CN109002726A - The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS - Google Patents

The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS Download PDF

Info

Publication number
CN109002726A
CN109002726A CN201810574682.5A CN201810574682A CN109002726A CN 109002726 A CN109002726 A CN 109002726A CN 201810574682 A CN201810574682 A CN 201810574682A CN 109002726 A CN109002726 A CN 109002726A
Authority
CN
China
Prior art keywords
file
encryption
decryption
write
read
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810574682.5A
Other languages
Chinese (zh)
Inventor
刘轶斌
谢永胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Hua Tao Information Security Technology Ltd By Share Ltd
Original Assignee
Zhejiang Hua Tao Information Security Technology Ltd By Share Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Hua Tao Information Security Technology Ltd By Share Ltd filed Critical Zhejiang Hua Tao Information Security Technology Ltd By Share Ltd
Priority to CN201810574682.5A priority Critical patent/CN109002726A/en
Publication of CN109002726A publication Critical patent/CN109002726A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The invention discloses a kind of methods of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS, include the following steps: step 1, find the address of sys_close function;Step 2 reads the data in memory, is matched since memory initial address, if content is the address that system calls sys_close, successful match is carried out in next step;If it is not, then it fails to match, continue to read the data in next piece of memory, and matched;Step 3, after successful match, system calls open, read, write, mmap, msync function on hook, to carry out encryption and decryption to data;Step 4 reaches the function of file encryption protection.This method steps flow chart is simple, and platform compatibility is wide, is applicable not only to Mips processor, while applying also for Arm processor;Lookup mode is simple;Code is easily understood.

Description

The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS
Technical field
The present invention relates to (SuSE) Linux OS field, especially a kind of file read-write of (SuSE) Linux OS is transparent plus solves Close method.
Background technique
(SuSE) Linux OS on X86 platform can call function by access particular register come hook system (open, read, write, mmap, msync), to reach the effect of transparent encryption and decryption.
The prior art is mostly with the following method: the system of the (SuSE) Linux OS of X86 platform calls hook technology, is Unique construction based on X86 platform (chip) --- interrupt-descriptor table (IDT) --- finds come searching system call list and is Unite call list, can hook system call function, to intercept open, read, write, mmap, during msync system is called Data flow carries out encryption and decryption.
But such method can not be compatible with Arm platform (chip), and code complexity is higher;Market needs one kind can Suitable for Arm platform and the transparent encryption and decryption of the simple file read-write of code method;The present invention solves such problems.
Summary of the invention
To solve the deficiencies in the prior art, the purpose of the present invention is to provide a kind of file read-writes of (SuSE) Linux OS The method of transparent encryption and decryption, this method steps flow chart is simple, and platform compatibility is wide, is applicable not only to Mips processor, simultaneously also Suitable for Arm processor;Lookup mode is simple;Code is easily understood.
In order to achieve the above objectives, the present invention adopts the following technical scheme that:
The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS, includes the following steps:
Step 1 finds the address of sys_close function;
Step 2 reads the data in memory, is matched since memory initial address, if content is system tune With the address of sys_close, then successful match, carries out in next step;If it is not, then it fails to match, continue to read next piece of memory In data, and matched;
Step 3, after successful match, system calls open, read, write on hook, mmap, msync function, thus Encryption and decryption is carried out to data;
Step 4 reaches the function of file encryption protection.
The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS above-mentioned, step 3, after successful match, The upper system of hook calls open, read, write, mmap, msync function, to carry out encryption and decryption to data;
The detailed process of encryption and decryption includes the following steps:
Step a checks process white list and file suffixes name white list by the data flow in the open of interception, obtains The file information, and the file information is added in privately owned list;
Step b, in conjunction with the list being arranged in open, judges whether file is close by the read/mmap data flow of interception Data flow is decrypted text;
Step c judges whether file needs in conjunction with the list being arranged in open by the write/msync data flow of interception It encrypts, and is encrypted when needed;
Step d is called by interception exit system, privately owned list is cleaned up when process exits;
Step e is called by interception stat serial system, obtains the length of file after encryption, file after the encryption Length includes file encryption head;
Step f is called by interception lseek system, file pointer is made to be displaced to correct position.
The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS above-mentioned, the address packet of sys_close function It includes: being 0xffffffff811eb720 in ubuntu14.04 system, be in ubuntu16.04 system 0xffffffffb5840370 is 0xffffffff803338c8 in acceptance of the bid kylin system.
The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS above-mentioned, this method based on CPU include: Arm Processor or Mips processor.
The invention has the beneficial effects that:
This method eliminates the reliance on the distinctive construction of X86 platform, but uses the universal feature of (SuSE) Linux OS instead, that is, only One guiding system calls --- sys_close;Steps flow chart is simple, and platform compatibility is wide, is applicable not only to Mips processor, together When apply also for Arm processor.
Since memory initial address, subsystem call table is directly searched;It is straight that lookup mode is changed to simple internal storage data Connect matching;
Code is easily understood.
Detailed description of the invention
Fig. 1 is a kind of flow chart of embodiment of the invention.
Specific embodiment
Specific introduce is made to the present invention below in conjunction with the drawings and specific embodiments.
The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS, includes the following steps:
Step 1 finds the address of sys_close function;As one embodiment, the address packet of sys_close function It includes: being 0xffffffff811eb720 in ubuntu14.04 system, be in ubuntu16.04 system 0xffffffffb5840370 is 0xffffffff803338c8 in acceptance of the bid kylin system.
Step 2 reads the data in memory, is matched since memory initial address, if content is system tune With the address of sys_close, then successful match, carries out in next step;If it is not, then it fails to match, continue to read next piece of memory In data, and matched.
Step 3, after successful match, system calls open, read, write on hook, mmap, msync function, thus Encryption and decryption is carried out to data;
The detailed process of encryption and decryption includes the following steps:
Step a checks process white list and file suffixes name white list by the data flow in the open of interception, obtains The file information, and the file information is added in privately owned list;
Step b, in conjunction with the list being arranged in open, judges whether file is close by the read/mmap data flow of interception Data flow is decrypted text;
Step c judges whether file needs in conjunction with the list being arranged in open by the write/msync data flow of interception It encrypts, and is encrypted when needed;
Step d is called by interception exit system, privately owned list is cleaned up when process exits;
Step e is called by interception stat serial system, obtains the length of file after encryption, file after the encryption Length includes file encryption head;
Step f is called by interception lseek system, file pointer is made to be displaced to correct position.
Step 4 reaches the function of file encryption protection.
The applicable hardware of this method, as one embodiment, it is Arm64 that CPU, which can be used, and DDR is the computer of 8G;Make For another embodiment, it is Mips64 that CPU, which can be used, and DDR is the computer of 8G.
This method eliminates the reliance on the distinctive construction of X86 platform, but uses the universal feature of (SuSE) Linux OS instead, that is, only One guiding system calls --- sys_close;Steps flow chart is simple, and platform compatibility is wide, is applicable not only to Mips processor, together When apply also for Arm processor;Since memory initial address, subsystem call table is directly searched;Lookup mode is changed to simply Internal storage data directly match;Code is easily understood.
The basic principles, main features and advantages of the invention have been shown and described above.The technical staff of the industry should Understand, the above embodiments do not limit the invention in any form, all obtained by the way of equivalent substitution or equivalent transformation Technical solution is fallen within the scope of protection of the present invention.

Claims (4)

  1. The method of the transparent encryption and decryption of the file read-write of 1.Linux operating system, which comprises the steps of:
    Step 1 finds the address of sys_close function;
    Step 2 reads the data in memory, is matched since memory initial address, if content is system calling The address of sys_close, then successful match, carries out in next step;If it is not, then it fails to match, continue to read in next piece of memory Data, and matched;
    Step 3, after successful match, system calls open, read, write, mmap, msync function, thus logarithm on hook According to progress encryption and decryption;
    Step 4 reaches the function of file encryption protection.
  2. 2. the method for the transparent encryption and decryption of the file read-write of (SuSE) Linux OS according to claim 1, which is characterized in that Step 3, after successful match, system calls open, read, write on hook, mmap, msync function, thus to data into Row encryption and decryption;
    The detailed process of encryption and decryption includes the following steps:
    Step a checks process white list and file suffixes name white list by the data flow in the open of interception, obtains file Information, and the file information is added in privately owned list;
    Step b, in conjunction with the list being arranged in open, judges whether file is ciphertext by the read/mmap data flow of interception, Data flow is decrypted;
    Step c judges whether file needs to add in conjunction with the list being arranged in open by the write/msync data flow of interception It is close, and encrypted when needed;
    Step d is called by interception exit system, privately owned list is cleaned up when process exits;
    Step e is called by interception stat serial system, obtains the length of file after encryption, the length of file after the encryption Include file encryption head;
    Step f is called by interception lseek system, file pointer is made to be displaced to correct position.
  3. 3. the method for the transparent encryption and decryption of the file read-write of (SuSE) Linux OS according to claim 1, which is characterized in that The address of the sys_close function includes: in ubuntu14.04 system for 0xffffffff811eb720, It is 0xffffffffb5840370 in ubuntu16.04 system, is 0xffffffff803338c8 in acceptance of the bid kylin system.
  4. 4. the method for the transparent encryption and decryption of the file read-write of (SuSE) Linux OS according to claim 1, which is characterized in that This method based on CPU include: Arm processor or Mips processor.
CN201810574682.5A 2018-06-06 2018-06-06 The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS Pending CN109002726A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810574682.5A CN109002726A (en) 2018-06-06 2018-06-06 The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810574682.5A CN109002726A (en) 2018-06-06 2018-06-06 The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS

Publications (1)

Publication Number Publication Date
CN109002726A true CN109002726A (en) 2018-12-14

Family

ID=64599934

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810574682.5A Pending CN109002726A (en) 2018-06-06 2018-06-06 The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS

Country Status (1)

Country Link
CN (1) CN109002726A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109697366A (en) * 2018-12-29 2019-04-30 上海上讯信息技术股份有限公司 A kind of Android file transparent encipher-decipher method based on hook
CN109886034A (en) * 2019-02-27 2019-06-14 北京智游网安科技有限公司 A kind of APK data encryption processing method, intelligent terminal and storage medium
CN112560068A (en) * 2020-12-28 2021-03-26 山东云缦智能科技有限公司 Android program storage encryption method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102254124A (en) * 2011-07-21 2011-11-23 周亮 Information security protecting system and method of mobile terminal
CN104331644A (en) * 2014-11-24 2015-02-04 北京邮电大学 Transparent encryption and decryption method for intelligent terminal file
CN106203130A (en) * 2016-06-26 2016-12-07 厦门天锐科技股份有限公司 A kind of transparent encipher-decipher method driving layer based on Intelligent Dynamic
CN107450964A (en) * 2017-08-10 2017-12-08 西安电子科技大学 It is a kind of to be used to finding that virtual machine is examined oneself whether there is the method for leak in system
CN107480538A (en) * 2017-06-30 2017-12-15 武汉斗鱼网络科技有限公司 File encrypting method, device, computer-readable recording medium and equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102254124A (en) * 2011-07-21 2011-11-23 周亮 Information security protecting system and method of mobile terminal
CN104331644A (en) * 2014-11-24 2015-02-04 北京邮电大学 Transparent encryption and decryption method for intelligent terminal file
CN106203130A (en) * 2016-06-26 2016-12-07 厦门天锐科技股份有限公司 A kind of transparent encipher-decipher method driving layer based on Intelligent Dynamic
CN107480538A (en) * 2017-06-30 2017-12-15 武汉斗鱼网络科技有限公司 File encrypting method, device, computer-readable recording medium and equipment
CN107450964A (en) * 2017-08-10 2017-12-08 西安电子科技大学 It is a kind of to be used to finding that virtual machine is examined oneself whether there is the method for leak in system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109697366A (en) * 2018-12-29 2019-04-30 上海上讯信息技术股份有限公司 A kind of Android file transparent encipher-decipher method based on hook
CN109886034A (en) * 2019-02-27 2019-06-14 北京智游网安科技有限公司 A kind of APK data encryption processing method, intelligent terminal and storage medium
CN112560068A (en) * 2020-12-28 2021-03-26 山东云缦智能科技有限公司 Android program storage encryption method

Similar Documents

Publication Publication Date Title
EP2763045B1 (en) Method and apparatus for allocating memory space with write-combine attribute
US10282192B1 (en) Updating device code through a bus
US6073206A (en) Method for flashing ESCD and variables into a ROM
US10521361B2 (en) Memory write protection for memory corruption detection architectures
US9858192B2 (en) Cross-page prefetching method, apparatus, and system
CN109002726A (en) The method of the transparent encryption and decryption of the file read-write of (SuSE) Linux OS
US20130311434A1 (en) Method, apparatus and system for data deduplication
US10496388B2 (en) Technologies for securing a firmware update
US7975260B1 (en) Method of direct access and manipulation of debuggee memory from debugger
US8607231B1 (en) Method and system for processing isochronous data packets using virtual USB controller and placing the isochronous data packets into a look-ahead queue having a plurality of blank packets
US20120131235A1 (en) Using a table to determine if user buffer is marked copy-on-write
US20160371098A1 (en) Communication of device presence between boot routine and operating system
US7484210B2 (en) Apparatus and method for a generic, extensible and efficient data manager for virtual peripheral component interconnect devices (VPCIDs)
US11204874B2 (en) Secure memory repartitioning technologies
US20150149751A1 (en) Cpu-based measured boot
US10540291B2 (en) Tracking and managing translation lookaside buffers
US20030005272A1 (en) System and method for external bus device support
JP5011584B2 (en) Chipset support for binding and migrating hardware devices between heterogeneous processing units
US20190163606A1 (en) Checking system, checking method and compiling method of system start-up file
CN111444119A (en) Feiteng platform nonvolatile memory registration method based on kernel parameters
CN114491607A (en) Cloud platform data processing method and device, computer equipment and storage medium
US20230281113A1 (en) Adaptive memory metadata allocation
WO2020177567A1 (en) Method, apparatus, and system for migrating data
US20060277326A1 (en) Data transfer system and method
US6915393B2 (en) Method and apparatus for physical memory partitioning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181214