CN103198253A - Method and system of file operation - Google Patents
Method and system of file operation Download PDFInfo
- Publication number
- CN103198253A CN103198253A CN2013101090782A CN201310109078A CN103198253A CN 103198253 A CN103198253 A CN 103198253A CN 2013101090782 A CN2013101090782 A CN 2013101090782A CN 201310109078 A CN201310109078 A CN 201310109078A CN 103198253 A CN103198253 A CN 103198253A
- Authority
- CN
- China
- Prior art keywords
- security
- client
- file destination
- control center
- management control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 15
- 238000012544 monitoring process Methods 0.000 claims description 6
- 238000007726 management method Methods 0.000 description 64
- 230000006870 function Effects 0.000 description 7
- 238000000605 extraction Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000000840 anti-viral effect Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000001846 repelling effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system for controlling file operation. The method includes intercepting an operation request when the operation request of object operation to an object file is monitored and obtaining security attribute information which includes private attribute and public attribute of the object file from the management control center of a security control server through network by a client, wherein the private attribute is the security class information set for the object file by a security administrator of the management control center, determining whether permitting the object operation to the object file according to the security attribute information of the object file and a security strategy which is for the current client and obtained from the management control center, and processing the intercepted request according to the determining result. According to the method and the system of file operation and control, enterprise security products have individualized characteristics of different enterprises, and the great flexibility of the security control can be obtained.
Description
Technical field
The present invention relates to enterprise version safety technique field, be specifically related to the method and system of operating file.
Background technology
In traditional enterprise network environment, piling up all kinds of different safety desktop products on the enterprise terminal computer, as anti-viral software etc., these software products are usually from different vendor, can't unified management, and take a large amount of system resource, influence the work efficiency of enterprise greatly.For addressing this problem, the enterprise version safety product has also just arisen at the historic moment.Usually (management control center is deployed on the server of IT personal managements such as webmaster the enterprise version safety product by management control center and safety product client two parts, client is installed on each employee's the PC) form, wherein, management control center is that concentration of enterprises managing intranet computer has been built an all-round platform, has satisfied vast enterprise for active demands such as concentrated virus killing, health check-up, patch installing in uniform platform.As seen, in the enterprise version safety product, management control center has been equivalent to play the part of the role of acting server, for each client of enterprises provides service, like this, be equivalent to form " the privately owned cloud " of a kind of enterprise network inside, when having only the data that on acting on behalf of server, do not have client-requested, just can download from " public cloud ", therefore, can save bandwidth resources.Yet this " privately owned cloud " system is still waiting to improve and improve in function.
Summary of the invention
In view of the above problems, the present invention has been proposed in order to a kind of file operation control method and system that overcomes the problems referred to above or address the above problem at least in part is provided, can make the enterprise version safety product embody the personalization features at different enterprises, aspect security control, embody stronger dirigibility.
According to one aspect of the present invention, a kind of file operation control method is provided, comprising:
Client is monitored the object run behavior of file destination;
When monitoring when file destination carried out the operation requests of object run behavior, described request is tackled, and obtained the security attribute information of described file destination by client by network to the management control center of security control server; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, the security class information of the described file destination that the security class information that the safety officer that described privately owned attribute is management control center arranges for described file destination, described publicly-owned attribute get access to for the feature database that presets by inquiry;
According to the security attribute information of described file destination and from the security strategy at active client that described management control center gets access to, judge whether to allow operation that described file destination is carried out described object run behavior; Described security strategy is used for preserving the security attribute information set that allows and/or do not allow to carry out at active client the file of described object run behavior;
According to judged result the request of intercepting is handled.
Alternatively, also comprise:
, according to the difference of the residing physical region of client to security requirement physical region is divided at management control center, and be respectively the different security strategy of each physical region configuration;
Client sends the request of obtaining security strategy to described management control center;
Described management control center is determined the residing physical region of described client, will return to this client for the security strategy of this physical region configuration.
Alternatively, the described request of intercepting the processing according to judged result comprises:
If described judged result is carried out described object run behavior for allowing to described file destination, then the described request of intercepting is let pass.
Alternatively, the described request of intercepting the processing according to judged result comprises:
If described judged result is carried out described object run behavior for not allowing to described file destination, then the described request of intercepting is abandoned.
Alternatively, also comprise:
Described described request is tackled after, the interface that loaded and displayed presets is in order to show that carrying out security detects.
According to another aspect of the present invention, a kind of file operation control system is provided, comprise client and management control center, wherein, described client comprises:
Monitoring unit is used for the object run behavior of file destination is monitored;
Information acquisition unit, be used for when the operation requests that monitors file destination execution object run behavior, described request is tackled, and obtained the security attribute information of described file destination by client by network to the management control center of security control server; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, the security class information of the described file destination that the security class information that the safety officer that described privately owned attribute is management control center arranges for described file destination, described publicly-owned attribute get access to for the feature database that presets by inquiry;
Judging unit is used for according to the security attribute information of described file destination and from the security strategy at active client that described management control center gets access to, and judges whether to allow operation that described file destination is carried out described object run behavior; Described security strategy is used for preserving the security attribute information set that allows and/or do not allow to carry out at active client the file of described object run behavior;
Processing unit is used for according to judged result the request of intercepting being handled.
Alternatively, described management control center comprises:
Dispensing unit is used for according to the difference of the residing physical region of client to security requirement, physical region is divided, and be respectively the different security strategy of each physical region configuration;
Described client also comprises:
Request unit is used for client and sends the request of obtaining security strategy to described management control center;
Described management control center also comprises:
Determining unit is used for determining the residing physical region of described client, will return to this client for the security strategy of this physical region configuration.
Alternatively, described processing unit comprises:
The clearance subelement is carried out described object run behavior for allowing to described file destination if be used for described judged result, then the described request of intercepting is let pass.
Alternatively, described processing unit comprises:
Abandon subelement, for not allowing described file destination is carried out described object run behavior if be used for described judged result, then the described request of intercepting is abandoned.
Alternatively, described client also comprises:
Display unit, be used for described described request is tackled after, the interface that loaded and displayed presets is in order to show that carrying out security detects.
According to file operation control method of the present invention and system, can be the security strategy of this client configuration according to security attribute information and the management control center of file destination, judge whether to allow on active client, this document to be carried out the object run behavior.Wherein, security attribute information not only can comprise the publicly-owned attribute of the file of determining according to the feature database of business-class security product, can also comprise that the keeper of enterprises is the privately owned attribute of file configuration, and, in security strategy, also be the security attribute information that embodies this two aspect simultaneously, like this, when judging, just can carry out comprehensive judgement based on the information of this two aspect, can aspect security control, embody stronger dirigibility so that the enterprise version safety product embodies the personalization features at different enterprises.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 shows the process flow diagram of method according to an embodiment of the invention; And
Fig. 2 shows the synoptic diagram of system according to an embodiment of the invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Though shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
Referring to Fig. 1, the embodiment of the invention at first provides a kind of file operation control method, and this method can may further comprise the steps:
S101: client is monitored the object run behavior of file destination;
So-called object run behavior can comprise that operational objective file, program check certain file (for example address list etc.) of another program or leave photo in the hard disk in, etc.For convenience of description, hereinafter all be that example is introduced with the operating file.
In embodiments of the present invention, be not the operations such as checking and killing virus of carrying out the scan full hard disk formula, but when the user wants to move certain file (comprise open certain document, open certain executable file etc.), carry out security at this current file that will move and detect, in order to determine whether to allow the active user to move this document.For this reason, can in system, register Hook Function in advance, API(Application Programming Interface to the running paper class, application programming interface) function carries out hook (HOOK), like this, when preparing certain file of operation by the api function that calls correspondence, the address of calling will be turned to the client of the enterprise version safety product in the embodiment of the invention.
S102: when monitoring when file destination carried out the operation requests of object run behavior, described request is tackled, and obtained the security attribute information of described file destination by client by network to the management control center of security control server; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, the security class information of the described file destination that the security class information that the safety officer that described privately owned attribute is management control center arranges for described file destination, described publicly-owned attribute get access to for the feature database that presets by inquiry;
Monitor after the request of certain file destination of operation, just this request can be tackled, also namely temporarily this request can not sent to the place, address at former api function place, but carry out the relevant processing of safety earlier.In embodiments of the present invention, after client is intercepted the request of operational objective file, just can obtain the security attribute information of file destination to the management control center of enterprise version safety product.Specifically when obtaining the security attribute information of file destination to management control center, can carry out feature extraction to file destination in client, the static nature such as filename, md5 value that comprises file destination, can also comprise behavioral characteristics of file destination etc., send to management control center then, come the security attribute information of query aim file at management control center according to the feature of file destination, and then return to client.Perhaps, under another kind of implementation, also can directly file destination be sent to management control center, at management control center file destination be carried out feature extraction then, and inquire about its security attribute information.Wherein, no matter be to carry out Feature Extraction in client, still carry out the extraction of file characteristic at management control center, concrete extracting method can be identical.
Certainly; because management control center usually can corresponding a plurality of clients; therefore; if the style of writing of the as ready in all clients part all uploads to management control center and carries out feature extraction; then can cause taking the management control center storage space on the one hand; on the other hand; under the concurrent situation of a plurality of requests; can cause the phenomenon of queuing; and then the response speed of reduction management control center, therefore, under most situation; all can adopt in client file is carried out feature extraction, upload to the mode of management control center then.
In embodiments of the present invention, the security attribute information of as ready style of writing part can be made up of two parts, and wherein a part is the privately owned attribute of file, and another part is the publicly-owned attribute of file.Wherein, so-called privately owned attribute is to be the security class information of file destination configuration by the keeper in the enterprise, during specific implementation, can in the display interface of management control center, be provided as the operation entry of the privately owned attribute of each file configuration, the keeper can dispose the security class information of each file according to the concrete needs of enterprises.For example, the security class information in the privately owned attribute can be respectively with numeral 70,10,40 represent to deceive, in vain, ash, also, 70 representation files are the most dangerous, 10 representation files are the safest, can not determine the safety into whether for 40.Because when same file is used in different enterprises, its security class may be different, therefore, considers the difference between this enterprise, used the concept of privately owned attribute in the embodiment of the invention, by the keeper of the enterprises security class of enactment document according to actual needs.After having set the privately owned attribute of file, can be at management control center, preserve the mapping table between a file and the privately owned attribute, in this mapping table, the sign of file can be represented with the file filename, but for fear of setting and the record that the file at different filenames, same file content carries out repetition, also can represent with the content check informations such as md5 value of file.Like this, when the request of the security attribute information that receives the client query file destination, just can get access to the privately owned attribute of current goal file by this mapping table of inquiry.
Need to prove, in actual applications, the privately owned attribute of file destination can be when receiving the security attribute information of certain file destination of inquiry first, be configured by the keeper, after configuration, then identification information and the privately owned corresponding relationship between attributes of this file destination can be added in the mapping table, use for other clients of the same file destination of subsequent query.Like this, at the request of obtaining privately owned attribute at every turn, can carry out following flow process: at first inquire about in this mapping table, if there is the information of coupling, then direct privately owned attribute with correspondence returns to client; If there is no, then can require client that this file destination is uploaded to management control center, dispose privately owned attribute for it after being analyzed by the keeper of management control center then, return to client, simultaneously, identification information and the privately owned corresponding relationship between attributes of this file destination are added in the mapping table, by that analogy.
Publicly-owned attribute refers to the security class information of the file determined according to the feature database of enterprise version safety product.The feature database of enterprise version safety product is towards all enterprise version users', there is not the difference between the different enterprises, therefore, for the privately owned attribute that the keeper of each enterprises arranges, the file security information that gets access to according to this feature database becomes publicly-owned attribute.Publicly-owned attribute can 70,10,40 represent to deceive equally with numeral, in vain, ash.When management control center receives the request of the security attribute information of inquiring about certain file destination, just can inquire about this feature database according to the feature that from file destination, extracts, determine the publicly-owned attribute of file destination according to the result of coupling.For example, what preserve in the feature database is a white list and a blacklist, appears in the white list if then find the feature of file destination, proves that then the publicly-owned attribute of this file destination is " in vain ", can be represented by " 10 "; Appear in the blacklist if find the feature of file destination, prove that then the publicly-owned attribute of this file destination is " deceiving ", can be represented by " 70 "; Both do not appeared in the white list if find the feature of file destination, do not appeared in the blacklist yet, proved then that the publicly-owned attribute of this file destination was " ash ", can have been represented by " 40 ".In a word, can obtain the publicly-owned attribute of file destination by the feature database that inquiry is preset.
Wherein, this feature database can be this locality that is kept at management control center, along with your installation of management control center, downloads to this locality, and by long-range enterprise version safety product server it is carried out regular or irregular renewal; When receiving the request of the publicly-owned attribute of inquiring about certain file destination, management control center is directly inquired about according to the feature database that preserve this locality.Perhaps, for fear of the storage space that takies management control center, this feature database also can directly be kept in the server of enterprise version safety product, when management control center receives the request of the publicly-owned attribute of inquiring about certain file destination, query requests can be transmitted to server, determine the publicly-owned attribute of file destination according to the return results of server end.
In a word, after management control center receives the request of the security attribute information of inquiring about certain file destination, can return the private attribute information of this file destination on the one hand, can return the publicly-owned attribute information of this file destination on the other hand, the information of this two aspect is formed the security attribute information of current goal file jointly.All like this security attribute information can be with 9 numerals such as 7070,7010,7040,4070,4010,4040,1070,1010,1040 in privately owned cloud, and the front two of numeral is represented the privately owned attribute of file, the publicly-owned attribute of back two bit representation files.For example, the security attribute information that receives the file destination that management control center returns is 7010, then prove this file destination thought by the feature database of enterprise version safety product safe, but thought by the keeper in the current enterprise unsafe, etc.
Need to prove, after the request of an operating file is tackled, because follow-up safety analysis need of work a period of time, therefore, during the period can interface of presetting of loaded and displayed, in order to show information such as carrying out the security detection.
S103: according to the security attribute information of described file destination and from the security strategy at active client that described management control center gets access to, judge whether to allow operation that described file destination is carried out described object run behavior; Described security strategy is used for preserving the security attribute information set that allows and/or do not allow to carry out at active client the file of described object run behavior;
In embodiments of the present invention, client can also be in advance gets access to security strategy at this client from management control center, and so-called security strategy just allows this client to move which file, and/or does not allow client to move which file.Allow or do not allow the file of client operation to be represented by the set of permission or unallowed security attribute information.For example, at active client, allow the file of operation to comprise that security attribute information is " 1010 ", " 1040 " and " 1070 ", then just can preserve following information in its security strategy: allowing the file in this client operation is the file of " 1010 ", " 1040 " or " 1070 " for security attribute information.Client can be preserved this strategy in this locality, belongs to above-mentioned wherein a kind of if inquire the security attribute information of certain file destination, and then proof allows to move in active client, otherwise, do not allow.
Wherein, the security strategy of client can be sent by agreements such as HTTP by management control center, also, can be configured in the security strategy of management control center to client by the keeper, be handed down to client then, so that client is according to this strategy execution.Wherein, the client in the enterprise network has a plurality of, and is that the security strategy of each client configuration can be identical, also can be different.Under identical situation, can provide unified configuration entrance at management control center, after finishing unified configuration, unified each client that is handed down to; Under different situations, can be respectively each client at management control center security strategy configuration entrance is provided, respectively each client is configured and issues.Perhaps, also can be unified configuration entrance and independent configuration entrance individualism.
When specific implementation, consider in enterprises and often have following situation: not all client all is identical to the requirement of security, but neither each client different to safe requirement, but can client be divided into several classes according to the difference to security requirement.For example, some client is positioned at the core space of enterprise, these clients to the requirement meeting of security than higher, and some client is positioned at the Office Area of enterprise, then these clients are lower slightly to the requirement meeting of security, also some client is positioned at the client area of enterprise, and then these clients are lower to the requirement meeting of security, etc.Therefore, can physical region be divided at management control center according to the difference of the residing physical region of client to security requirement, and be respectively the different security strategy of each physical region configuration, for example, can be as shown in table 1:
Table 1
| Policy name | Allow the file of operation | Forbid the file that moves |
| Nucleus | 1010,1040,1070 | 4010,4040,4070,7010,7040,7070 |
| Administrative Area | 1010,1040,1070,4010 | 4040,4070,7010,7040,7070 |
| Client region | 1010,1040,1070,4010,4040 | 4070,7010,7040,7070 |
| The public domain | 1010,1040,4010,4040,7010,7040 | 1070,4070,7070 |
Also namely, if certain client is in the nucleus of enterprise, then allow the security attribute information of the file that moves in its terminal to comprise 1010,1040,1070, do not allow the security attribute information of the file that moves in its terminal to comprise 4010,4040,4070,7010,7040,7070; If certain client is in the Administrative Area of enterprise, then allow the security attribute information of the file that moves in its terminal to comprise 1010,1040,1070,4010, do not allow the security attribute information of the file that moves in its terminal to comprise 4040,4070,7010,7040,7070, by that analogy.As can be seen, allow the file type of operation more few to the more high zone of safety requirements.For example, only allowing privately owned attribute in the strategy of nucleus is the running paper of " in vain ", and the running paper of publicly-owned attribute for " deceiving " only forbidden in the public domain.Certainly, the corresponding specific strategy of concrete regional dividing mode and zone can be carried out concrete customization according to concrete demand.
The physical region of enterprise is being divided and be respectively after each physical region disposed different security strategies, it can be the request of obtaining security strategy to the management control center initiation by client, management control center can be determined the physical region at this client place according to the information such as IP address of client then, will return to this client for the security strategy of this physical region configuration then.Like this, client just can be come security control has been carried out in the operation of file according to this security strategy.In actual applications, management control center can also regularly or aperiodically upgrade the security strategy of each client.
S104: the request of intercepting is handled according to judged result.
If judgment result displays allows the operation of current goal file, then the request that this can be intercepted is let pass, and like this, the request meeting of operating file arrives the call address of former api function smoothly, carries out opening and follow-up operations such as editor of file.And if judgment result displays is not for allowing the current goal running paper, then the request of intercepting can be abandoned,, the request of operating file can be to the call address of former api function yet, this document also just can't avoid this client to receive the influence of malice file in this client operation.
In a word, in embodiments of the present invention, can be the security strategy of this client configuration according to security attribute information and the management control center of file destination, judge whether to allow on active client, this document to be carried out the object run behavior.Wherein, security attribute information not only can comprise the publicly-owned attribute of the file of determining according to the feature database of business-class security product, can also comprise that the keeper of enterprises is the privately owned attribute of file configuration, and, in security strategy, also be the security attribute information that embodies this two aspect simultaneously, like this, when judging, just can carry out comprehensive judgement based on the information of this two aspect, can aspect security control, embody stronger dirigibility so that the enterprise version safety product embodies the personalization features at different enterprises.
Corresponding with a kind of file operation control method that the embodiment of the invention provides, the embodiment of the invention also provides a kind of file operation control system, comprises client and management control center, and wherein, referring to Fig. 2, described client can comprise:
Judging unit 203 is used for according to the security attribute information of described file destination and from the security strategy at active client that described management control center gets access to, and judges whether to allow operation that described file destination is carried out described object run behavior; Described security strategy is used for preserving the security attribute information set that allows and/or do not allow to carry out at active client the file of described object run behavior;
During specific implementation, described management control center can comprise:
Dispensing unit is used for according to the difference of the residing physical region of client to security requirement, physical region is divided, and be respectively the different security strategy of each physical region configuration;
Described client also comprises:
Request unit is used for client and sends the request of obtaining security strategy to described management control center;
Described management control center also comprises:
Determining unit is used for determining the residing physical region of described client, will return to this client for the security strategy of this physical region configuration.
Concrete, described processing unit 204 can comprise:
The clearance subelement is carried out described object run behavior for allowing to described file destination if be used for described judged result, then the described request of intercepting is let pass.
Perhaps, described processing unit 204 also can comprise:
Abandon subelement, for not allowing described file destination is carried out described object run behavior if be used for described judged result, then the described request of intercepting is abandoned.
In addition, described client can also comprise:
Display unit, be used for described described request is tackled after, the interface that loaded and displayed presets is in order to show that carrying out security detects.
Intrinsic not relevant with any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can be with using based on the teaching at this.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also at any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the instructions that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice under the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate this embodiment thus clearly into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different with this embodiment the module in the equipment among the embodiment.Can become a module or unit or assembly to the module among the embodiment or unit or combination of components, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such feature and/or process or unit at least some are mutually repelling, and can adopt any combination to disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless clearly statement in addition, disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces in this instructions (comprising claim, summary and the accompanying drawing followed).
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included among other embodiment, the combination of features of different embodiment means and is within the scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
Each parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving at one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use microprocessor or digital signal processor (DSP) to realize according to some or all some or repertoire of parts in the file operation opertaing device of the embodiment of the invention in practice.The present invention can also be embodied as for part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides at carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment under the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.Any order is not represented in the use of word first, second and C grade.Can be title with these word explanations.
The application can be applied to computer system/server, and it can be with numerous other universal or special computingasystem environment or configuration operation.The example that is suitable for well-known computing system, environment and/or the configuration used with computer system/server includes but not limited to: personal computer system, server computer system, thin client, thick client computer, hand-held or laptop devices, the system based on microprocessor, set-top box, programmable consumer electronics, NetPC Network PC, Xiao type Ji calculate machine Xi Tong ﹑ large computer system and comprise the distributed cloud computing technological accumulation and inheritance of above-mentioned any system, etc.
Computer system/server can be described under the general linguistic context of the computer system executable instruction of being carried out by computer system (such as program module).Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they are carried out specific task or realize specific abstract data type.Computer system/server can be implemented in distributed cloud computing environment, and in the distributed cloud computing environment, task is by carrying out by the teleprocessing equipment of communication network link.In distributed cloud computing environment, program module can be positioned on the Local or Remote computing system storage medium that comprises memory device.
Claims (10)
1. file operation control method comprises:
Client is monitored the object run behavior of file destination;
When monitoring when file destination carried out the operation requests of object run behavior, described request is tackled, and obtained the security attribute information of described file destination by client by network to the management control center of security control server; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, the security class information of the described file destination that the security class information that the safety officer that described privately owned attribute is management control center arranges for described file destination, described publicly-owned attribute get access to for the feature database that presets by inquiry;
According to the security attribute information of described file destination and from the security strategy at active client that described management control center gets access to, judge whether to allow operation that described file destination is carried out described object run behavior; Described security strategy is used for preserving the security attribute information set that allows and/or do not allow to carry out at active client the file of described object run behavior;
According to judged result the request of intercepting is handled.
2. the method for claim 1 also comprises:
, according to the difference of the residing physical region of client to security requirement physical region is divided at management control center, and be respectively the different security strategy of each physical region configuration;
Client sends the request of obtaining security strategy to described management control center;
Described management control center is determined the residing physical region of described client, will return to this client for the security strategy of this physical region configuration.
3. the method for claim 1, the described request of intercepting the processing according to judged result comprises:
If described judged result is carried out described object run behavior for allowing to described file destination, then the described request of intercepting is let pass.
4. the method for claim 1, the described request of intercepting the processing according to judged result comprises:
If described judged result is carried out described object run behavior for not allowing to described file destination, then the described request of intercepting is abandoned.
5. the method for claim 1 also comprises:
Described described request is tackled after, the interface that loaded and displayed presets is in order to show that carrying out security detects.
6. a file operation control system comprises client and management control center, and wherein, described client comprises:
Monitoring unit is used for the object run behavior of file destination is monitored;
Information acquisition unit, be used for when the operation requests that monitors file destination execution object run behavior, described request is tackled, and obtained the security attribute information of described file destination by client by network to the management control center of security control server; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, the security class information of the described file destination that the security class information that the safety officer that described privately owned attribute is management control center arranges for described file destination, described publicly-owned attribute get access to for the feature database that presets by inquiry;
Judging unit is used for according to the security attribute information of described file destination and from the security strategy at active client that described management control center gets access to, and judges whether to allow operation that described file destination is carried out described object run behavior; Described security strategy is used for preserving the security attribute information set that allows and/or do not allow to carry out at active client the file of described object run behavior;
Processing unit is used for according to judged result the request of intercepting being handled.
7. system as claimed in claim 6, described management control center comprises:
Dispensing unit is used for according to the difference of the residing physical region of client to security requirement, physical region is divided, and be respectively the different security strategy of each physical region configuration;
Described client also comprises:
Request unit is used for client and sends the request of obtaining security strategy to described management control center;
Described management control center also comprises:
Determining unit is used for determining the residing physical region of described client, will return to this client for the security strategy of this physical region configuration.
8. system as claimed in claim 6, described processing unit comprises:
The clearance subelement is carried out described object run behavior for allowing to described file destination if be used for described judged result, then the described request of intercepting is let pass.
9. system as claimed in claim 6, described processing unit comprises:
Abandon subelement, for not allowing described file destination is carried out described object run behavior if be used for described judged result, then the described request of intercepting is abandoned.
10. system as claimed in claim 6, described client also comprises:
Display unit, be used for described described request is tackled after, the interface that loaded and displayed presets is in order to show that carrying out security detects.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310109078.2A CN103198253B (en) | 2013-03-29 | 2013-03-29 | The method and system of operating file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310109078.2A CN103198253B (en) | 2013-03-29 | 2013-03-29 | The method and system of operating file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103198253A true CN103198253A (en) | 2013-07-10 |
| CN103198253B CN103198253B (en) | 2016-03-30 |
Family
ID=48720801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310109078.2A Active CN103198253B (en) | 2013-03-29 | 2013-03-29 | The method and system of operating file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103198253B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103646207A (en) * | 2013-12-02 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for managing security attribute of application program |
| CN104104728A (en) * | 2014-07-23 | 2014-10-15 | 小米科技有限责任公司 | Data transmission method and device |
| WO2015022696A1 (en) * | 2013-08-14 | 2015-02-19 | Hewlett-Packard Development Company, L.P. | Automating monitoring of computing resource in cloud-based data center |
| CN104850775A (en) * | 2014-02-14 | 2015-08-19 | 北京奇虎科技有限公司 | Method and device for assessing safety of application program |
| CN104899515A (en) * | 2014-03-04 | 2015-09-09 | 北京奇虎科技有限公司 | Method and apparatus for altering safety of application |
| CN106407812A (en) * | 2016-11-24 | 2017-02-15 | 北京瑞星信息技术股份有限公司 | Linux real-time virus killing method and apparatus |
| CN106878239A (en) * | 2015-12-14 | 2017-06-20 | 中国移动通信集团公司 | A kind of security strategy update method and device |
| CN107277037A (en) * | 2017-07-14 | 2017-10-20 | 北京安数云信息技术有限公司 | Any file operation detection method and device based on plug-in unit |
| CN109002709A (en) * | 2018-07-25 | 2018-12-14 | 郑州云海信息技术有限公司 | Server system method for security protection, device, equipment and readable storage medium storing program for executing |
| CN110443041A (en) * | 2018-05-04 | 2019-11-12 | 360企业安全技术(珠海)有限公司 | The management method and device of equipment permission, system, storage medium, electronic device |
| CN111125701A (en) * | 2019-12-24 | 2020-05-08 | 深信服科技股份有限公司 | File detection method, equipment, storage medium and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN101924761A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Method for detecting malicious program according to white list |
| CN102609515A (en) * | 2012-02-07 | 2012-07-25 | 奇智软件(北京)有限公司 | Quick file scanning method and quick file scanning system |
-
2013
- 2013-03-29 CN CN201310109078.2A patent/CN103198253B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN101924761A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Method for detecting malicious program according to white list |
| CN102609515A (en) * | 2012-02-07 | 2012-07-25 | 奇智软件(北京)有限公司 | Quick file scanning method and quick file scanning system |
Non-Patent Citations (1)
| Title |
|---|
| 汪锋: "白名单主动防御系统的设计与实现", 《中国优秀硕士学位论文全文数据库(电子期刊)》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10095863B2 (en) | 2013-08-14 | 2018-10-09 | Hewlett Packard Enterprise Development Lp | Automating monitoring of a computing resource in a cloud-based data center |
| WO2015022696A1 (en) * | 2013-08-14 | 2015-02-19 | Hewlett-Packard Development Company, L.P. | Automating monitoring of computing resource in cloud-based data center |
| CN103646207A (en) * | 2013-12-02 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for managing security attribute of application program |
| CN104850775A (en) * | 2014-02-14 | 2015-08-19 | 北京奇虎科技有限公司 | Method and device for assessing safety of application program |
| CN104899515B (en) * | 2014-03-04 | 2019-04-16 | 北京奇安信科技有限公司 | A kind of variation and device of applications security |
| CN104899515A (en) * | 2014-03-04 | 2015-09-09 | 北京奇虎科技有限公司 | Method and apparatus for altering safety of application |
| CN104104728B (en) * | 2014-07-23 | 2017-09-01 | 小米科技有限责任公司 | Transmit the method and device of data |
| CN104104728A (en) * | 2014-07-23 | 2014-10-15 | 小米科技有限责任公司 | Data transmission method and device |
| CN106878239A (en) * | 2015-12-14 | 2017-06-20 | 中国移动通信集团公司 | A kind of security strategy update method and device |
| CN106407812A (en) * | 2016-11-24 | 2017-02-15 | 北京瑞星信息技术股份有限公司 | Linux real-time virus killing method and apparatus |
| CN106407812B (en) * | 2016-11-24 | 2019-02-12 | 北京瑞星网安技术股份有限公司 | The method and device that Linux kills virus in real time |
| CN107277037A (en) * | 2017-07-14 | 2017-10-20 | 北京安数云信息技术有限公司 | Any file operation detection method and device based on plug-in unit |
| CN110443041A (en) * | 2018-05-04 | 2019-11-12 | 360企业安全技术(珠海)有限公司 | The management method and device of equipment permission, system, storage medium, electronic device |
| CN110443041B (en) * | 2018-05-04 | 2022-09-30 | 奇安信安全技术(珠海)有限公司 | Method, device and system for managing equipment authority, storage medium and electronic device |
| CN109002709A (en) * | 2018-07-25 | 2018-12-14 | 郑州云海信息技术有限公司 | Server system method for security protection, device, equipment and readable storage medium storing program for executing |
| CN111125701A (en) * | 2019-12-24 | 2020-05-08 | 深信服科技股份有限公司 | File detection method, equipment, storage medium and device |
| CN111125701B (en) * | 2019-12-24 | 2022-04-29 | 深信服科技股份有限公司 | File detection method, equipment, storage medium and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103198253B (en) | 2016-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103198253A (en) | Method and system of file operation | |
| US20200084243A1 (en) | Monitoring a privacy rating for an application or website | |
| CN102902909B (en) | A kind of system and method preventing file to be tampered | |
| EP3028489B1 (en) | Centralized selective application approval for mobile devices | |
| US20140282370A1 (en) | Methods for managing applications using semantic modeling and tagging and devices thereof | |
| JP2017511923A (en) | Virus processing method, apparatus, system, device, and computer storage medium | |
| CN103765430A (en) | Data leak prevention system and method | |
| US20100180221A1 (en) | Configuration Creation for Deployment and Monitoring | |
| CN103077353A (en) | Method and device for actively defending rogue program | |
| US10649877B2 (en) | Macro-script execution control | |
| CN103647785A (en) | Security control method, device and system for mobile terminal | |
| CN109885744B (en) | Webpage data crawling method, device, system, computer equipment and storage medium | |
| CN103763354A (en) | Method and device for downloading upgrading data | |
| CN103001947A (en) | Program processing method and program processing system | |
| US20110106876A1 (en) | Client server application manager | |
| CN103294955A (en) | Macro-virus searching and killing method and system | |
| CN105550593A (en) | Cloud disk file monitoring method and device based on local area network | |
| CN103034808A (en) | Scanning method, equipment and system and cloud management method and equipment | |
| CN104834660A (en) | Interval based fuzzy database search | |
| US20170118224A1 (en) | Restricted content publishing with search engine registry | |
| CN103279707A (en) | Method, device and system for actively defending against malicious programs | |
| CN102982281A (en) | Program condition detecting method and system | |
| CN103647753A (en) | LAN file security management method, server and system | |
| CN103713945A (en) | Game identifying method and device | |
| CN103561076A (en) | Webpage trojan-linking real-time protection method and system based on cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161221 Address after: 100016 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3 Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: 100032 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Patentee after: QAX Technology Group Inc. Address before: 100016 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address |