CN103198253B - The method and system of operating file - Google Patents
The method and system of operating file Download PDFInfo
- Publication number
- CN103198253B CN103198253B CN201310109078.2A CN201310109078A CN103198253B CN 103198253 B CN103198253 B CN 103198253B CN 201310109078 A CN201310109078 A CN 201310109078A CN 103198253 B CN103198253 B CN 103198253B
- Authority
- CN
- China
- Prior art keywords
- security
- client
- file destination
- control center
- management control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012544 monitoring process Methods 0.000 claims abstract description 14
- 238000012545 processing Methods 0.000 claims description 13
- 230000008569 process Effects 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 7
- 238000007726 management method Methods 0.000 description 64
- 230000006870 function Effects 0.000 description 7
- 238000000605 extraction Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000000840 anti-viral effect Effects 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses file operation control method and system, the method comprises: when monitoring the operation requests to file destination performance objective operation behavior, described request is tackled, and is obtained the security attribute information of described file destination to the management control center of safety control server by network by client; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, according to the security attribute information of described file destination and from the security strategy for active client that described management control center gets, judge whether to allow to run to perform described object run behavior to described file destination; According to judged result, intercepted request is processed.By the present invention, enterprise version safety product can be made to embody personalization features for different enterprise, in security control, embody stronger dirigibility.
Description
Technical field
The present invention relates to enterprise version security technology area, be specifically related to the method and system of operating file.
Background technology
In traditional business network environment, enterprise terminal computer is piled up all kinds of different safety desktop product, as anti-viral software etc., these software products are usually from different vendor, cannot unified management, and take a large amount of system resource, greatly affect the work efficiency of enterprise.For solving this problem, enterprise version safety product has also just arisen at the historic moment.Usually by management control center and safety product client two parts, (management control center is deployed on the server of the IT personal managements such as webmaster enterprise version safety product, client is arranged on the PC of each employee) composition, wherein, management control center is that an all-round platform built by concentration of enterprises managing intranet computer, unified platform meets vast enterprise for active demands such as concentrated virus killing, health check-up, patch installing.Visible, in enterprise version safety product, management control center is equivalent to the role playing proxy server, for each client of enterprises provides service, like this, " the privately owned cloud " that define a kind of enterprise network inside is equivalent to, only have when proxy server not existing the data of client-requested, just can download from " public cloud ", therefore, can bandwidth resources be saved.But this " privately owned cloud " system functionally need to improve and improve.
Summary of the invention
In view of the above problems, propose the present invention to provide a kind of overcoming the problems referred to above or the file operation control method solved the problem at least in part and system, enterprise version safety product can be made to embody personalization features for different enterprise, in security control, embody stronger dirigibility.
According to one aspect of the present invention, provide a kind of file operation control method, comprising:
The object run behavior of client to file destination is monitored;
When monitoring the operation requests to file destination performance objective operation behavior, described request is tackled, and obtained the security attribute information of described file destination to the management control center of safety control server by network by client; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, and described publicly-owned attribute is the security class information by inquiring about the described file destination that preset feature database gets;
According to the security attribute information of described file destination and from the security strategy for active client that described management control center gets, judge whether to allow to run to perform described object run behavior to described file destination; Described security strategy allows for preserving and/or does not allow to perform at active client the security attribute information aggregate of the file of described object run behavior;
According to judged result, intercepted request is processed.
Alternatively, also comprise:
At the physical region of management control center residing for client to the difference of security requirement, physical region is divided, and be respectively each physical region and configure different security strategies;
Client sends the request obtaining security strategy to described management control center;
Described management control center determines the physical region residing for described client, and the security strategy configured for this physical region is returned to this client.
Alternatively, describedly according to judged result, process is carried out to intercepted request and comprises:
If described judged result performs described object run behavior for allowing to described file destination, then the described request intercepted is let pass.
Alternatively, describedly according to judged result, process is carried out to intercepted request and comprises:
If described judged result performs described object run behavior for not allowing to described file destination, then the described request intercepted is abandoned.
Alternatively, also comprise:
Described described request is tackled after, the interface that loaded and displayed is preset, in order to display carry out security detection.
According to another aspect of the present invention, provide a kind of file operation control system, comprise client and management control center, wherein, described client comprises:
Monitoring unit, for monitoring the object run behavior of file destination;
Information acquisition unit, for when monitoring the operation requests to file destination performance objective operation behavior, described request is tackled, and is obtained the security attribute information of described file destination to the management control center of safety control server by network by client; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, and described publicly-owned attribute is the security class information by inquiring about the described file destination that preset feature database gets;
Judging unit, for the security attribute information according to described file destination and from the security strategy for active client that described management control center gets, judges whether to allow to run to perform described object run behavior to described file destination; Described security strategy allows for preserving and/or does not allow to perform at active client the security attribute information aggregate of the file of described object run behavior;
Processing unit, for processing intercepted request according to judged result.
Alternatively, described management control center comprises:
Dispensing unit, for the difference of the physical region residing for client to security requirement, divides physical region, and is respectively each physical region and configures different security strategies;
Described client also comprises:
Request unit, sends the request obtaining security strategy to described management control center for client;
Described management control center also comprises:
Determining unit, for determining the physical region residing for described client, returns to this client by the security strategy configured for this physical region.
Alternatively, described processing unit comprises:
Clearance subelement, if perform described object run behavior for allowing to described file destination for described judged result, then lets pass the described request intercepted.
Alternatively, described processing unit comprises:
Abandoning subelement, if perform described object run behavior for not allowing to described file destination for described judged result, then the described request intercepted being abandoned.
Alternatively, described client also comprises:
Display unit, for described described request tackled after, the interface that loaded and displayed is preset, carries out security detection in order to display.
According to file operation control method of the present invention and system, can be the security strategy of this client configuration according to the security attribute information of file destination and management control center, judge whether to allow on active client this file performance objective operation behavior.Wherein, security attribute information not only can comprise the publicly-owned attribute of the file determined according to the feature database of business-class security product, the keeper that can also comprise enterprises is the privately owned attribute of file configuration, and, in security strategy, also be the security attribute information simultaneously embodying these two aspects, like this, when judging, just can carry out comprehensive judgement based on the information of these two aspects, enterprise version safety product can be made to embody personalization features for different enterprise, in security control, embody stronger dirigibility.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the process flow diagram of method according to an embodiment of the invention; And
Fig. 2 shows the schematic diagram of system according to an embodiment of the invention.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
See Fig. 1, the embodiment of the present invention provide firstly a kind of file operation control method, and the method can comprise the following steps:
S101: the object run behavior of client to file destination is monitored;
Certain file (such as address list etc.) that so-called object run behavior can comprise operational objective file, program checks another program or the photo deposited in a hard disk, etc.For convenience of description, be hereinafter all introduced for operating file.
In embodiments of the present invention, be not the operations such as the checking and killing virus carrying out scan full hard disk formula, but when user wants to run certain file (comprise open certain document, open certain executable file etc.), security detection is carried out, to determine whether to allow active user to run this file for this current file that will run.For this reason, Hook Function can be registered in systems in which in advance, to the API(ApplicationProgrammingInterface of running paper class, application programming interface) function carries out hook (HOOK), like this, when by calling corresponding api function preparation certain file of operation, the address of calling will be turned to the client of the enterprise version safety product in the embodiment of the present invention.
S102: when monitoring the operation requests to file destination performance objective operation behavior, described request is tackled, and the security attribute information being obtained described file destination by client by network to the management control center of safety control server; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, and described publicly-owned attribute is the security class information by inquiring about the described file destination that preset feature database gets;
After monitoring the request running certain file destination, just this request can be tackled, also namely temporarily this request can not be sent to the address place at former api function place, but first carry out the relevant process of safety.In embodiments of the present invention, after client intercepts the request of operational objective file, just can obtain the security attribute information of file destination to the management control center of enterprise version safety product.Specifically when obtaining the security attribute information of file destination to management control center, feature extraction can be carried out to file destination in client, comprise the static nature such as the filename of file destination, md5 value, can also the behavioral characteristics comprising file destination etc., then management control center is sent to, carry out the security attribute information of query aim file at management control center according to the feature of file destination, and then return to client.Or, under another kind of implementation, also directly file destination can be sent to management control center, then at management control center, feature extraction be carried out to file destination, and inquire about its security attribute information.Wherein, no matter be the extraction carrying out feature in client, or carry out the extraction of file characteristic at management control center, concrete extracting method can be identical.
Certainly; because a management control center usually can corresponding multiple client; therefore; if treat that operating file all uploads to management control center and carries out feature extraction in all clients; then can cause taking management control center storage space on the one hand; on the other hand; when multiple request Concurrency; the phenomenon of queuing can be caused; and then reduce the response speed of management control center, therefore, at most of conditions; all can adopt, in client, feature extraction be carried out to file, then upload to the mode of management control center.
In embodiments of the present invention, treat that the security attribute information of operating file can be made up of two parts, wherein a part is the privately owned attribute of file, and another part is the publicly-owned attribute of file.Wherein, so-called privately owned attribute be by the keeper in enterprise be file destination configure security class information, during specific implementation, the operation entry of the privately owned attribute of each file configuration can be provided as in the display interface of management control center, keeper according to the concrete needs of enterprises, can configure the security class information of each file.Such as, the security class information in privately owned attribute 70,10,40 can represent black, white, grey by numeral respectively, and also, 70 representation files are the most dangerous, and 10 representation files are the safest, and 40 are not determined as whether safety.Due to same file apply in different enterprises time, its security class may be different, therefore, considers the difference between this enterprise, the concept of privately owned attribute is employed, by the security class of keeper's enactment document according to actual needs of enterprises in the embodiment of the present invention.After the privately owned attribute setting file, can at management control center, preserve the mapping table between a file and privately owned attribute, in this mapping table, the mark of file can represent by File name, but in order to avoid carrying out setting and the record of repetition for the file of different filename, same file content, also can represent by content authentication information such as the md5 values of file.Like this, when receiving the request of security attribute information of client query file destination, just by this mapping table of inquiry, the privately owned attribute of current goal file can be got.
It should be noted that, in actual applications, the privately owned attribute of file destination can be when receiving the security attribute information of certain file destination of inquiry first, be configured by keeper, after configuring, then the corresponding relation between the identification information of this file destination and privately owned attribute can be added in mapping table, for other clients of the same file destination of subsequent query.Like this, for each request obtaining privately owned attribute, can perform following flow process: first inquire about in this mapping table, if there is the information of coupling, then the direct privately owned attribute by correspondence returns to client; If there is no, then can require that this file destination is uploaded to management control center by client, then privately owned attribute is configured for it after being analyzed by the keeper of management control center, return to client, simultaneously, corresponding relation between the identification information of this file destination and privately owned attribute is added in mapping table, by that analogy.
Publicly-owned attribute refers to the security class information of the file determined according to the feature database of enterprise version safety product.The feature database of enterprise version safety product is towards all enterprise version users', there is not the difference between different enterprise, therefore, for the privately owned attribute of the Administrator of each enterprises, become publicly-owned attribute according to the file security information that this feature database gets.Publicly-owned attribute can represent black, white, grey by numeral 70,10,40 equally.When management control center receives the request of the security attribute information of certain file destination of inquiry, just according to the feature extracted from file destination, this feature database can be inquired about, determine the publicly-owned attribute of file destination according to the result of coupling.Such as, what preserve in feature database is a white list and a blacklist, if then find that the feature of file destination appears in white list, then proves that the publicly-owned attribute of this file destination is for " in vain ", can be represented by " 10 "; If find that the feature of file destination appears in blacklist, then prove that the publicly-owned attribute of this file destination is for " black ", can be represented by " 70 "; If find that the feature of file destination had not both appeared in white list, do not appear in blacklist yet, then prove that the publicly-owned attribute of this file destination is for " ash ", can be represented by " 40 ".In a word, the publicly-owned attribute of file destination can be obtained by inquiring about preset feature database.
Wherein, this feature database can be this locality being kept at management control center, along with your installation of management control center, downloads to this locality, and carries out regular or irregular renewal by long-range enterprise version safety product server to it; When receiving the request of the publicly-owned attribute of certain file destination of inquiry, the feature database that management control center is directly preserved according to this locality is inquired about.Or, in order to avoid taking the storage space of management control center, this feature database also can directly be kept in the server of enterprise version safety product, when management control center receives the request of the publicly-owned attribute of certain file destination of inquiry, inquiry request can be transmitted to server, return results according to server end the publicly-owned attribute determining file destination.
In a word, after management control center receives the request of the security attribute information of certain file destination of inquiry, the private attribute information of this file destination can be returned on the one hand, can return the publicly-owned attribute information of this file destination on the other hand, the information of these two aspects forms the security attribute information of current goal file jointly.Security attribute information all like this can by 9 numerals such as 7070,7010,7040,4070,4010,4040,1070,1010,1040 in privately owned cloud, and the front two of numeral represents the privately owned attribute of file, the publicly-owned attribute of rear two bit representation files.Such as, the security attribute information receiving the file destination that management control center returns is 7010, then prove that this file destination is thought safe by the feature database of enterprise version safety product, but thought unsafe by the keeper in current enterprise, etc.
It should be noted that, after the request of an operating file is tackled, due to follow-up safety analysis need of work a period of time, therefore, during the period can the preset interface of loaded and displayed one, carry out the information such as security detection in order to display.
S103: according to the security attribute information of described file destination and from the security strategy for active client that described management control center gets, judges whether to allow to run to perform described object run behavior to described file destination; Described security strategy allows for preserving and/or does not allow to perform at active client the security attribute information aggregate of the file of described object run behavior;
In embodiments of the present invention, client can also get the security strategy for this client from management control center in advance, and so-called security strategy namely allows this client to run which file, and/or does not allow client to run which file.The file allowed or do not allow client to run can by allow or the set of unallowed security attribute information represents.Such as, for active client, allow the file run to comprise security attribute information for " 1010 ", " 1040 " and " 1070 ", then just can preserve following information in its security strategy: the file allowing the file run in this client to be security attribute information to be " 1010 ", " 1040 " or " 1070 ".Client can be preserved this strategy in this locality, if the security attribute information inquiring certain file destination belongs to above-mentioned wherein a kind of, then proves to allow to run in active client, otherwise, do not allow.
Wherein, the security strategy of client can be sent by agreements such as HTTP by management control center, also, can be configured by keeper in the security strategy of management control center to client, then client is handed down to, so that client is according to this strategy execution.Wherein, the client in enterprise network has multiple, and be the security strategy of each client configuration can be identical, also can be different.Under identical circumstances, can provide unified configuration entrance at management control center, after completing unified configuration, unification is handed down to each client; In different situations, can be respectively each client at management control center provides security strategy to configure entrance, is configured and issues respectively to each client.Or, also can be that unification configures entrance and configures entrance individualism separately.
When specific implementation, consider often there is following situation in enterprises: not all client is all identical to the requirement of security, but neither the requirement of each client to safety different, but according to the difference to security requirement, client can be divided into a few class.Such as, some client is positioned at the core space of enterprise, these clients can be higher to the requirement of security, and some client is positioned at the Office Area of enterprise, then these clients can be lower slightly to the requirement of security, also some client is positioned at the client area of enterprise, then these clients can be lower to the requirement of security, etc.Therefore, at the physical region of management control center residing for client to the difference of security requirement, physical region can be divided, and be respectively each physical region and configure different security strategies, such as, can be as shown in table 1:
Table 1
| Policy name | Allow the file run | Forbid the file run |
| Nucleus | 1010,1040,1070 | 4010,4040,4070,7010,7040,7070 |
| Administrative Area | 1010,1040,1070,4010 | 4040,4070,7010,7040,7070 |
| Client region | 1010,1040,1070,4010,4040 | 4070,7010,7040,7070 |
| Public domain | 1010,1040,4010,4040,7010,7040 | 1070,4070,7070 |
Also namely, if certain client is in the nucleus of enterprise, then the security attribute information of the file run on their terminal is allowed to comprise 1010,1040,1070, do not allow the security attribute information of the file run on their terminal to comprise 4010,4040,4070,7010,7040,7070; If certain client is in the Administrative Area of enterprise, then the security attribute information of the file run on their terminal is allowed to comprise 1010,1040,1070,4010, do not allow the security attribute information of the file run on their terminal to comprise 4040,4070,7010,7040,7070, by that analogy.Can find out, the region higher to safety requirements allows the file type of operation fewer.Such as, only allow privately owned attribute to be the running paper of " in vain " in the strategy of nucleus, and public domain only forbid that publicly-owned attribute is the running paper of " black ".Certainly, specific strategy corresponding to concrete Region dividing mode and region, can carry out concrete customization according to concrete demand.
Dividing the physical region of enterprise and be respectively after each physical region is configured with different security strategies, it can be the request being initiated to obtain security strategy by client to management control center, then management control center can determine the physical region at this client place according to information such as the IP addresses of client, then the security strategy configured for this physical region is returned to this client.Like this, client just can carry out security control according to this security strategy to the operation of file.In actual applications, management control center can also regularly or aperiodically upgrade the security strategy of each client.
S104: intercepted request is processed according to judged result.
If judgment result displays allows the operation of current goal file, then the request that this is intercepted can be let pass, like this, the request of operating file can arrive the call address of former api function smoothly, carries out opening and the operation such as follow-up editor of file.And if judgment result displays is not for allow current goal running paper, then the request intercepted can be abandoned, also, the request of operating file can not to the call address of former api function, this file also just cannot run in this client, avoids this client to receive the impact of malicious file.
In a word, in embodiments of the present invention, can be the security strategy of this client configuration according to the security attribute information of file destination and management control center, judge whether to allow on active client this file performance objective operation behavior.Wherein, security attribute information not only can comprise the publicly-owned attribute of the file determined according to the feature database of business-class security product, the keeper that can also comprise enterprises is the privately owned attribute of file configuration, and, in security strategy, also be the security attribute information simultaneously embodying these two aspects, like this, when judging, just can carry out comprehensive judgement based on the information of these two aspects, enterprise version safety product can be made to embody personalization features for different enterprise, in security control, embody stronger dirigibility.
Corresponding with a kind of file operation control method that the embodiment of the present invention provides, the embodiment of the present invention additionally provides a kind of file operation control system, comprises client and management control center, and wherein, see Fig. 2, described client can comprise:
Monitoring unit 201, for monitoring the object run behavior of file destination;
Information acquisition unit 202, for when monitoring the operation requests to file destination performance objective operation behavior, described request is tackled, and is obtained the security attribute information of described file destination to the management control center of safety control server by network by client; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, and described publicly-owned attribute is the security class information by inquiring about the described file destination that preset feature database gets;
Judging unit 203, for the security attribute information according to described file destination and from the security strategy for active client that described management control center gets, judges whether to allow to run to perform described object run behavior to described file destination; Described security strategy allows for preserving and/or does not allow to perform at active client the security attribute information aggregate of the file of described object run behavior;
Processing unit 204, for processing intercepted request according to judged result.
During specific implementation, described management control center can comprise:
Dispensing unit, for the difference of the physical region residing for client to security requirement, divides physical region, and is respectively each physical region and configures different security strategies;
Described client also comprises:
Request unit, sends the request obtaining security strategy to described management control center for client;
Described management control center also comprises:
Determining unit, for determining the physical region residing for described client, returns to this client by the security strategy configured for this physical region.
Concrete, described processing unit 204 can comprise:
Clearance subelement, if perform described object run behavior for allowing to described file destination for described judged result, then lets pass the described request intercepted.
Or described processing unit 204 also can comprise:
Abandoning subelement, if perform described object run behavior for not allowing to described file destination for described judged result, then the described request intercepted being abandoned.
In addition, described client can also comprise:
Display unit, for described described request tackled after, the interface that loaded and displayed is preset, carries out security detection in order to display.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the file operation opertaing device of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
The application can be applied to computer system/server, and it can operate with other universal or special computing system environment numerous or together with configuring.The example of the well-known computing system being suitable for using together with computer system/server, environment and/or configuration includes but not limited to: personal computer system, server computer system, thin client, thick client computer, hand-held or laptop devices, the system based on microprocessor, Set Top Box, programmable consumer electronics, NetPC Network PC, little type Ji calculate machine Xi Tong ﹑ large computer system and comprise the distributed cloud computing technology environment of above-mentioned any system, etc.
Computer system/server can describe under the general linguistic context of the computer system executable instruction (such as program module) performed by computer system.Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they perform specific task or realize specific abstract data type.Computer system/server can be implemented in distributed cloud computing environment, and in distributed cloud computing environment, task is performed by the remote processing devices by communication network links.In distributed cloud computing environment, program module can be positioned at and comprise on the Local or Remote computing system storage medium of memory device.
Claims (8)
1. a file operation control method, comprising:
The object run behavior of client to file destination is monitored;
Described request, when monitoring the operation requests to file destination performance objective operation behavior, is tackled by client, and is obtained the security attribute information of described file destination to the management control center of safety control server by network by client; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, and described publicly-owned attribute is the security class information by inquiring about the described file destination that preset feature database gets;
Client, according to the security attribute information of described file destination and from the security strategy for active client that described management control center gets, judges whether to allow to run to perform described object run behavior to described file destination; Described security strategy allows for preserving and/or does not allow to perform at active client the security attribute information aggregate of the file of described object run behavior;
Client processes intercepted request according to judged result, wherein, if described judged result performs described object run behavior for allowing to described file destination, then the described request intercepted is let pass.
2. the method for claim 1, also comprises:
At the physical region of management control center residing for client to the difference of security requirement, physical region is divided, and be respectively each physical region and configure different security strategies;
Client sends the request obtaining security strategy to described management control center;
Described management control center determines the physical region residing for described client, and the security strategy configured for this physical region is returned to this client.
3. the method for claim 1, describedly according to judged result, process is carried out to intercepted request and comprise:
If described judged result performs described object run behavior for not allowing to described file destination, then the described request intercepted is abandoned.
4. the method for claim 1, also comprises:
Described described request is tackled after, the interface that loaded and displayed is preset, in order to display carry out security detection.
5. a file operation control system, comprises client and management control center, and wherein, described client comprises:
Monitoring unit, for monitoring the object run behavior of file destination;
Information acquisition unit, for when monitoring the operation requests to file destination performance objective operation behavior, described request is tackled, and is obtained the security attribute information of described file destination to the management control center of safety control server by network by client; Described security attribute information comprises privately owned attribute and publicly-owned attribute, wherein, described privately owned attribute is the safety officer of management control center is the security class information that described file destination is arranged, and described publicly-owned attribute is the security class information by inquiring about the described file destination that preset feature database gets;
Judging unit, for the security attribute information according to described file destination and from the security strategy for active client that described management control center gets, judges whether to allow to run to perform described object run behavior to described file destination; Described security strategy allows for preserving and/or does not allow to perform at active client the security attribute information aggregate of the file of described object run behavior;
Processing unit, for processing intercepted request according to judged result, wherein, described processing unit comprises clearance subelement, if perform described object run behavior for allowing to described file destination for described judged result, then the described request intercepted is let pass.
6. system as claimed in claim 5, described management control center comprises:
Dispensing unit, for the difference of the physical region residing for client to security requirement, divides physical region, and is respectively each physical region and configures different security strategies;
Described client also comprises:
Request unit, sends the request obtaining security strategy to described management control center for client;
Described management control center also comprises:
Determining unit, for determining the physical region residing for described client, returns to this client by the security strategy configured for this physical region.
7. system as claimed in claim 5, described processing unit comprises:
Abandoning subelement, if perform described object run behavior for not allowing to described file destination for described judged result, then the described request intercepted being abandoned.
8. system as claimed in claim 5, described client also comprises:
Display unit, for described described request tackled after, the interface that loaded and displayed is preset, carries out security detection in order to display.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310109078.2A CN103198253B (en) | 2013-03-29 | 2013-03-29 | The method and system of operating file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310109078.2A CN103198253B (en) | 2013-03-29 | 2013-03-29 | The method and system of operating file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103198253A CN103198253A (en) | 2013-07-10 |
| CN103198253B true CN103198253B (en) | 2016-03-30 |
Family
ID=48720801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310109078.2A Active CN103198253B (en) | 2013-03-29 | 2013-03-29 | The method and system of operating file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103198253B (en) |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10095863B2 (en) | 2013-08-14 | 2018-10-09 | Hewlett Packard Enterprise Development Lp | Automating monitoring of a computing resource in a cloud-based data center |
| CN103646207A (en) * | 2013-12-02 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for managing security attribute of application program |
| CN104899515B (en) * | 2014-03-04 | 2019-04-16 | 北京奇安信科技有限公司 | A kind of variation and device of applications security |
| CN104850775B (en) * | 2014-02-14 | 2019-06-28 | 北京奇安信科技有限公司 | A kind of identification method and device of applications security |
| CN104104728B (en) * | 2014-07-23 | 2017-09-01 | 小米科技有限责任公司 | Transmit the method and device of data |
| CN106878239A (en) * | 2015-12-14 | 2017-06-20 | 中国移动通信集团公司 | A kind of security strategy update method and device |
| CN106407812B (en) * | 2016-11-24 | 2019-02-12 | 北京瑞星网安技术股份有限公司 | The method and device that Linux kills virus in real time |
| CN107277037A (en) * | 2017-07-14 | 2017-10-20 | 北京安数云信息技术有限公司 | Any file operation detection method and device based on plug-in unit |
| CN109829310B (en) * | 2018-05-04 | 2021-04-27 | 360企业安全技术(珠海)有限公司 | Similar attack defense method, device, system, storage medium and electronic device |
| CN109002709A (en) * | 2018-07-25 | 2018-12-14 | 郑州云海信息技术有限公司 | Server system method for security protection, device, equipment and readable storage medium storing program for executing |
| CN111125701B (en) * | 2019-12-24 | 2022-04-29 | 深信服科技股份有限公司 | File detection method, equipment, storage medium and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN101924761A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Method for detecting malicious program according to white list |
| CN102609515A (en) * | 2012-02-07 | 2012-07-25 | 奇智软件(北京)有限公司 | Quick file scanning method and quick file scanning system |
-
2013
- 2013-03-29 CN CN201310109078.2A patent/CN103198253B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN101924761A (en) * | 2010-08-18 | 2010-12-22 | 奇智软件(北京)有限公司 | Method for detecting malicious program according to white list |
| CN102609515A (en) * | 2012-02-07 | 2012-07-25 | 奇智软件(北京)有限公司 | Quick file scanning method and quick file scanning system |
Non-Patent Citations (1)
| Title |
|---|
| 白名单主动防御系统的设计与实现;汪锋;《中国优秀硕士学位论文全文数据库(电子期刊)》;20120430;第2012年卷(第4期);I139-222 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103198253A (en) | 2013-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103198253B (en) | The method and system of operating file | |
| CN110535831B (en) | Kubernetes and network domain-based cluster security management method and device and storage medium | |
| US10546134B2 (en) | Methods and systems for providing recommendations to address security vulnerabilities in a network of computing systems | |
| US10664592B2 (en) | Method and system to securely run applications using containers | |
| US20200336459A1 (en) | Network threat prediction and blocking | |
| US10205744B2 (en) | Remote malware remediation | |
| US20110072514A1 (en) | Scan Engine Manager with Updates | |
| JP6644001B2 (en) | Virus processing method, apparatus, system, device, and computer storage medium | |
| EP3161999B1 (en) | Method and system for secure delivery of information to computing environments | |
| US9223966B1 (en) | Systems and methods for replicating computing system environments | |
| US11281621B2 (en) | Clientless active remote archive | |
| CN102332072B (en) | System and method for detection of malware and management of malware-related information | |
| US11693908B2 (en) | System and methods for dynamic generation of object storage datasets from existing file datasets | |
| US20100212010A1 (en) | Systems and methods that detect sensitive data leakages from applications | |
| US20110055923A1 (en) | Hierarchical statistical model of internet reputation | |
| US20170237754A1 (en) | Evaluating installers and installer payloads | |
| US20150347773A1 (en) | Method and system for implementing data security policies using database classification | |
| US10657182B2 (en) | Similar email spam detection | |
| CN105721461A (en) | System and method using dedicated computer security services | |
| US7702773B2 (en) | Remotely managing enterprise resources | |
| US20150317479A1 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
| CN103647753A (en) | LAN file security management method, server and system | |
| US8925088B1 (en) | Method and apparatus for automatically excluding false positives from detection as malware | |
| Micro | Deep Security Software | |
| US20240232267A1 (en) | Method, apparatus and computer readable media for preservation of cloud object metadata outside of cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20161221 Address after: 100016 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3 Patentee after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 100032 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing Patentee after: QAX Technology Group Inc. Address before: 100016 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing. Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd. |