CN105069382A - Safe application system suitable for common USB flash disk - Google Patents
Safe application system suitable for common USB flash disk Download PDFInfo
- Publication number
- CN105069382A CN105069382A CN201510444790.7A CN201510444790A CN105069382A CN 105069382 A CN105069382 A CN 105069382A CN 201510444790 A CN201510444790 A CN 201510444790A CN 105069382 A CN105069382 A CN 105069382A
- Authority
- CN
- China
- Prior art keywords
- disk
- usb flash
- flash disk
- log
- cdrom
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 26
- 238000003860 storage Methods 0.000 claims abstract description 16
- 238000000151 deposition Methods 0.000 claims description 7
- 239000000203 mixture Substances 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 4
- 238000012544 monitoring process Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 7
- 238000001914 filtration Methods 0.000 description 6
- 241000700605 Viruses Species 0.000 description 5
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003071 parasitic effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3438—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment monitoring of user actions
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a safe application system suitable for a common USB flash disk, and belongs to the field of application systems. The USB flash disk flash storage area consists of a cdrom storage area, a disk storage area and a log area, wherein the initial expression form of each area is read-only, the cdrom storage area is used for storing read-only application programs, and the log area is used for storing log files; the safety application system realizes the switching from the cdrom state to the disk state of the disk storage area through a USB protocol; the U disk can be ensured to be accessed only by a specific process through the bottom layer drive service; and monitoring the real-time operation of the service USB flash disk file by using HOOK and recording the operation in a log area. Compared with the prior art, the safety application system suitable for the common U disk integrates the technologies of a USB protocol, drive service, HOOK and the like, and can realize a high safety access mechanism for the common U disk without an encryption function under a constructed operating environment.
Description
Technical field
The present invention relates to application system field, specifically a kind of safety applications system being applicable to common U disk that can realize access control, file monitor and log recording function.
Background technology
Society is along with the development of computer-related technologies, and the message exchange under line is propagated more and more frequent, and wherein USB flash disk is exactly important a kind of transmission medium.USB flash disk is easy to use, and usable range is extensively and known by masses.But the storage medium that common U disk is just not controlled, easily becomes the parasitic hotbed of trojan horse program, also easily occur between private network and internet, the situation of cross-reference between relating computer and non-relating computer.Once there is the violation event of cross-reference, confidential document is very likely illegally duplicated, and causes and divulges a secret.
Summary of the invention
Technical assignment of the present invention is for above-mentioned the deficiencies in the prior art, provides a kind of safety applications system being applicable to common U disk.
Technical assignment of the present invention realizes in the following manner: a kind of safety applications system being applicable to common U disk, in its feature, described USB flash disk flash memory block is by cdrom memory block, disk storage area and log area composition, the initial form of expression in each district is read-only, wherein, cdrom memory block is used for depositing read-only application program, and log area is used for depositing journal file;
Described safety applications system realizes the switching of disk storage area cdrom state to Disk State by usb protocol; Can only be accessed by specific process by bottom layer driving service guarantees USB flash disk; Utilize the true-time operation of HOOK monitor service U disk file, and be recorded in log area.
Cdrom state and Disk State are USB flash disk two kinds of forms of expression in an operating system, the form of expression of USB flash disk equipment can be changed by the data of specific program amendment usb protocol assigned address, USB flash disk disk storage area is switched to Disk State by cdrom state, and just can be operated when being switched to Disk State.
Under normal circumstances, the USB flash disk under Disk State by operating system identification and operation, can not limit by other, and namely normal application and Virus can access read-write USB flash disk.At operating system layer in the face of the access of USB flash disk is all based on file system, so the filtration of the application process to access USB flash disk can be realized by windows Driving technique, namely indicate pid by the uniqueness of application process and reach filtering function, so just can subjective specified application access USB flash disk, such as explorer, microsoftoffice software etc.Can effectively take precautions against virus and trojan horse program.
In actual applications, to USB flash disk use have the environment of safety requirements under need to record USB flash disk often by operation note.Present approach provides the implementation method that a kind of log information obtains: the associated detailed information being captured file operation in USB flash disk by HOOK correlation technique, such as by the source path of operation file and destination path.Distinguish file by operate pattern (copy out, copy into, rename, opens, create etc.).The log information recording got is to the log area of the Flash memory block of USB flash disk inside.Log area can distribute when volume production, is invisible and not exercisable for user, for operating system be also hide not exercisable.
In order to guarantee safety further, if if USB flash disk environment for use does not allow connecting Internet, described safety applications system can also connect by automatically detecting internet connection and closing current network, guarantees network security.
During with log recording true-time operation information, by the log recording based on privately owned file system, guarantee real effectiveness and the main frame trackability of log information.
Log area is built-in, and the privately owned file system from realization is used for management and log information, must read and write this region, this guarantees the real effectiveness of log information by specific interface.This memory block is except recording the Operation Log information of USB flash disk, also obtain and have recorded the relevant unique information (computer name, MAC Address, hard disk serial number, IP address etc.) of current hosts, can uniquely determine this main frame by this information, which achieves retrospective function.
As preferably, the execution flow process of described safety applications system is:
(1) when being switched to Disk State by cdrom state after safety applications systems axiol-ogy to USB flash disk;
(2) automatically detect current internet connection in real time and also close the network connection of opening, obtain and record current hosts information;
(3) start to protect USB flash disk with bottom layer driving service, guarantee that the process be only allowed to can access USB flash disk, other processes have no right to access;
(4) obtain file operation information in USB flash disk by HOOK monitor service and be recorded to corresponding memory block in USB flash disk, checking log information by privately owned file system interface;
(5) after extracting USB flash disk, recover network and connect, close and fall to drive service and HOOK monitor service.
Compared with prior art, the present invention is integrated with usb protocol, drives the technology such as service and HOOK, and the vector construction in conjunction with common U disk function becomes safety applications system.Whole application system forms round USB flash disk the operating environment that is closed safety, and whole application system is provided with multi-level safety and detects and restrict access, when USB flash disk only just can be used after meeting these restrictions.The safe handling to USB flash disk can be ensured under this application system environment.
Accompanying drawing explanation
Accompanying drawing 1 is the flowchart that the present invention is applicable to the safety applications system of common U disk.
Embodiment
The safety applications system being applicable to common U disk of the present invention is described in detail below with specific embodiment with reference to Figure of description.
Embodiment:
When volume production USB flash disk, USB flash disk flash memory block is divided into three parts, respectively corresponding cdrom stores (depositing read-only application program), disk storage area and log area (there is journal file), and initial takes the form of cdrom.
The safety applications system being applicable to common U disk of the present invention can change the form of expression of USB flash disk equipment by the data of specific program amendment usb protocol assigned address, USB flash disk disk storage area is switched to Disk State by cdrom state, makes it be operated.
At operating system layer in the face of the access of USB flash disk is all based on file system, the safety applications system being applicable to common U disk so of the present invention realizes the filtration of the application process to access USB flash disk by windows Driving technique, namely indicate pid by the uniqueness of application process and reach filtering function, so just can subjective specified application access USB flash disk, such as explorer, microsoftoffice software etc.Can effectively take precautions against virus and trojan horse program.
Described USB flash disk flash memory block by cdrom memory block, disk storage area and log area composition, the initial form of expression in each district is read-only, and wherein, cdrom memory block is used for depositing read-only application program, and log area is used for depositing journal file;
Described safety applications system realizes the switching of disk storage area cdrom state to Disk State by usb protocol; Can only be accessed by specific process by bottom layer driving service guarantees USB flash disk; Utilize the true-time operation of HOOK monitor service U disk file, and be recorded in log area.
Cdrom state and Disk State are USB flash disk two kinds of forms of expression in an operating system, the form of expression of USB flash disk equipment can be changed by the data of specific program amendment usb protocol assigned address, USB flash disk disk storage area is switched to Disk State by cdrom state, and just can be operated when being switched to Disk State.
Under normal circumstances, the USB flash disk under Disk State by operating system identification and operation, can not limit by other, and namely normal application and Virus can access read-write USB flash disk.At operating system layer in the face of the access of USB flash disk is all based on file system, so the filtration of the application process to access USB flash disk can be realized by windows Driving technique, namely indicate pid by the uniqueness of application process and reach filtering function, so just can subjective specified application access USB flash disk, such as explorer, microsoftoffice software etc.Can effectively take precautions against virus and trojan horse program.
Present system provides the implementation method that a kind of log information obtains: the associated detailed information being captured file operation in USB flash disk by HOOK correlation technique, such as by the source path of operation file and destination path.Distinguish file by operate pattern (copy out, copy into, rename, opens, create etc.).The log information recording got is to the log area of the Flash memory block of USB flash disk inside.Log area can distribute when volume production, is invisible and not exercisable for user, for operating system be also hide not exercisable.And log area is built-in privately owned is used for management and log information from the file system realized, this region must be read and write by specific interface, this guarantees the real effectiveness of log information.This memory block is except recording the Operation Log information of USB flash disk, also obtain and have recorded the relevant unique information (computer name, MAC Address, hard disk serial number, IP address etc.) of current hosts, can uniquely determine this main frame by this information, which achieves retrospective function.
If USB flash disk environment for use does not allow connecting Internet, this application system provides associative operation can accomplish to detect current network connection in real time and can connect by hard closing network, connects after USB flash disk extracts main frame at recovery network.
In use, prerequisite needs to install the safety applications system that carries of cdrom district USB flash disk.If do not install safety applications system, then cannot be used, this application system is after installation, and follow-up needs repeats to install.
As shown in drawings, the execution flow process of above-mentioned safety applications system is:
(1) when being switched to Disk State by cdrom state after safety applications systems axiol-ogy to USB flash disk;
(2) automatically detect current internet connection in real time and also close the network connection of opening, obtain and record current hosts information;
(3) start to protect USB flash disk with bottom layer driving service, guarantee that the process be only allowed to can access USB flash disk, other processes have no right to access;
(4) obtain file operation information in USB flash disk by HOOK monitor service and be recorded to corresponding memory block in USB flash disk, checking log information by privately owned file system interface;
(5) after extracting USB flash disk, recover network and connect, close and fall to drive service and HOOK monitor service.
Claims (4)
1. be applicable to a safety applications system for common U disk, it is characterized in that:
USB flash disk flash memory block by cdrom memory block, disk storage area and log area composition, the initial form of expression in each district is read-only, and wherein, cdrom memory block is used for depositing read-only application program, and log area is used for depositing journal file;
Safety applications system realizes the switching of disk storage area cdrom state to Disk State by usb protocol;
Can only be accessed by specific process by bottom layer driving service guarantees USB flash disk;
Utilize the true-time operation of HOOK monitor service U disk file, and be recorded in log area.
2. the safety applications system being applicable to common U disk according to claim 1, is characterized in that, connects, guarantee network security by automatically detecting internet connection and closing current network.
3. the safety applications system being applicable to common U disk according to claim 1 and 2, is characterized in that, during with log recording true-time operation information, by the log recording based on privately owned file system, guarantees real effectiveness and the main frame trackability of log information.
4. the safety applications system being applicable to common U disk according to claim 3, is characterized in that, the execution flow process of described safety applications system is:
(1) when being switched to Disk State by cdrom state after safety applications systems axiol-ogy to USB flash disk;
(2) automatically detect current internet connection in real time and also close the network connection of opening, obtain and record current hosts information;
(3) start to protect USB flash disk with bottom layer driving service, guarantee that the process be only allowed to can access USB flash disk, other processes have no right to access;
(4) obtain file operation information in USB flash disk by HOOK monitor service and be recorded to corresponding memory block in USB flash disk, checking log information by privately owned file system interface;
(5) after extracting USB flash disk, recover network and connect, close and fall to drive service and HOOK monitor service.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510444790.7A CN105069382A (en) | 2015-07-27 | 2015-07-27 | Safe application system suitable for common USB flash disk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510444790.7A CN105069382A (en) | 2015-07-27 | 2015-07-27 | Safe application system suitable for common USB flash disk |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105069382A true CN105069382A (en) | 2015-11-18 |
Family
ID=54498745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510444790.7A Pending CN105069382A (en) | 2015-07-27 | 2015-07-27 | Safe application system suitable for common USB flash disk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105069382A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108875379A (en) * | 2018-06-27 | 2018-11-23 | 南方电网科学研究院有限责任公司 | The method, apparatus and USB flash disk of USB flash disk storing data |
| CN111274189A (en) * | 2020-03-10 | 2020-06-12 | 国微集团(深圳)有限公司 | USB device and real-time communication method thereof |
| WO2021217652A1 (en) * | 2020-04-30 | 2021-11-04 | 西门子股份公司 | Method and apparatus for controlling mobile storage device, and computer-readable medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050015540A1 (en) * | 2003-07-18 | 2005-01-20 | Hung-Chou Tsai | Auto-executable portable data storage device and the method of auto-execution thereof |
| CN101149708A (en) * | 2007-11-02 | 2008-03-26 | 北京合时力科技发展有限公司 | Mobile memory encryption method and method for automatically operating encrypted mobile memory |
| CN101158982A (en) * | 2007-11-22 | 2008-04-09 | 河南华南医电科技有限公司 | Data record device |
| CN201311635Y (en) * | 2008-12-12 | 2009-09-16 | 成都立鑫新技术科技有限公司 | Encryption antivirus mobile storage device |
| CN103488515A (en) * | 2012-12-05 | 2014-01-01 | 张维加 | Equipment combining USB guide system and program virtual machine |
| CN104537310A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method for managing portable storage device and client terminal |
-
2015
- 2015-07-27 CN CN201510444790.7A patent/CN105069382A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050015540A1 (en) * | 2003-07-18 | 2005-01-20 | Hung-Chou Tsai | Auto-executable portable data storage device and the method of auto-execution thereof |
| CN101149708A (en) * | 2007-11-02 | 2008-03-26 | 北京合时力科技发展有限公司 | Mobile memory encryption method and method for automatically operating encrypted mobile memory |
| CN101158982A (en) * | 2007-11-22 | 2008-04-09 | 河南华南医电科技有限公司 | Data record device |
| CN201311635Y (en) * | 2008-12-12 | 2009-09-16 | 成都立鑫新技术科技有限公司 | Encryption antivirus mobile storage device |
| CN103488515A (en) * | 2012-12-05 | 2014-01-01 | 张维加 | Equipment combining USB guide system and program virtual machine |
| CN104537310A (en) * | 2014-12-26 | 2015-04-22 | 北京奇虎科技有限公司 | Method for managing portable storage device and client terminal |
Non-Patent Citations (2)
| Title |
|---|
| 李锁雷: "专用安全U盘脆弱性分析与自防护设计", 《警察技术》 * |
| 郝光烨: "浅析专网安全U 盘技术和应用管理", 《信息安全与通信保密》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108875379A (en) * | 2018-06-27 | 2018-11-23 | 南方电网科学研究院有限责任公司 | The method, apparatus and USB flash disk of USB flash disk storing data |
| CN111274189A (en) * | 2020-03-10 | 2020-06-12 | 国微集团(深圳)有限公司 | USB device and real-time communication method thereof |
| CN111274189B (en) * | 2020-03-10 | 2023-08-08 | 国微集团(深圳)有限公司 | USB equipment and real-time communication method thereof |
| WO2021217652A1 (en) * | 2020-04-30 | 2021-11-04 | 西门子股份公司 | Method and apparatus for controlling mobile storage device, and computer-readable medium |
| US11880459B2 (en) | 2020-04-30 | 2024-01-23 | Siemens Aktiengesellschaft | Method and apparatus for controlling mobile storage device, and computer-readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11586734B2 (en) | Systems and methods for protecting SSDs against threats | |
| US8200965B2 (en) | Storage system for data encryption | |
| CN107563199A (en) | It is a kind of that software detection and defence method in real time are extorted based on file request monitoring | |
| US20130174214A1 (en) | Management Tracking Agent for Removable Media | |
| CN103218575A (en) | Host file security monitoring method | |
| CN104063641A (en) | Hard-disk safety-access control method and hard disk | |
| CN105027498A (en) | A method, system and device for securely storing data files at a remote location by splitting and reassembling said files | |
| CN105718825A (en) | Method and device for detecting malicious USB equipment | |
| CN107567616A (en) | Operating system management | |
| CN201311635Y (en) | Encryption antivirus mobile storage device | |
| CN105069382A (en) | Safe application system suitable for common USB flash disk | |
| CN108449324B (en) | Method and system for safely exchanging data between networks | |
| CN104298930A (en) | Method and system for tracking movable media and electronic document circulation trajectories of movable media in LAN | |
| CN102609371B (en) | System protecting method based on data security | |
| US7447850B1 (en) | Associating events with the state of a data set | |
| CN106951790B (en) | USB storage medium transparent encryption method | |
| JP2015052950A (en) | Data storage device, secure io device | |
| JP2015052951A (en) | Security strengthening device | |
| CN101408919A (en) | Method and system for monitoring computer espionage behavior | |
| CN103051608B (en) | A kind of method and apparatus of movable equipment access monitoring | |
| US20210279329A1 (en) | Security policy and audit log two way inquiry, collation, and tracking system and method | |
| CN105120010A (en) | Anti-stealing method for virtual machine under cloud environment | |
| JP2011138514A (en) | Method and device for detecting if computer file has been copied, and method and device for enabling the detection | |
| KR102311997B1 (en) | Apparatus and method for endpoint detection and response terminal based on artificial intelligence behavior analysis | |
| CN103023651A (en) | Method and device for monitoring access of mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151118 |
|
| RJ01 | Rejection of invention patent application after publication |