CN104933356A - Program self-protection and data leakage preventing method of Linux system - Google Patents
Program self-protection and data leakage preventing method of Linux system Download PDFInfo
- Publication number
- CN104933356A CN104933356A CN201510294673.7A CN201510294673A CN104933356A CN 104933356 A CN104933356 A CN 104933356A CN 201510294673 A CN201510294673 A CN 201510294673A CN 104933356 A CN104933356 A CN 104933356A
- Authority
- CN
- China
- Prior art keywords
- data
- protection
- linux system
- program
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/032—Protect output to user by software means
Abstract
The invention provides a technical scheme of a program self-protection and data leakage preventing method of a Linux system. According to the method in the scheme, self files are hidden, system files and catalogues are locked so as to be prevented from being deleted, renamed and emptied, and outward data transmission is stopped. Not only the self security of the program is effectively protected to protect the program against the infringement, but also the data leakage in the Linux system can be prevented to protect the data security of a user.
Description
Technical field
What the present invention relates to is the protection of a kind of security procedure teaching display stand for Linux system and anti-data leak method.
Background technology
In the prior art; known technology is that Linux system is widely used; the confidentiality of its data also more and more receives publicity; but it is very few for the data security software of linux system at present; effectively can not protect the security needs of Linux system user, this is the weak point existing for prior art.
Summary of the invention
Object of the present invention is exactly for the deficiency existing for prior art; and the technical scheme of a kind of program self-protection of Linux system and anti-data leak method is provided; the method of the program; can not only the safety of effective defence program self; avoid being encroached on; but also the data leak in Linux system can be stoped, protect the data security of user.
This programme is achieved by the following technical measures: the program self-protection of Linux system and anti-data leak method, is characterized in that comprising the steps:
1) start Linux system and perform guard process;
2) Division identification is carried out to file, if program own files, then enter step 3), if system file, then enter step 4);
3) file and catalogue are hidden;
4) file and catalogue are locked, prevent deletion, rename and empty;
5) stop the operation of data output routine, prevent data from exporting.
In described step 1), the operation of user space processes reception strategy and parameter configuration after system starts, and be forwarded to system kernel, if need to perform anti-leak strategy, then enter step 2), otherwise normal executive system process.
Described prevention data output routine operate to find insertion equipment time, obtain the information of the equipment that inserts about this when operating system nucleus runs, and revise these information, the operational scheme of influential system kernel, the information of insertion equipment cannot be completed and the corresponding coupling driven, thus the disable function of finishing equipment.Described insertion equipment is that usb inserts equipment or 1394 interfaces insert equipment.
Operating to of described prevention data output routine realizes controlling to network data, by all data packet discardings, realizes the forbidding to network.
Described prevention data output routine operate in insertion system kernel, what stop respective data transfer program calls operation.Described data distributing program comprises printer or bluetooth or Infrared Transmission or parallel port data are transmitted or serial data transmission.
In described step 6), when system kernel finds unlawful practice, violation information is sent to user space processes, and this information is recorded in daily record by user space processes, and is saved in daily record, and user space processes shows the information of daily record.
The beneficial effect of this programme can be learnt according to describing of such scheme, owing to starting Linux system in this scenario, perform guard process, guard process can be distinguished file, then, hide program own files, so just shield to program self, the program of avoiding is tampered; Can also lock system file, avoid system file deleted, revise or empty; Equipment or 1394 interfaces insertion equipment are inserted for usb, when inserted, Linux system can obtain its type, size, batch etc. information, this method can revise these information, and then the operational scheme of influential system kernel, these information inserting equipment cannot be mated with corresponding driving, thus realize the forbidding to these equipment; Realize controlling to network data, by all data packet discardings, realize the forbidding to network; Stop the routine call of printer, parallel port, serial ports etc. to run, avoid and export outwards transmission, reach the object of anti-leak; The policing action that user space processes accepts and parameter configuration, comprise the anti-leak of whether carrying out data, parameter configuration comprises which equipment of needs is carried out giving vent to leakage, as equipment such as printer, serial ports, parallel port, usb.As can be seen here, compared with prior art, have outstanding substantive distinguishing features and significant progress, its beneficial effect implemented also is apparent in the present invention.
Embodiment
For the technical characterstic of this programme can be clearly demonstrated, below by an embodiment, this programme is set forth.
The program self-protection of the Linux system of this programme and anti-data leak method, is characterized in that comprising the steps:
1) start Linux system and perform guard process; The operation of user space processes reception strategy and parameter configuration, and be forwarded to system kernel, if need to perform anti-leak strategy, then enter step 2), otherwise normal executive system process.
2) Division identification is carried out to file, if program own files, then enter step 3), if system file, then enter step 4);
3) file and catalogue are hidden;
4) file and catalogue are locked, prevent deletion, rename and empty;
5) stop the operation of data output routine, prevent data from exporting, when system kernel finds unlawful practice, violation information is sent to user space processes, this information is recorded in daily record by user space processes, and is saved in daily record, and user space processes shows the information of daily record.
Described prevention data output routine operate to find insertion equipment time, obtain the information of the equipment that inserts about this when operating system nucleus runs, and revise these information, the operational scheme of influential system kernel, the information of insertion equipment cannot be completed and the corresponding coupling driven, thus the disable function of finishing equipment.Described insertion equipment is that usb inserts equipment or 1394 interfaces insert equipment.
Operating to of described prevention data output routine realizes controlling to network data, by all data packet discardings, realizes the forbidding to network.
Described prevention data output routine operate in insertion system kernel, what stop respective data transfer program calls operation.Described data distributing program comprises printer or bluetooth or Infrared Transmission or parallel port data are transmitted or serial data transmission.
The present invention is not limited in above-mentioned embodiment, the change that those of ordinary skill in the art make in essential scope of the present invention, remodeling, interpolation or replacement, also should belong to protection scope of the present invention.
Claims (8)
- The program self-protection of 1.linux system and anti-data leak method, is characterized in that comprising the steps:1) start Linux system and perform guard process;2) Division identification is carried out to file, if program own files, then enter step 3), if system file, then enter step 4);3) file and catalogue are hidden;4) file and catalogue are locked, prevent deletion, rename and empty;5) stop the operation of data output routine, prevent data from exporting.
- 2. the program self-protection of Linux system according to claim 1 and anti-data leak method, it is characterized in that: in described step 1), the operation of user space processes reception strategy and parameter configuration after system starts, and be forwarded to system kernel, if need to perform anti-leak strategy, then enter step 2), otherwise normal executive system process.
- 3. the program self-protection of Linux system according to claim 1 and anti-data leak method, it is characterized in that: described prevention data output routine operate to find insertion equipment time, obtain the information of the equipment that inserts about this when operating system nucleus runs, and revise these information, the operational scheme of influential system kernel, the information of insertion equipment cannot be completed and the corresponding coupling driven, thus the disable function of finishing equipment.
- 4. the program self-protection of Linux system according to claim 3 and anti-data leak method, is characterized in that: described insertion equipment is that usb inserts equipment or 1394 interfaces insert equipment.
- 5. the program self-protection of Linux system according to claim 1 and anti-data leak method, is characterized in that: operating to of described prevention data output routine realizes controlling to network data, by all data packet discardings, realizes the forbidding to network.
- 6. the program self-protection of Linux system according to claim 1 and anti-data leak method, is characterized in that: described prevention data output routine operate in insertion system kernel, what stop respective data transfer program calls operation.
- 7. the program self-protection of Linux system according to claim 6 and anti-data leak method, is characterized in that: described data distributing program comprises printer or bluetooth or Infrared Transmission or the transmission of parallel port data or serial data transmission.
- 8. the program self-protection of Linux system according to claim 1 and anti-data leak method, it is characterized in that: in described step 5), when system kernel finds unlawful practice, violation information is sent to user space processes, this information is recorded in daily record by user space processes, and being saved in daily record, user space processes shows the information of daily record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510294673.7A CN104933356A (en) | 2015-06-02 | 2015-06-02 | Program self-protection and data leakage preventing method of Linux system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510294673.7A CN104933356A (en) | 2015-06-02 | 2015-06-02 | Program self-protection and data leakage preventing method of Linux system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104933356A true CN104933356A (en) | 2015-09-23 |
Family
ID=54120519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510294673.7A Pending CN104933356A (en) | 2015-06-02 | 2015-06-02 | Program self-protection and data leakage preventing method of Linux system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104933356A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN102254124A (en) * | 2011-07-21 | 2011-11-23 | 周亮 | Information security protecting system and method of mobile terminal |
| CN103778081A (en) * | 2014-02-11 | 2014-05-07 | 成都卫士通信息安全技术有限公司 | USB peripheral access control method |
| US8756687B1 (en) * | 2012-05-25 | 2014-06-17 | Kip Cr P1 Lp | System, method and computer program product for tamper protection in a data storage system |
| CN104573536A (en) * | 2015-01-28 | 2015-04-29 | 深圳市中兴移动通信有限公司 | File protection method and device |
| CN104641377A (en) * | 2012-10-19 | 2015-05-20 | 迈克菲股份有限公司 | Data loss prevention for mobile computing devices |
-
2015
- 2015-06-02 CN CN201510294673.7A patent/CN104933356A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN102254124A (en) * | 2011-07-21 | 2011-11-23 | 周亮 | Information security protecting system and method of mobile terminal |
| US8756687B1 (en) * | 2012-05-25 | 2014-06-17 | Kip Cr P1 Lp | System, method and computer program product for tamper protection in a data storage system |
| CN104641377A (en) * | 2012-10-19 | 2015-05-20 | 迈克菲股份有限公司 | Data loss prevention for mobile computing devices |
| CN103778081A (en) * | 2014-02-11 | 2014-05-07 | 成都卫士通信息安全技术有限公司 | USB peripheral access control method |
| CN104573536A (en) * | 2015-01-28 | 2015-04-29 | 深圳市中兴移动通信有限公司 | File protection method and device |
Non-Patent Citations (2)
| Title |
|---|
| ROBERT LOVE: "《Linux内核设计与实现》", 30 June 2011, 机械工业出版社 * |
| 于莉莉等: "《网络信息安全》", 31 March 2011, 哈尔滨工程大学出版社 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101404056B (en) | Software protection method, apparatus and equipment | |
| CN101833621B (en) | Terminal safety audit method and system | |
| CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
| CN102855446A (en) | Resource management system and corresponding method | |
| CN113346997B (en) | Method and device for communication of Internet of things equipment, Internet of things equipment and server | |
| CN101655814A (en) | Method for authenticating smart battery and terminal | |
| CN113536362B (en) | Quantum key management method and system based on security chip carrier | |
| CN104573549A (en) | Credible method and system for protecting confidentiality of database | |
| CN103268435A (en) | Intranet license generation method and system, and intranet license protection method and system | |
| CN104537295A (en) | Computer system and method for managing computer user right | |
| CN101593252A (en) | Control method and system that a kind of computing machine conducts interviews to USB device | |
| CN103970540A (en) | Method and device for safely calling key function | |
| CN104376270A (en) | File protection method and system | |
| CN104933356A (en) | Program self-protection and data leakage preventing method of Linux system | |
| CN109391689A (en) | A kind of method and device that micro services application programming interface is called | |
| CN103207976A (en) | Mobile storage file leakage-preventing method and confidential U-disk based on same | |
| CN104503869B (en) | Data processing method and data processing system | |
| CN104270754A (en) | SIM authentication method and device | |
| CN104182667A (en) | Screen lock based data protection method and device | |
| US9122504B2 (en) | Apparatus and method for encryption in virtualized environment using auxiliary medium | |
| CN103605923A (en) | USB (universal serial bus) Key equipment identifier | |
| WO2020112206A2 (en) | Secure calling convention system and methods | |
| CN202085191U (en) | Data safe storage and transmission system | |
| CN106952659B (en) | CD multistage imprinting encryption method based on XTS encryption mode | |
| KR101606090B1 (en) | Apparatus and method for protecting network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Xinluo Avenue high tech Zone of Ji'nan City, Shandong province 250101 No. 1166 orsus Building 2 building 15-16 layer Applicant after: Shandong Zhongfu Information Industry Co., Ltd. Address before: Xinluo Avenue high tech Zone of Ji'nan City, Shandong province 250101 No. 1166 orsus Building 2 building 15-16 layer Applicant before: Shandong Zhongfu Information Industry Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150923 |