2 (en) | Management of cloud-based shared content using predictive cost modeling | |
| US8234442B2 (en) | Method and apparatus for in-place hold and preservation operation on objects in content addressable storage | |
| CN106936907A (en) | A kind of document handling method, logical server, access server and system | |
| US9665732B2 (en) | Secure Download from internet marketplace | |
| CN109784051A (en) | Protecting information safety method, device and equipment | |
| CN103581182A (en) | Web message releasing method and device | |
| CN104903871A (en) | Virtual tape library system | |
| CN102867247B (en) | The office automation system of rapid deployment file security outgoing and method | |
| JP2013546072A (en) | Autonomous intelligent content items | |
| CN101364224A (en) | Information management system and method | |
| US10514961B1 (en) | Enhanced cookie management for file workflows |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210918 Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd. Address before: 2, 518044, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd. |