CN108376055B - Method and system for protecting disk array data security through trusted channel technology - Google Patents
Method and system for protecting disk array data security through trusted channel technology Download PDFInfo
- Publication number
- CN108376055B CN108376055B CN201810217273.XA CN201810217273A CN108376055B CN 108376055 B CN108376055 B CN 108376055B CN 201810217273 A CN201810217273 A CN 201810217273A CN 108376055 B CN108376055 B CN 108376055B
- Authority
- CN
- China
- Prior art keywords
- disk array
- detection module
- security detection
- operating system
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0637—Permissions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0683—Plurality of storage devices
- G06F3/0689—Disk arrays, e.g. RAID, JBOD
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
Abstract
The embodiment of the invention provides a method and a system for protecting the data security of a disk array through a trusted channel technology, wherein the system comprises the following steps: the system comprises an operating system security detection module arranged on one side of an operating system of a disk array and a disk array security detection module arranged on one side of the disk array, wherein the operating system security detection module is connected with the disk array security detection module through a unique data transmission channel established through a trusted channel technology; when the application program requests to access the disk array, the unique identification parameter of the application program is read through the operating system security detection module and is sent to the disk array security detection module from the data transmission channel, and the disk array security detection module compares the received unique identification parameter of the application program with the record of the application program historical access disk array security detection module for authentication.
Description
Technical Field
The invention relates to the technical field of data security, in particular to a method and a system for protecting the data security of a disk array through a trusted channel technology.
Background
As technology develops, more and more data is stored in electronic form, and thus the reliability of electronic data becomes an important link affecting the security of data. A RAID (Redundant Arrays of Independent Disks) is a storage technology having fault-tolerance (fault-tolerance) and logical data redundancy (local data redundancy) functions, and is a method capable of storing the same data in different places (thus, redundantly) on a plurality of hard Disks. By placing data on multiple hard disks, input and output operations can be overlapped in a balanced manner, improving performance. Storing redundant data also increases fault tolerance because multiple hard disks increase the Mean Time Between Failure (MTBF).
Chinese patent No. CN200710098758.3, application date 2007-04-26, publication No. CN101056175, grant publication No. CN101056175B, applicant: hua is technology, Inc.; the disk array and the access authority control method and device thereof, the server and the server system are disclosed, and the method comprises the following steps:
the method comprises the following steps: the method comprises the steps that a disk array receives an access request for accessing a logical volume sent by a server, wherein the access request carries a server identifier, a logical volume identifier and an access attribute; the disk array inquires an access authority table which represents the access authority of each server to each logical volume of the disk array; and according to the access authority table, when the access authority corresponding to the server identifier and the logical volume identifier does not support the access attribute, the disk array refuses the server to access the logical volume in a mode recorded by the access attribute.
The method provides a disk array technology for ensuring data security, but with the development of cloud computing virtualization containers developed in the current technology, simulation server identification or simulation of one server identification for each access is required to acquire data.
At present, the scale of traditional application is continuously enlarged, the rapid expansion of unstructured data is caused by the explosion of big data, virtualization and cloud computing, a traditional application server and disk array storage framework is gradually added into the existing cloud environment, and the authority of a machine room administrator is increasingly larger and can copy data randomly; these risks all result in the possibility that the storage device itself may be populated with trojans, viruses, backdoor software. The existing means for controlling the access authority of the stored data, encrypting the data and the like have difficulty in preventing the core data from being leaked.
Disclosure of Invention
Aiming at the problem that the data security of disk array storage cannot be guaranteed in the prior art, the technical problem to be solved by the embodiment of the invention is to provide a method and a system for protecting the data security of a disk array through a trusted channel technology, establish a safer and more effective data security technology aiming at the existing data type, and at least partially solve the problems in the prior art.
In order to solve the above problem, an embodiment of the present invention provides a system for protecting data security of a disk array through a trusted channel technology, including: the system comprises an operating system security detection module arranged on one side of an operating system of a disk array and a disk array security detection module arranged on one side of the disk array, wherein the operating system security detection module is connected with the disk array security detection module through a unique data transmission channel established through a trusted channel technology;
and when the application program requests to access the disk array, the unique identification parameter of the application program is read by the operating system security detection module and is sent to the disk array security detection module from the data transmission channel, and the disk array security detection module compares the received unique identification parameter of the application program with the record of the application program historical access disk array security detection module for authentication.
Wherein the unique identification parameter comprises at least one of: application name, process name, user name.
The disk array security detection module is used for executing the following operations:
the disk array safety detection module carries out identity verification and authority verification in real time through the stored historical records; if the authentication is passed, allowing the application program corresponding to the access request to read and write the disk array, and storing the name, the process name and the user name of the application program corresponding to the access request for later authentication; and intercepting the access request if the authentication fails.
The disk array security detection module is further configured to perform the following operations: and if the authentication fails, the alarm information is sent.
The disk array security detection module is further configured to perform the following operations:
and if the authentication fails, storing the unique identification parameter contained in the access request.
Wherein the operating system security detection module is configured to perform the following operations:
when a kernel read-write module of an operating system of the disk array sends an access request requesting to access the disk array, a security detection module of the operating system intercepts the access request and analyzes the access request to obtain a unique identification parameter in the access request.
The security detection module of the operating system is connected with a kernel read-write module of the operating system of the disk array, and the security detection module of the disk array is connected with an iSCSI access module;
meanwhile, the embodiment of the invention also provides a method for protecting the data security of the disk array through the trusted channel technology, which comprises the following steps:
reading an access request for accessing the disk array by using an operating system security detection module arranged on one side of an operating system of the disk array, and acquiring a unique identification parameter of a corresponding application program from the access request;
the unique parameter is sent to a disk array safety detection module at one side of a disk array through a data transmission channel; the data transmission channel is the only channel which passes through the operating system security detection module and the disk array security detection module and is established by a trusted channel technology;
and after the disk array security detection module receives the unique identification parameter of the application program sent by the operating system security detection module from the data transmission channel, reading historical access data of the application program stored by the disk array security detection module, and comparing the historical access data with the received unique identification parameter for authentication.
The authentication is performed by comparing the historical access data with the received unique identification parameter, and specifically includes:
the disk array safety detection module carries out identity verification and authority verification in real time through the stored historical records; if the authentication is passed, allowing the application program corresponding to the access request to read and write the disk array, and storing the name, the process name and the user name of the application program corresponding to the access request for later authentication; and intercepting the access request if the authentication fails.
Acquiring the unique identification parameter of the corresponding application program from the access request specifically includes:
when a kernel read-write module of an operating system of the disk array sends an access request requesting to access the disk array, a security detection module of the operating system intercepts the access request and analyzes the access request to obtain a unique identification parameter in the access request.
The technical scheme of the invention has the following beneficial effects: according to the technical scheme, the method and the system for protecting the data security of the disk array through the trusted channel technology can compare the read request of one side of the operating system with the access record stored at one side of the disk array through an independent data transmission channel established through the trusted channel technology, so that the unique identification parameter of the application program received by the operating system is consistent with the unique identification parameter of the application program accessing the disk array. The security authentication system independent of the existing operating system and the disk array can improve the security of the workflow when the existing operating system reads the disk array.
Drawings
FIG. 1 is a schematic diagram of a conventional connection logic module between an operating system OS and a disk array LU;
FIG. 2 is a block diagram of a system according to an embodiment of the present invention;
FIG. 3 is a flow chart of a method according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages of the present invention more apparent, the following detailed description is given with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, in the prior art, the operating system of the disk array is provided with a kernel read-write module to provide a read-write interface of an external operating system, and the disk array is further provided with an iSCSI access module based on the iSCSI technology to realize reading and writing of a physical hard disk; the kernel read-write module is connected with the iSCSI access module to realize the data read-write of the external operating system to the physical hard disk. The iSCSI technology is a technology for realizing the mutual combination of physical hard disk equipment and a TCP/IP network protocol, so that a user can conveniently access shared storage resources provided by a remote computer room through the Internet. Namely: as described in fig. 1, the OS initiates an access request based on the access initiation module Initiator, the access request is transmitted to the iSCSI access module Target in the disk array through the TCP/IP network, and then the iSCSI access module Target accesses the physical hard disk LU.
Whether the method is based on the security authentication or does not need the authentication, the method is initiated by an operating system and reads and writes data to the disk array terminal. In a security authentication scene, when an operating system initiates a request to a disk array, the operating system carries an identifier of a server, and reads and writes data after verification of a disk array end is passed without blocking.
In the method and system for protecting data security of a disk array through a trusted channel technology provided by the embodiment of the invention, the network topology is as shown in fig. 2, a unique data transmission channel is established between an inner core read-write module and an iSCSI access module, and security detection modules are arranged at two ends of the unique data transmission channel, namely an operating system and the disk array. As shown in fig. 2, an operating system security detection module is disposed at one side of the operating system, and is configured to read a unique identification parameter of a current application program; one side of the disk array is provided with a disk array safety detection module for recording the unique identification parameter of the application program which has accessed the disk array; the operating system security detection module is connected with the disk array security detection module through a unique data transmission channel, the operating system security detection module is connected with a kernel read-write module of an operating system, the disk array security detection module is connected with an iSCSI access module so as to read a unique identification parameter of an application program through the operating system security detection module and send the unique identification parameter to the disk array security detection module from the data transmission channel when the application program requests to access the disk array, and the disk array security detection module compares the received unique identification parameter of the application program with the unique identification parameter of the application program recorded by the disk array security detection module during the previous access of the application program so as to carry out authentication;
wherein the unique identification parameter comprises at least one of: application name, process name, user name.
In the embodiment of the invention, the client with the security detection module is used for replacing the original client at the operating system side, and the disk array side drive service with the security detection module is used for replacing the original disk array side drive service. Therefore, when the operating system accesses the disk array, all accesses need to be detected by the operating system security detection module; the operating system security detection module acquires the name, the process name and the user name of the application program which initiates the access request to the client, and then the operating system security detection module sends the unique identification parameters to the disk array security detection module. In the embodiment of the invention, the disk array security detection module stores each access so as to store the name, the process name and the user name of the application program which is authorized to access the disk array. After the operating system security detection module acquires the name, the process name and the user name of the application program of which the client initiates the access request, the name, the process name and the user name are transmitted to the disk array security detection module through the data transmission channel, so that the disk array security detection module can perform identity verification and authority verification in real time through the stored history record. If the authentication is passed, allowing the access request to read and write the disk array, and storing the name, the process name and the user name of the application program corresponding to the access request for later authentication; and if the authentication fails, intercepting the access request and sending alarm information.
The technical scheme of the embodiment of the invention mainly binds a kernel read-write module of an operating system using a disk array and a disk array ISCSI service to a new module service, carries out security detection on the application software names, process names and user names of all clients accessing the disk array in advance and compares the application software names, process names and user names with the application software names, process names and user names of the clients performing read-write operation last time to determine that the application software is credible in process and can normally access data, otherwise, carries out interception and alarm operation.
In view of the above disadvantages, the present invention provides a technology for proposing a trusted channel between a disk array and a client using the disk array, wherein a unique data transmission channel is established from a kernel read-write module of an operating system using the disk array and a disk array device, and a security mechanism is established in the channel, thereby ensuring security and reliability during reading and using.
The method mainly binds a kernel read-write module of an operating system using the disk array and the ISCSI service of the disk array to a new module service, carries out security detection on the names of application software, processes and user names of all clients accessing the disk array in advance, compares the names with the names of the application software, the processes and the user names of the clients which have read-write operation last time, and determines that the application software and the processes are credible and can normally access data, or else carries out interception and alarm operation.
The following figures do not represent any deployment of the existing disk array and the client of the magnetic array that needs to be accessed:
all modes based on safety authentication or without authentication are that an operating system initiates data writing at a disk array end, and when the operating system initiates a request at the disk array end in a safety authentication scene, an identifier with a server verifies that the data is read and written at the disk array end and is not blocked. In our deployment scenario as shown in the figure:
the method comprises the steps that data protection modules are respectively installed on an operating system and a disk array and are respectively bound with a disk array end service of an operating system end, the safety protection modules immediately stop using an operating system application program process and disk data of the disk array once any end stops, meanwhile, once application programs at two ends of the safety modules are found, the operating system application program process and the disk data use of the disk array are immediately stopped when the processes are different, meanwhile, the name, the process and the user name of a pre-accessed safety application program can be set, and once the disk array end finds that the access which does not meet requirements immediately blocks writing.
The method mainly comprises the following steps as shown in figure 2:
step 1: replacing the disk array drive service of the system by using the client with the safety function, and binding the client with the safety module of the disk array;
step 2: all accesses to the disk array are subjected to identity verification and authority verification in real time to a security module of the disk array end through the client-side software name and process name users;
and step 3: the access identification record which does not meet the safety requirement alarms and intercepts;
and 4, step 4: and the process name user normally reads and writes the name of the software which meets the safety requirement to the disk array at the present time.
The technical means for protecting the data security of the disk array by deploying or singly using the security module at one end by authority authentication, encryption and the like in the scheme is not limited in the invention.
The technology establishes independent credible channels on the disk array and a server or a PC machine which needs to access the data of the disk array to verify whether each reading and writing of the two parties are in accordance with the rules or detect whether one party is a disguised program, and once the two conditions are found, immediately performs interception alarm, so that the real safety of the data on the disk array is achieved.
The technical scheme can be realized by the following modes:
1. modifying the drive module of the server to the disk array, implanting a security mechanism in the drive program, thereby establishing a separate trusted channel technical mechanism on the disk array and the server or PC machine which needs to access the data of the disk array, and binding with the ISCSI service of the disk array
2. The operating system of the security module deployed by the server or the PC, which needs to access the disk array data, can be any version of Windows, linux, MAC, android, homemade operating system and the like.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the appended claims.
Claims (7)
1. A system for securing disk array data via trusted channel technology, comprising: the system comprises an operating system security detection module arranged on one side of an operating system of a disk array and a disk array security detection module arranged on one side of the disk array, wherein the operating system security detection module is connected with the disk array security detection module through a data transmission channel established by a unique trusted channel technology;
the operating system security detection module is connected with a kernel read-write module of an operating system at one side of the disk array, and the disk array security detection module is connected with an iSCSI access module;
the operating system security detection module is used for acquiring the unique identification parameter of the application program from the access request when the application program requests to access the disk array, and sending the unique identification parameter to the disk array security detection module from the data transmission channel;
the disk array security detection module is used for reading historical access data of the application program stored by the disk array security detection module after receiving the unique identification parameter of the application program sent by the operating system security detection module from the data transmission channel, and comparing the historical access data with the received unique identification parameter for authentication;
the disk array security detection module is specifically used for performing identity verification and authority verification in real time through stored historical records; if the authentication is passed, allowing the application program corresponding to the access request to read and write the disk array, and storing the name, the process name and the user name of the application program corresponding to the access request for later authentication; and intercepting the access request if the authentication fails.
2. The system for securing disk array data via trusted channel technology as claimed in claim 1, wherein said unique identification parameter comprises at least one of: application name, process name, user name.
3. The system for securing data of a disk array through a trusted channel technology as claimed in claim 1, wherein said disk array security detection module is further configured to: and if the authentication fails, sending alarm information.
4. The system for securing data of a disk array through a trusted channel technology as claimed in claim 1, wherein said disk array security detection module is further configured to: and if the authentication is successful, storing the unique identification parameter contained in the access request.
5. The system for securing data of a disk array through a trusted channel technology as claimed in claim 1, wherein said os security detection module is configured to perform the following operations:
when a kernel read-write module of an operating system of the disk array sends an access request requesting to access the disk array, a security detection module of the operating system intercepts the access request and analyzes the access request to obtain a unique identification parameter in the access request.
6. A method for protecting the data security of a disk array by a trusted channel technology is characterized in that,
the method comprises the following steps:
reading an access request for accessing the disk array by using an operating system security detection module arranged on one side of an operating system of the disk array, and acquiring a unique identification parameter of a corresponding application program from the access request;
the operating system security detection module is connected with a kernel read-write module of the operating system at one side of the disk array, and the disk array security detection module is connected with an iSCSI access module;
the operating system security detection module sends the unique identification parameter to the disk array security detection module on one side of the disk array through a data transmission channel; the data transmission channel is the only channel established between the operating system security detection module and the disk array security detection module through a trusted channel technology;
after the disk array security detection module receives the unique identification parameter of the application program sent by the operating system security detection module from the data transmission channel, reading historical access data of the application program stored by the disk array security detection module, and comparing the historical access data with the received unique identification parameter for authentication;
the disk array security detection module compares the historical access data with the received unique identification parameter for authentication, and specifically includes:
the disk array safety detection module carries out identity verification and authority verification in real time through the stored historical records; if the authentication is passed, allowing the application program corresponding to the access request to read and write the disk array, and storing the name, the process name and the user name of the application program corresponding to the access request for later authentication; and intercepting the access request if the authentication fails.
7. The method for protecting data security of a disk array through the trusted channel technology as claimed in claim 6, wherein the obtaining of the unique identification parameter of the corresponding application program from the access request specifically includes:
when a kernel read-write module of an operating system of the disk array sends an access request requesting to access the disk array, a security detection module of the operating system intercepts the access request and analyzes the access request to obtain a unique identification parameter in the access request.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810217273.XA CN108376055B (en) | 2018-03-16 | 2018-03-16 | Method and system for protecting disk array data security through trusted channel technology |
PCT/CN2019/078500 WO2019174646A1 (en) | 2018-03-16 | 2019-03-18 | Method and system for protecting raid array data security by means of trusted channel technology. |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810217273.XA CN108376055B (en) | 2018-03-16 | 2018-03-16 | Method and system for protecting disk array data security through trusted channel technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108376055A CN108376055A (en) | 2018-08-07 |
CN108376055B true CN108376055B (en) | 2021-08-17 |
Family
ID=63018820
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810217273.XA Active CN108376055B (en) | 2018-03-16 | 2018-03-16 | Method and system for protecting disk array data security through trusted channel technology |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108376055B (en) |
WO (1) | WO2019174646A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108376055B (en) * | 2018-03-16 | 2021-08-17 | 何小林 | Method and system for protecting disk array data security through trusted channel technology |
CN112800493A (en) * | 2021-02-07 | 2021-05-14 | 联想(北京)有限公司 | Information processing method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056237A (en) * | 2006-03-31 | 2007-10-17 | 株式会社东芝 | Method and system for controlling access to logical unit of a storage device shared by computers |
CN103838516A (en) * | 2012-11-23 | 2014-06-04 | 中国科学院声学研究所 | Method and system for multi-core processor to efficiently have access to iSCSI disk array |
CN103927489A (en) * | 2014-04-22 | 2014-07-16 | 陈幼雷 | System and method for trusted storage of data |
CN106789909A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | The network data transmission method of application program, apparatus and system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
ES2581548T3 (en) * | 2010-08-18 | 2016-09-06 | Security First Corp. | Systems and procedures to ensure virtual machine computing environments |
CN103268455B (en) * | 2013-05-09 | 2015-12-02 | 华为技术有限公司 | The access method of data and device |
CN103778384B (en) * | 2014-02-24 | 2016-09-28 | 北京明朝万达科技股份有限公司 | The guard method of the virtual terminal security context of a kind of identity-based certification and system |
CN104268484B (en) * | 2014-09-24 | 2016-08-24 | 科云(上海)信息技术有限公司 | Data leakage prevention method under a kind of cloud environment based on virtual isolation mech isolation test |
CN107770200A (en) * | 2017-12-11 | 2018-03-06 | 湖南中科优信科技有限公司 | A kind of storage system process access safety guard method and system |
CN108376055B (en) * | 2018-03-16 | 2021-08-17 | 何小林 | Method and system for protecting disk array data security through trusted channel technology |
-
2018
- 2018-03-16 CN CN201810217273.XA patent/CN108376055B/en active Active
-
2019
- 2019-03-18 WO PCT/CN2019/078500 patent/WO2019174646A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101056237A (en) * | 2006-03-31 | 2007-10-17 | 株式会社东芝 | Method and system for controlling access to logical unit of a storage device shared by computers |
CN103838516A (en) * | 2012-11-23 | 2014-06-04 | 中国科学院声学研究所 | Method and system for multi-core processor to efficiently have access to iSCSI disk array |
CN103927489A (en) * | 2014-04-22 | 2014-07-16 | 陈幼雷 | System and method for trusted storage of data |
CN106789909A (en) * | 2016-11-22 | 2017-05-31 | 北京奇虎科技有限公司 | The network data transmission method of application program, apparatus and system |
Also Published As
Publication number | Publication date |
---|---|
CN108376055A (en) | 2018-08-07 |
WO2019174646A1 (en) | 2019-09-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8151119B2 (en) | Method and apparatus for secure data mirroring a storage system | |
US10102356B1 (en) | Securing storage control path against unauthorized access | |
EP3577590B1 (en) | Methods and systems for performing an early retrieval process during the user-mode startup of an operating system | |
US8954965B2 (en) | Trusted execution environment virtual machine cloning | |
US9292226B2 (en) | Adaptive data management using volume types | |
US10192064B2 (en) | Method of security access control for hard disk and hard disk | |
US8463989B2 (en) | Storage device and method utilizing both block I/O and file I/O access | |
US9864655B2 (en) | Methods and apparatus for mobile computing device security in testing facilities | |
US10015015B1 (en) | Method and apparatus for verifying system log integrity | |
CN104008330B (en) | Based on file is centrally stored and anti-data-leakage system of isolation technology and its method | |
US10110383B1 (en) | Managing embedded and remote encryption keys on data storage systems | |
US9268492B2 (en) | Network based management of protected data sets | |
CN108376055B (en) | Method and system for protecting disk array data security through trusted channel technology | |
WO2019174647A1 (en) | Data protection system and method for disk array | |
CN113505363B (en) | Method and system for realizing memory space replay prevention through software mode | |
US20240037213A1 (en) | Implementing multi-party authorizations to thwart a ransomware attack | |
US20240037212A1 (en) | Implementing multi-party authorizations within an identity and access management regime | |
RU2571380C2 (en) | System and method of isolating resources using resource managers | |
US8938400B2 (en) | Apparatus, system, and method for checking the health of encryption key managers | |
CN109254872A (en) | A kind of security access system for education big data | |
US20220150241A1 (en) | Permissions for backup-related operations | |
US11200321B2 (en) | Maintaining trust on a data storage network | |
US11502853B2 (en) | Establishing trust on a data storage network | |
CN114626084A (en) | Secure smart container for controlling access to data | |
US8572401B1 (en) | Systems and methods for securing data of volume mirrors |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |