CN102693388B - Data safety protection processing system, method and storage medium - Google Patents

Data safety protection processing system, method and storage medium Download PDF

Info

Publication number
CN102693388B
CN102693388B CN201210185835.XA CN201210185835A CN102693388B CN 102693388 B CN102693388 B CN 102693388B CN 201210185835 A CN201210185835 A CN 201210185835A CN 102693388 B CN102693388 B CN 102693388B
Authority
CN
China
Prior art keywords
file
attribute information
security protection
module
protection attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210185835.XA
Other languages
Chinese (zh)
Other versions
CN102693388A (en
Inventor
沈晓斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Tencent Cloud Computing Beijing Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201210185835.XA priority Critical patent/CN102693388B/en
Publication of CN102693388A publication Critical patent/CN102693388A/en
Application granted granted Critical
Publication of CN102693388B publication Critical patent/CN102693388B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a data safety protection processing system, a data safety protection processing method and a storage medium. The data safety protection processing system comprises a service module, a uniform caching module, an inquiring interface and an adding interface, wherein the uniform caching module is used for caching a file identifier corresponding to a process and safety protection attribute information corresponding to the file identifier; after a monitoring point of the service module is triggered by the process, the inquiring interface is called by the service module to inquire the file identifier of a file corresponding to the process and/or the safety protection attribute information from the uniform caching module, and then the specific data safety protection processing is performed; and if the file identifier and/or the corresponding safety protection attribute information are/is not inquired, the file identifier and the safety protection attribute information corresponding to the process are confirmed and the adding interface is called for adding the confirmed file identifier and safety protection attribute information to the uniform caching module. According to the invention, the whole performance cost of the data safety protection processing system is reduced and the consistency of safety protection processing of all services is increased.

Description

Data security protective treatment system and method and storage medium
Technical field
The data security guard technology field that the present invention relates to data processing equipment, relates in particular to a kind of data security protective treatment system and method and storage medium.
Background technology
At present; along with the safety problem of data processing equipment (as computing machine, smart mobile phone, panel computer etc. have the equipment of data-handling capacity) is more and more severeer, there is the data security protective treatment system for the protection of hardware/software/data in data processing equipment in industry.These data security protective treatment systems are often installed and are operated on data processing equipment in the mode of software, with hardware/software/data of avoiding data processing equipment not because of the former of accidental or malice thereby suffer to destroy, change, appear.
At present, in the conventional data security protective treatment system of industry, be often integrated with two or more business modules, every kind of business module is used for carrying out corresponding business processing logic, realizes function of safety protection targetedly.For example, in the previous security protection system of order, be conventionally integrated with real-time protection business module, wooden horse scanning business module, file monitor business module, download protection business module etc.At present, described each business module has all been used process file eigenwert caching technology when process business logic processing.
So-called process file eigenwert caching technology refers to: in the process initiation of some programs, read the corresponding disk file content of this process, carry out the calculating of file characteristic value, and the file characteristic value calculating is saved in the buffer structure of internal memory.Simultaneously, the server that also the file characteristic value of this process can be uploaded to backstage is inquired about, and obtains the security protection attribute information of this document, after receiving the result of server acknowledge, security protection attribute information is also saved in buffer structure, and binds with corresponding file characteristic value.Described security protection attribute information has mainly comprised the whether safe information of this document, or further comprises corresponding safe handling policy information etc.Described file whether the information of safety such as being black-white-gray attribute information: " black " represents that this document is dangerous (is generally virus and waits file) conventionally, and corresponding safe handling strategy normally stops the processing such as operation, removing immediately; " in vain " represents that this document is safe, and corresponding safe handling strategy normally allows the processing such as operation; " ash " represents this document whether safety is unknown, the normally processing such as report and alarm of corresponding safe handling strategy.Certainly described safe handling strategy can be adjusted according to service needed, is not changeless.In internal memory buffer memory after the file characteristic value and corresponding security protection attribute information of described process, when this process triggers in data security protective treatment system during the monitoring point of certain business module, this business module just reads the corresponding disk file content of this process, carry out the calculating of file characteristic value, according to the file characteristic value calculating to the security protection attribute information of inquiring about this file in buffer memory, and make corresponding estimation & disposing according to Query Result, the black-white-gray attribute information that for example inquires this document is " black ", can stop this process of operation according to safe handling strategy.
For example, Fig. 1 is the process flow diagram that the real-time protection business module in existing a kind of data security protective treatment system utilizes process file eigenwert caching technology to carry out protective treatment.Referring to Fig. 1, this flow process comprises:
Step 101, a certain process triggers the monitoring point of described real-time protection business module.
Described monitoring point refers to the action monitoring target of this business module to program process.For example, for real-time protection business module, described monitoring point can be: monitoring facilities process is to the action of adding registration entries in registration table, if certain process has been added registration entries in registration table, triggered the monitoring point of this real-time protection business module, real-time protection business module will carry out real-time protection business processing to this process.For example for downloading protection business module, described monitoring point can be: whether monitoring has file to download again, has if it is triggered the monitoring point of this download protection business module, downloads protection business module this process is downloaded to conservation treatment.
Step 102, read the corresponding disk file content of this process, according to this document content, calculate the file characteristic value of this document.
After obtaining file characteristic value, generally can first judge in local memory cache, whether to preserve security protection attribute information corresponding to this document eigenwert.In example described in Fig. 1, in order to improve the efficiency of caching query, divide three buffer structures, be respectively the whole buffer memory of real-time protection, local file black and white buffer memory and cloud access vector cache, respectively corresponding following step 103 ~ step 105.In the whole buffer memory of described real-time protection, for cache file eigenwert and corresponding user thereof, point out result; Described local file black and white buffer memory, for cache file eigenwert and corresponding black and white attribute information thereof, can certainly comprise black-white-gray attribute information; Described cloud access vector cache is for the safe handling policy information in the high in the clouds of cache file eigenwert and correspondence thereof.Certainly, content in described three buffer structures also can be carried out buffer memory with a buffer structure, with a buffer structure, come cache file description value and corresponding user thereof to point out the security protection attribute informations such as result, black and white attribute information and high in the clouds safe handling policy information, just a little at processing timeliness rate variance.Three buffer memory judgements described in Fig. 1 specifically comprise:
Step 103, utilize described file characteristic value to inquire about the whole buffer memory of described real-time protection, if inquire the record of this document eigenwert in this buffer memory, read out its corresponding user and point out object information, jump to step 108 notice bottom layer driving module and carry out corresponding real-time protection business processing according to caching query results, otherwise carry out next step.
Step 104, utilize described file characteristic value to inquire about described black and white buffer memory, if inquire the record of this document eigenwert in this buffer memory, read out its corresponding black and white attribute information, jump to step 108 notice bottom layer driving module and carry out corresponding real-time protection business processing according to caching query results, otherwise carry out next step.
Step 105, utilize described file characteristic value to inquire about described cloud access vector cache, if inquire the record of this document eigenwert in this buffer memory, read out its corresponding high in the clouds safe handling policy information, jump to step 108 notice bottom layer driving module and carry out corresponding real-time protection business processing according to caching query results, otherwise carry out next step.
Step 106, described file characteristic value is uploaded to high in the clouds server with inquiry security protection attribute information corresponding to this document eigenwert beyond the clouds, this security protection attribute information comprises that user points out result, black and white attribute information and high in the clouds safe handling policy information herein, after receiving the Query Result that server returns, the security protection attribute information inquiring is stored in local cache and with described file characteristic value and is bound.For example, shown in the dotted arrow in Fig. 1, point out result store in the whole buffer memory of described real-time protection user, black and white attribute information is stored in described local file black and white buffer memory, high in the clouds safe handling policy information is stored in described cloud access vector cache.
If step 107 inquires user and points out result, show that described user points out result.
Step 108, notice bottom layer driving module are carried out corresponding real-time protection business processing according to caching query results or cloud Query Result.Described real-time protection business processing for example can comprise Firewall of Web Pages real-time guard, the real-time guard of USB flash disk fire wall, camera real-time guard etc.
In general, when a process triggers behind the monitoring point of real-time protection business module for the first time, due to the record of the file characteristic value of this process respective file not in buffer memory, therefore need to perform step 106 and inquire security protection attribute information corresponding to file characteristic value and be kept in buffer memory.If the monitoring point that this process has triggered real-time protection business module again later, can calculate the file characteristic value of this process respective file, according to this document eigenwert, from local cache, inquire about corresponding security protection attribute information, example as described in Figure 1 example can be carried out the inquiry of the whole buffer memory of real-time protection, local file black and white buffer memory, cloud access vector cache successively, the condition of inquiry is file characteristic value corresponding to this process, as long as there is a cache hit, directly notify the driver module of bottom to process accordingly according to buffer memory.
The defect of prior art is:
Each business module adopts separate caching process mechanism, and each business module is set up own proprietary spatial cache in internal memory.Such as wooden horse killing business module has the file characteristic value (such as MD5 hashed value) of oneself and the caching mechanism of corresponding black and white attribute, real-time protection business module also has the file characteristic value of maintenance process file and the caching mechanism of corresponding black and white attribute of oneself.For the data security protective treatment system that is integrated with two or more business modules, if same process triggers the monitoring point of different business module, this each business module each other independently caching mechanism can cause repeatedly double counting and obtain the file characteristic value information of same process respective file and to the operation of security protection attribute information corresponding to cloud server inquiry identical file, be repeated file system input and output (IO) operations, repeated CPU calculates and to EMS memory occupation, repeated network inquiry etc., make the overall performance expense of data security protective treatment system very large.
In addition, in prior art because the update strategy in each business module caching mechanism has difference, can cause the data security protective treatment system that is integrated with two or more business modules for example, to judge to the security protection attribute information of identical file (black and white attribute) phenomenon that appearance does not match, the performance of each business module when processing same process file differs like this, conflicting, cause the consistance of each service security protective treatment poor.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of data security protective treatment system and method and storage medium, to reduce the overall performance expense of data security protective treatment system, improves the consistance of each service security protective treatment.
Technical scheme of the present invention is achieved in that
A data security protective treatment system, comprises business module, unique caching module, query interface and interpolation interface, wherein:
Described unique caching module is for data recording corresponding to buffer memory process, and described data recording comprises file identification and the corresponding security protection attribute information thereof of process respective file;
The security protection attribute information that in described unique caching module, the file identification of buffer memory is corresponding comprises the whether information of safety of this document, or further comprises safe handling policy information that this document is corresponding and/or the effective time of this security protection attribute information;
Described query interface is for the security protection attribute information from described unique caching module inquiry file sign and/or correspondence;
Described interpolation interface is for adding file identification and corresponding security protection attribute information thereof to described unique caching module;
Described business module is used for: behind the monitoring point of certain this business module of process triggers, call described query interface and from described unique caching module, inquire about file identification and/or the corresponding security protection attribute information of this process respective file, carry out afterwards concrete data security protective treatment; If do not inquire file identification and/or the corresponding security protection attribute information of this process respective file, determine corresponding file identification and the security protection attribute information of this process, and call described interpolation interface, file identification and security protection attribute information after determining are added in described unique caching module.
A data security protection processing method in data security protective treatment system, comprising:
Setting is independent of the unique caching module of the business module of described data security protective treatment system, this unique caching module is for data recording corresponding to buffer memory process, and described data recording comprises file identification and the corresponding security protection attribute information thereof of process respective file;
The security protection attribute information that in described unique caching module, the file identification of buffer memory is corresponding comprises the whether information of safety of this document, or further comprises safe handling policy information that this document is corresponding and/or the effective time of this security protection attribute information;
Behind the monitoring point of certain process triggers business module, from described unique caching module, inquire about file identification and/or the corresponding security protection attribute information of this process respective file, carry out concrete data security protective treatment; If do not inquire file identification and/or the corresponding security protection attribute information of this process respective file, determine corresponding file identification and the security protection attribute information of this process, file identification and security protection attribute information after determining are added in described unique caching module.
Compared with prior art, the solution of the present invention adopts the unique caching module of the business module that is independent of described data security protective treatment system, in process triggers behind the monitoring point of business module, by this business module, from this unified cache module, inquired about file identification and/or the security protection attribute information of this process respective file, if do not inquired, determine that file identification that this process is corresponding and security protection attribute information are (in this process, need to carry out IO operation, CPU calculating and EMS memory occupation and network inquiry), file identification and security protection attribute information after determining are added in described unique caching module.By this processing scheme, for same process triggers the scene of different business module monitoring point, only need to carry out an IO operation, CPU calculating and EMS memory occupation and network inquiry, determine file identification that this process is corresponding and the operation of security protection attribute information, if same process has triggered the monitoring point of other business module again afterwards, needn't repeat corresponding IO operation, CPU calculating and EMS memory occupation and network inquiry, only need to from described unique caching module, inquire about file identification and/or the security protection attribute information of this process respective file.Therefore, the solution of the present invention has reduced the repeated and redundant operation of file system IO, reduced CPU double counting redundancy and to internal memory repeat take, and reduced network inquiry of repeated and redundant etc., and then reduced the overall performance expense of data security protective treatment system.
In addition, each business module of the present invention adopts unified cache module, unified process file sign and the security protection attribute information thereof that be wherein each business module buffer memory, can guarantee that each business module is only for the judgement of the security protection attribute (as black-white-gray attribute) of identical file, avoid the security protection that the caching mechanism update strategy difference of different business module causes to process inconsistent problem, improved the consistance of each service security protective treatment.
accompanying drawing explanation
Fig. 1 is the process flow diagram that the real-time protection business module in existing a kind of data security protective treatment system utilizes process file eigenwert caching technology to carry out protective treatment;
Fig. 2 is the composition schematic diagram of a kind of embodiment of data security protective treatment system of the present invention;
Fig. 3 is the composition schematic diagram of another embodiment of data security protective treatment system of the present invention;
Fig. 4 is a kind of processing flow chart of data security protection processing method of the present invention after triggering monitoring point.
Embodiment
Below in conjunction with drawings and the specific embodiments, the present invention is further described in more detail.
Fig. 2 is the composition schematic diagram of a kind of embodiment of data security protective treatment system of the present invention; Referring to Fig. 2, this data security protective treatment system comprises: business module, unique caching module 201, query interface 202 and interpolation interface 203, wherein:
Described unique caching module 201 is for data recording corresponding to buffer memory process, and described data recording can be specifically a kind of file record, and this document record comprises file identification and the corresponding security protection attribute information thereof of process respective file.
Described query interface 202 is for the security protection attribute informations from described unique caching module 201 inquiry file signs and/or correspondence; Its input value is file identification (as file complete trails information or file characteristic value), and output valve is file identification (as file characteristic value) and/or corresponding security protection attribute information.
Described interpolation interface 203 is for adding file identification and corresponding security protection attribute information thereof to described unique caching module 201; Its input value is file identification and security protection attribute information, and whether output valve for adding successful object information.
In data security protective treatment system of the present invention, at least comprise two business modules, example embodiment as shown in Figure 2 comprises four kinds of business modules, is respectively used to carry out concrete data security protective treatment.Such as real-time protection business module 241 for Firewall of Web Pages real-time guard processing, USB flash disk fire wall real-time guard processing, camera real-time guard processing etc.; Described wooden horse scanning business module 242 is for the trojan horse program in scan-data treatment facility; Described file monitor business module 243 is for carrying out monitoring and protection to the file of certain appointment; Described download protection business module 244 for carrying out monitoring protection processing etc. to this document when download completes data file.
Described each business module of the present invention has a common processing capacity, may be used to: behind the monitoring point of certain this business module of process triggers, call described query interface 202 and from described unique caching module 201, inquire about file identification and/or the corresponding security protection attribute information of this process respective file, carry out afterwards concrete data security protective treatment; If do not inquire file identification and/or the corresponding security protection attribute information of this process respective file, determine corresponding file identification and the security protection attribute information of this process, and call described interpolation interface 203, file identification and security protection attribute information after determining are added in described unique caching module 201.
Described monitoring point refers to the action monitoring target of this business module to program process.For example, for real-time protection business module 241, described monitoring point can be: monitoring facilities process is to the action of adding registration entries in registration table, if certain process has been added registration entries in registration table, triggered the monitoring point of this real-time protection business module, real-time protection business module will carry out real-time protection business processing to this process.Again for example for downloading protection business module 244; described monitoring point can be: whether monitoring downloading process has file to download; if it is triggered the monitoring point of this download protection business module, downloaded protection business module the file that this downloading process is downloaded is downloaded to conservation treatment.
The file record of 201 buffer memorys of unique caching module of the present invention can comprise many, and each file record comprises file identification and the corresponding security protection attribute information thereof of this document.Described security protection attribute information has mainly comprised the whether information of safety of this document, or further comprises effective time etc. of corresponding safe handling policy information and/or this security protection attribute information.Described file whether the information of safety such as being black-white-gray attribute information: " black " represents that this document is dangerous (is generally virus and waits file) conventionally, and corresponding safe handling strategy normally stops the processing such as operation, removing immediately; " in vain " represents that this document is safe, and corresponding safe handling strategy normally allows the processing such as operation; " ash " represents this document whether safety is unknown, the normally processing such as report and alarm of corresponding safe handling strategy.Certainly described safe handling strategy can be adjusted according to service needed, is not changeless.
In one embodiment, described file identification is: file characteristic value, described business module specifically for: behind the monitoring point of certain this business module of process triggers, determine the file characteristic value of this process respective file, from disk, find this document, according to the content of file, calculate the file characteristic value of this document, such as utilizing MD5 algorithm to calculate the MD5 hashed value of this document, be a kind of file characteristic value, can identify uniquely this document, as long as file content is constant, this document eigenwert just can not change, then call described query interface 202 and from described unique caching module 201, inquire about security protection attribute information corresponding to this document eigenwert, then according to the security protection attribute information inquiring, file corresponding to described process carried out to respective handling, content and policy information that concrete processing mode comprises to security protection attribute information are relevant, the present invention does not limit.
But when initialization, the file record that there is no described process respective file in described unique caching module 201, at this moment described business module can not inquire security protection attribute information corresponding to described file characteristic value from unique caching module 201, now need to determine corresponding security protection attribute information, specifically by described file characteristic value, to cloud server, inquire about security protection attribute information corresponding to this document eigenwert (on cloud server, normally file characteristic value is stored with corresponding security protection attribute information binding), and call described interpolation interface 203, described file characteristic value and corresponding security protection attribute information are added in described unique caching module 201.
In another kind of embodiment, described file identification is: file complete trails information and file characteristic value.Described file complete trails information can be file complete trails character string, or can be the cryptographic hash of this document complete trails character string.Described business module specifically for: behind the monitoring point of certain this business module of process triggers, determine the file complete trails information of this process respective file, specifically can, from the file complete trails information of this in-process intercepting respective file, then call described query interface 202 and from described unique caching module 201, inquire about file characteristic value corresponding to this document complete trails information and/or corresponding security protection attribute information.Then according to the security protection attribute information inquiring, file corresponding to described process carried out to respective handling, content and policy information that concrete processing mode comprises to security protection attribute information are relevant, and the present invention does not limit.The described file characteristic value inquiring can be carried out follow-up business treatment region at business module and be divided process file, for example, when reporting process file statistical information, with this document eigenwert, distinguish different process files.
But when initialization, the file record that there is no described process respective file in described unique caching module 201, at this moment described business module can not inquire file characteristic value corresponding to described file complete trails information and/or corresponding security protection attribute information from unique caching module 201, now need to determine the file characteristic value of this document and corresponding security protection attribute information, concrete definite mode is the same, call afterwards described interpolation interface 203, using described file complete trails information and file characteristic value as file identification, file identification and corresponding security protection attribute information are added in described unique caching module 201 as a file record.
A field information that file record comprises for described unique caching module institute buffer memory as shown in table 1 below:
Table 1
By above-mentioned initialization process, for same process triggers the scene of different business module monitoring point, only need to carry out an IO operation, CPU calculating and EMS memory occupation and network inquiry, determine file identification that this process is corresponding and the operation of security protection attribute information, if same process has triggered the monitoring point of other business module again afterwards, needn't repeat corresponding IO operation, CPU calculating and EMS memory occupation and network inquiry, only need to from described unique caching module 201, inquire about file identification and/or the security protection attribute information of this process respective file.Therefore, the solution of the present invention has reduced the repeated and redundant operation of file system IO, reduced CPU double counting redundancy and to internal memory repeat take, and the network inquiry etc. that has reduced repeated and redundant.
In addition in the prior art, when the frequent triggering of a certain process some (or one group) control point, just need its file characteristic value of calculating repeatedly.Equally, if during a plurality of monitoring group of a plurality of process triggers, also calculation document eigenwert frequently.Calculation document eigenwert can cause the loss in the performances such as the disk I/O expense of system becomes large, and CPU usage uprises, and network traffics are large, causes user's security protection disposal system to occur moving phenomenon slowly, and user experiences very bad.And the scheme of employing above-described embodiment, by described file complete trails information, as a kind of file identification, inquire about corresponding security protection attribute information and/or file characteristic value, needn't carry out the calculating of file characteristic value repeatedly and (only when adding, calculate one time file characteristic value in unique caching module, while inquiring about afterwards, needn't again calculate), but file characteristic value is calculated, and corresponding high in the clouds query manipulation is converted into the query manipulation that reads of buffer memory in internal memory, therefore further first mate reduces disk I/O and the CPU calculating consumption producing when file characteristic value is calculated, first mate has improved the performance of system, strengthened the handling capacity of system.It can effectively must solve the problem of frequent IO expense, CPU usage that each business independence caching mechanism brings network traffics expense high, that repeatedly cloud inquiry brings and backstage inquiry load.
Fig. 3 is the composition schematic diagram of another embodiment of data security protective treatment system of the present invention; Referring to Fig. 3, this data security protective treatment system, except module and interface described in comprising Fig. 2, also further comprises more new interface 205, for upgrading file identification and/or the corresponding security protection attribute information of described unique caching module 201 buffer memorys; Its input value is file identification and/or corresponding security protection attribute information, and output valve is the object information whether being updated successfully.
Described system also at least comprises following arbitrary module:
Background administration module 261, can be arranged on server end, for new interface 205 more described in initiatively calling, according to Background control, a certain the security protection attribute information that (or a few) file identification is corresponding of buffer memory in described unique caching module 201 upgraded in instruction; This renewal is processed operation and is initiatively initiated by management staff, for respond timely fast the client of security protection disposal system wrong report, the situation such as fail to report, and can further guarantee that each business module is only for the black-white-gray determined property of identical file, the different problem of attribute of further avoiding the caching mechanism update strategy difference of different business to cause.
File monitor module 262, for file corresponding to monitoring process, whether change, for example can be according to the file on the file complete trails information monitoring disk of this document, when there is change in this document, redefine the file identification that this document is corresponding, if for example the content of file changes, recalculate the file characteristic value of this document, the file identification that described in calling afterwards, more new interface 205 is upgraded this document in described unique caching module 201 is file characteristic value.Can guarantee that like this information that unique caching module 201 is preserved is correct, effective all the time.Can avoid some malice trojan horse programs to revise self to reach the object of hiding the killing of data security protective treatment system when operation.
Idle scan module 263, All Files record for unique caching module 201 described in timing scan, whether file identification and/or its security protection attribute information in inquiry file record have change, if there is change, the file identification in described unique caching module 201 and/or its security protection attribute information are carried out to corresponding renewal; Thereby guarantee the ageing of all records.All file records in unique caching module 201 described in run-down week about for example, according to finding corresponding file in the file complete trails information degaussing dish in file record, calculate the file characteristic value of this document, check that whether this document eigenwert is identical with original file characteristic value in unique caching module 201, if difference is upgraded original file characteristic value; Utilize described file characteristic value to inquire about security protection attribute information corresponding to this document eigenwert (on cloud server, normally file characteristic value is stored with corresponding security protection attribute information binding) to cloud server simultaneously, check that more whether this security protection attribute information is identical with original security protection attribute information in unique caching module 201, if difference is upgraded original security protection attribute information.
Manual scanning module 264, for receiving the update instruction of user's input, described in calling, more new interface 205 is upgraded the file identification of this update instruction appointment and/or the security protection attribute information of correspondence.For example this manual scanning module 264 can provide display interface, for All Files sign and the corresponding security protection attribute information thereof that shows that described unique caching module 201 is preserved, by user, manually select all or part of file record wherein, whether file identification and/or its security protection attribute information that inquiry filesselected records respective file have change, if there is change, the file identification in described unique caching module 201 and/or its security protection attribute information are carried out to corresponding renewal.Be different from above-mentioned background administration module 261 and idle scan module 263.Described manual scanning is to be triggered by user, and described data security protective treatment system is upgraded the content in unified cache module 201 passively.
In addition, system of the present invention can also comprise a delete interface 207, for according to the file identification of input, deletes this document and identify corresponding file record from described unique caching module 201.Conventionally this delete interface 207 calls for the described any module in system of the present invention, as long as the file identification (as file complete trails information) of the input deleted file of wanting, delete this document and identify corresponding file record, the result that this interface returns is the information of whether successfully deleting.For example described file monitor module 262 has disappeared at the file monitoring under a certain file complete trails, call described delete interface 207, to delete interface 207 input this document complete trails information, this delete interface 207 is deleted file record corresponding to this document complete trails information from described unique caching module 201, thereby avoids the spatial cache of garbage waste unique caching module 201.
Certainly, above-mentioned query interface 202, add interface 203, more new interface 205, the called relation of delete interface 207 is not limited to the called relation shown in Fig. 1 and Fig. 2, these interfaces can be opened to any one module in described security protection disposal system and call, as long as this module has relevant demand, just can call corresponding interface, as long as the value of this interface regulation input of input, for example described background administration module 261 also can call and add interface 203, to adding interface 203 input file sign and security protection attribute informations, add interface 203 and can in described unique caching module 201, add a file record, comprise inputted file identification and security protection attribute information.
The invention also discloses the data security protection processing method in a kind of data security protective treatment system, the method comprises:
Setting is independent of the unique caching module of the business module of described data security protective treatment system.This unique caching module is for data recording corresponding to buffer memory process, and described data recording can be specifically a kind of file record, and described file record comprises file identification and the corresponding security protection attribute information thereof of this document;
If the monitoring point of certain process triggers business module, referring to Fig. 4, specifically comprises:
The monitoring point of step 401, certain process triggers business module.
Step 402, this business module are inquired about file identification and/or the corresponding security protection attribute information of this process respective file from described unique caching module.
Step 403 ~ 404, whether inquire described file identification and/or corresponding security protection attribute information, if it is carry out concrete data security protective treatment, otherwise execution step 405.
Step 405, determine file identification and security protection attribute information that this process is corresponding, file identification and security protection attribute information after determining are added in described unique caching module.
In one embodiment, in described unique caching module, the file identification of buffer memory is: file characteristic value, behind the monitoring point of certain process triggers business module, described concrete mode of inquiring about the file identification of this process respective file and/or the security protection attribute information of correspondence from unique caching module is: the file characteristic value of determining this process respective file, from disk, find this document, according to the content of file, calculate the file characteristic value of this document, such as utilizing MD5 algorithm to calculate the MD5 hashed value of this document, then from described unique caching module, inquire about security protection attribute information corresponding to this document eigenwert, then according to the security protection attribute information inquiring, file corresponding to described process carried out to respective handling, content and policy information that concrete processing mode comprises to security protection attribute information are relevant, the present invention does not limit.
But when initialization, the file record that there is no described process respective file in described unique caching module, at this moment described business module can not inquire security protection attribute information corresponding to described file characteristic value from unique caching module, now need to determine corresponding security protection attribute information, specifically by described file characteristic value, to cloud server, inquire about security protection attribute information corresponding to this document eigenwert, and described file characteristic value and corresponding security protection attribute information are added in described unique caching module.
In one embodiment, in described unique caching module, the file identification of buffer memory is: file complete trails information and file characteristic value; Described file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.And, behind the monitoring point of certain process triggers business module, the described concrete grammar of inquiring about the file identification of this process respective file and/or the security protection attribute information of correspondence from unique caching module is: the file complete trails information of determining this process respective file, from described unique caching module, inquire about file characteristic value corresponding to this document complete trails information and/or corresponding security protection attribute information, then according to the security protection attribute information inquiring, file corresponding to described process carried out to respective handling, content and policy information that concrete processing mode comprises to security protection attribute information are relevant, the present invention does not limit.The described file characteristic value inquiring can be carried out follow-up business treatment region at business module and be divided process file, for example, when reporting process file statistical information, with this document eigenwert, distinguish different process files.
When initialization, the file record that there is no described process respective file in described unique caching module, at this moment described business module can not inquire file characteristic value corresponding to described file complete trails information and/or corresponding security protection attribute information from unique caching module, now need to determine the file characteristic value of this document and corresponding security protection attribute information, concrete definite mode is the same, call afterwards described interpolation interface 203, using described file complete trails information and file characteristic value as file identification, file identification and corresponding security protection attribute information are added in described unique caching module as a file record.
Method of the present invention can further include: the file identification of buffer memory in described unique caching module and/or corresponding security protection attribute information are upgraded, concrete update method at least comprise following any:
(a) according to Background control, the security protection attribute information corresponding to file identification of buffer memory in described unique caching module upgraded in instruction;
(b) whether the file that monitoring process is corresponding is changed, and when change occurs file, upgrades the file identification of this document in described unique caching module;
(c) the All Files record in unique caching module described in timing scan, whether file identification and/or its security protection attribute information in inquiry file record have change, if there is change, the file identification in described unique caching module and/or its security protection attribute information are carried out to corresponding renewal;
(d) receive the update instruction of user's input, according to the file identification of appointment in this update instruction and/or corresponding security protection attribute information, the file identification in described unique caching module and/or its security protection attribute information are carried out to corresponding renewal.
Method of the present invention can further include: after the file that file record is corresponding in described unified buffer module disappears in disk, from described unique caching module, delete corresponding file record.For example the present invention can Real-Time Monitoring described in file situation under file complete trails described in each file record, after file under monitoring a certain file complete trails disappears (as user has deleted this document or user has unloaded relative program etc.), from described unique caching module, delete file record corresponding to this document complete trails information, thereby avoid the spatial cache of garbage waste unique caching module.
In the prior art, when the frequent triggering of a certain process some (or one group) control point, just need its file characteristic value of calculating repeatedly.Equally, if during a plurality of monitoring group of a plurality of process triggers, also calculation document eigenwert frequently.Calculation document eigenwert can cause the loss in the performances such as the disk I/O expense of system becomes large, and CPU usage uprises, and network traffics are large, causes user's security protection disposal system to occur moving phenomenon slowly, and user experiences very bad.
In order to overcome above-mentioned defect of the prior art, the invention also discloses a kind of data security protection processing method, the method can be applied in the security protection disposal system of unique caching module that above-mentioned having be independent of business module, also can be applied in the security protection disposal system that each business module adopts separate caching process mechanism.The method comprises:
Adopt the file of file complete trails data separation local client, file record corresponding to buffer memory process in the buffer memory of business module, described file record comprises the file complete trails information of this document and the file characteristic value of this document and corresponding security protection attribute information thereof; Described file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.
Behind the monitoring point of certain process triggers business module, determine the file complete trails information of this process respective file, from buffer memory corresponding to this business module, (can be the independent buffer memory of this business module, also can be the unified buffer module of security protection disposal system, as described in above-described embodiment) middle corresponding file characteristic value and/or the corresponding security protection attribute information of file complete trails information of inquiring about this process respective file, carries out concrete data security protective treatment, if do not inquire file characteristic value and/or the corresponding security protection attribute information (when initialization) of this process respective file, determine corresponding file characteristic value and the security protection attribute information of this process, according to file complete trails information, from disk, find this document, according to the content of file, calculate the file characteristic value of this document, such as utilizing MD5 algorithm to calculate the MD5 hashed value of this document, be a kind of file characteristic value, can identify uniquely this document, as long as file content is constant, this document eigenwert just can not change, file characteristic value after determining and security protection attribute information and described file complete trails information are added in the described buffer memory that this business module is corresponding as a file record afterwards.
Adopt such scheme, by described file complete trails information, inquire about corresponding security protection attribute information and/or file characteristic value, needn't carry out the calculating of file characteristic value repeatedly and (while only adding, calculate one time file characteristic value in the buffer memory corresponding to business module, while inquiring about afterwards, needn't again calculate), but file characteristic value is calculated, and corresponding high in the clouds query manipulation is converted into the query manipulation that reads of buffer memory in internal memory, therefore can first mate reduce disk I/O and the CPU calculating consumption producing when file characteristic value is calculated, first mate has improved the performance of system, strengthened the handling capacity of system.It can effectively must solve the problem of frequent IO expense, CPU usage that each business independence caching mechanism brings network traffics expense high, that repeatedly cloud inquiry brings and backstage inquiry load.
Because having adopted the mode of query caching, the present invention obtains file characteristic value, its calculated amount will reduce greatly according to the calculated amount of file content calculation document eigenwert in compared to existing technology, even if therefore do not use three layers of caching technology described in prior art also can reduce the total system expense of data security protective treatment system.Certainly, the present invention also can adopt existing three layers of caching technology further to reduce the performance cost of data security protective treatment system in described unique caching.
Each embodiment of the present invention can realize by the program of being carried out as computing machine by data processing equipment.Obviously, program has formed the present invention.In addition, be conventionally stored in a program in storage medium by directly program being read out to storage medium or by by installation or copy in the memory device (as hard disk and or internal memory) of data processing equipment and carry out.Therefore, such storage medium has also formed the present invention.Storage medium can be used the recording mode of any type, such as paper storage medium (as paper tape etc.), magnetic storage medium (as floppy disk, hard disk, flash memory etc.), optical storage media (as CD-ROM etc.), magnetic-optical storage medium (as MO etc.) etc.
Therefore the invention also discloses a kind of storage medium, wherein store computer program, this computer program is for any embodiment of said method of the present invention.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, be equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.

Claims (13)

1. a data security protective treatment system, is characterized in that, comprises business module, unique caching module, query interface and interpolation interface, wherein:
Described unique caching module is for data recording corresponding to buffer memory process, and described data recording comprises file identification and the corresponding security protection attribute information thereof of process respective file;
The security protection attribute information that in described unique caching module, the file identification of buffer memory is corresponding comprises the whether information of safety of this document, or further comprises safe handling policy information that this document is corresponding and/or the effective time of this security protection attribute information;
Described query interface is for the security protection attribute information from described unique caching module inquiry file sign and/or correspondence;
Described interpolation interface is for adding file identification and corresponding security protection attribute information thereof to described unique caching module;
Described business module is used for: behind the monitoring point of certain this business module of process triggers, call described query interface and from described unique caching module, inquire about file identification and/or the corresponding security protection attribute information of this process respective file, carry out afterwards concrete data security protective treatment; If do not inquire file identification and/or the corresponding security protection attribute information of this process respective file, determine corresponding file identification and the security protection attribute information of this process, and call described interpolation interface, file identification and security protection attribute information after determining are added in described unique caching module.
2. system according to claim 1, is characterized in that, this system further comprises more new interface, for upgrading file identification and/or the corresponding security protection attribute information of described unique caching module buffer memory;
Also at least comprise following arbitrary module:
Background administration module, for new interface more described in calling, according to Background control, the security protection attribute information corresponding to file identification of buffer memory in described unique caching module upgraded in instruction;
Whether file monitor module, change for the file that monitoring process is corresponding, and when change occurs file, described in calling, more new interface is upgraded the file identification of this document in described unique caching module;
Idle scan module, all data recording for unique caching module described in timing scan, whether file identification and/or its security protection attribute information in data query record have change, if there is change, the file identification in described unique caching module and/or its security protection attribute information are carried out to corresponding renewal;
Manual scanning module, for receiving the update instruction of user's input, described in calling, more new interface is upgraded the file identification of this update instruction appointment and/or the security protection attribute information of correspondence.
3. system according to claim 1, is characterized in that, this system further comprises delete interface, for according to the file identification of input, deletes this document and identify corresponding data recording from described unique caching module.
4. system according to claim 1, is characterized in that,
In described unique caching module, the file identification of buffer memory is: file complete trails information and file characteristic value;
Described business module specifically for: behind the monitoring point of described this business module of process triggers, determine the file complete trails information of this process respective file, call described query interface and from described unique caching module, inquire about file characteristic value corresponding to this document complete trails information and/or corresponding security protection attribute information.
5. system according to claim 4, is characterized in that, described file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.
6. system according to claim 1, is characterized in that,
In described unique caching module, the file identification of buffer memory is: file characteristic value;
Described business module specifically for: behind the monitoring point of described this business module of process triggers, determine the file characteristic value of this process respective file, call described query interface and from described unique caching module, inquire about security protection attribute information corresponding to this document eigenwert.
7. system according to claim 1, is characterized in that, described data security protective treatment system comprises at least two business modules.
8. a data security protection processing method, is characterized in that, comprising:
Setting is independent of the unique caching module of the business module of data security protective treatment system, this unique caching module is for data recording corresponding to buffer memory process, and described data recording comprises file identification and the corresponding security protection attribute information thereof of process respective file;
The security protection attribute information that in described unique caching module, the file identification of buffer memory is corresponding comprises the whether information of safety of this document, or further comprises safe handling policy information that this document is corresponding and/or the effective time of this security protection attribute information;
Behind the monitoring point of certain process triggers business module, from described unique caching module, inquire about file identification and/or the corresponding security protection attribute information of this process respective file, carry out concrete data security protective treatment; If do not inquire file identification and/or the corresponding security protection attribute information of this process respective file, determine corresponding file identification and the security protection attribute information of this process, file identification and security protection attribute information after determining are added in described unique caching module.
9. method according to claim 8, is characterized in that, the method further comprises: the file identification of buffer memory in described unique caching module and/or corresponding security protection attribute information are upgraded, concrete update method at least comprise following any:
According to Background control, the security protection attribute information corresponding to file identification of buffer memory in described unique caching module upgraded in instruction;
For file corresponding to monitoring process, whether change, when change occurs file, upgrade the file identification of this document in described unique caching module;
All data recording described in timing scan in unique caching module, whether file identification and/or its security protection attribute information in data query record have change, if there is change, the file identification in described unique caching module and/or its security protection attribute information are carried out to corresponding renewal;
Receive the update instruction of user's input, according to the file identification of appointment in this update instruction and/or corresponding security protection attribute information, the file identification in described unique caching module and/or its security protection attribute information are carried out to corresponding renewal.
10. method according to claim 8, is characterized in that,
In described unique caching module, the file identification of buffer memory is: file complete trails information and file characteristic value;
Behind the monitoring point of certain process triggers business module, described file identification and/or the corresponding security protection attribute information of inquiring about this process respective file from unique caching module, be specially: determine the file complete trails information of this process respective file, from described unique caching module, inquire about file characteristic value corresponding to this document complete trails information and/or corresponding security protection attribute information.
11. methods according to claim 8, is characterized in that,
In described unique caching module, the file identification of buffer memory is: file characteristic value;
Behind the monitoring point of certain process triggers business module, described file identification and/or the corresponding security protection attribute information of inquiring about this process respective file from unique caching module, be specially: determine the file characteristic value of this process respective file, call described query interface and from described unique caching module, inquire about security protection attribute information corresponding to this document eigenwert.
12. methods according to claim 8, is characterized in that, described definite corresponding file identification and security protection attribute information of described process, specifically comprises: in disk, search file corresponding to described process; According to the content calculation document eigenwert of this document, using this document eigenwert as file identification, or further obtain the file complete trails information of this document, using the file characteristic value of this document and file complete trails information as file identification; According to this document eigenwert, to cloud server inquiry, obtain security protection attribute information corresponding to this document eigenwert.
13. according to the method described in claim 10 or 12, it is characterized in that, described file complete trails information is: the cryptographic hash of file complete trails character string or this document complete trails character string.
CN201210185835.XA 2012-06-07 2012-06-07 Data safety protection processing system, method and storage medium Active CN102693388B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210185835.XA CN102693388B (en) 2012-06-07 2012-06-07 Data safety protection processing system, method and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210185835.XA CN102693388B (en) 2012-06-07 2012-06-07 Data safety protection processing system, method and storage medium

Publications (2)

Publication Number Publication Date
CN102693388A CN102693388A (en) 2012-09-26
CN102693388B true CN102693388B (en) 2014-03-19

Family

ID=46858813

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210185835.XA Active CN102693388B (en) 2012-06-07 2012-06-07 Data safety protection processing system, method and storage medium

Country Status (1)

Country Link
CN (1) CN102693388B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982275A (en) * 2012-11-14 2013-03-20 北京奇虎科技有限公司 Security control method and device for running applications
CN103281325B (en) 2013-06-04 2018-03-02 北京奇虎科技有限公司 Document handling method and device based on cloud security
CN103617381B (en) * 2013-11-21 2018-03-16 北京奇安信科技有限公司 The authority configuring method and authority configuration system of equipment
CN104102358A (en) * 2014-07-18 2014-10-15 北京奇虎科技有限公司 Privacy information protecting method and privacy information protecting device
CN104392175B (en) 2014-11-26 2018-05-29 华为技术有限公司 Cloud application attack processing method, apparatus and system in a kind of cloud computing system
CN106302641B (en) * 2016-07-27 2019-10-01 北京小米移动软件有限公司 A kind of methods, devices and systems of upper transmitting file
CN106455049B (en) 2016-09-18 2020-03-03 北京小米移动软件有限公司 Positioning method and device based on wireless local area network
CN108073823B (en) * 2016-11-18 2021-04-20 阿里巴巴集团控股有限公司 Data processing method, device and system
CN110059110B (en) * 2019-04-12 2021-05-28 北京百度网讯科技有限公司 Business data security processing method and device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101090401A (en) * 2007-05-25 2007-12-19 金蝶软件(中国)有限公司 Data buffer store method and system at duster environment
CN101882156A (en) * 2010-06-13 2010-11-10 用友软件股份有限公司 Controllable cache method and system of Silverlight client side

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101090401A (en) * 2007-05-25 2007-12-19 金蝶软件(中国)有限公司 Data buffer store method and system at duster environment
CN101882156A (en) * 2010-06-13 2010-11-10 用友软件股份有限公司 Controllable cache method and system of Silverlight client side

Also Published As

Publication number Publication date
CN102693388A (en) 2012-09-26

Similar Documents

Publication Publication Date Title
CN102693388B (en) Data safety protection processing system, method and storage medium
US9690671B2 (en) Manifest-based snapshots in distributed computing environments
CN102667772B (en) File level hierarchical storage management system, method, and apparatus
US8090917B2 (en) Managing storage and migration of backup data
KR101869156B1 (en) Method and device for updating object data in object storage system
US9251152B1 (en) Efficient method for relocating shared memory
CN105474678A (en) Centralized selective application approval for mobile devices
US20150113011A1 (en) File system directory attribute correction
US20120166492A1 (en) Database transfers using constraint free data
GB2520361A (en) Method and system for a safe archiving of data
CN103197987A (en) Data backup method, data recovery method and cloud storage system
US9002908B2 (en) System and method for automatically routing and managing stored documents based on document content
JP3290801B2 (en) Resource location detection method
CN107483631B (en) Method for controlling cache to realize mobile internet service access
CN100473023C (en) Cleaning method of redundant data of the IPTV system
CN106936907A (en) A kind of document handling method, logical server, access server and system
JP2005063139A (en) Computer system and program
CN101556583A (en) Method for efficiently controlling embedded linux file system version
US10514961B1 (en) Enhanced cookie management for file workflows
KR100881552B1 (en) Method for managinglifecycle of computer
US20190347337A1 (en) Path name cache for notifications of file changes
CN109165078B (en) Virtual distributed server and access method thereof
US20200250136A1 (en) Domains-based snapshots for efficient membership retrieval and governance
CN109766362B (en) Data processing method and device
US20210096763A1 (en) Method, device, and computer program product for managing storage system

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210918

Address after: 518057 Tencent Building, No. 1 High-tech Zone, Nanshan District, Shenzhen City, Guangdong Province, 35 floors

Patentee after: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.

Patentee after: TENCENT CLOUD COMPUTING (BEIJING) Co.,Ltd.

Address before: 2, 518044, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.