CN110413567A - A kind of virtual net disk technology device based on filter Driver on FSD - Google Patents

A kind of virtual net disk technology device based on filter Driver on FSD Download PDF

Info

Publication number
CN110413567A
CN110413567A CN201910607175.1A CN201910607175A CN110413567A CN 110413567 A CN110413567 A CN 110413567A CN 201910607175 A CN201910607175 A CN 201910607175A CN 110413567 A CN110413567 A CN 110413567A
Authority
CN
China
Prior art keywords
file
virtual
reel
dropbox
virtual net
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910607175.1A
Other languages
Chinese (zh)
Other versions
CN110413567B (en
Inventor
罗永秀
杨全福
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Hongyi Software Technology Co Ltd
Original Assignee
Shanghai Hongyi Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Hongyi Software Technology Co Ltd filed Critical Shanghai Hongyi Software Technology Co Ltd
Priority to CN201910607175.1A priority Critical patent/CN110413567B/en
Publication of CN110413567A publication Critical patent/CN110413567A/en
Application granted granted Critical
Publication of CN110413567B publication Critical patent/CN110413567B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1824Distributed file systems implemented using Network-attached Storage [NAS] architecture
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/188Virtual file systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention relates to a kind of virtual net disk technology device based on filter Driver on FSD, it is characterized in that, including file filter device, virtual net disc apparatus device, asynchronous download apparatus, virtual Dropbox application subsystem device, Verification System device, Redirectional system device.Reel is downloaded on demand when double-clicking file, preferentially obtains urgent document, at the same have the characteristics that file update high-efficient, hard drive space occupy less, network bandwidth occupy it is low.

Description

A kind of virtual net disk technology device based on filter Driver on FSD
Technical field
The present invention relates to Internet technical field, especially a kind of technical field of virtual net disk technology.
Background technique
With the arrival of Internet era, internet information data just increase at a terrific speed, and text is as internet The main supporting body of information, data volume is very big, and contains many important informations.With the arrival of big data era, urgently Virtual net disc apparatus device is needed, by being based on filter Driver on FSD technology, the virtual Dropbox zone devices of Kernel Filtering is realized, builds Vertical virtual net disc apparatus establishes a kind of redirection relationship with local true NTFS partition path, is converted into driving virtual Dropbox It is dynamic, the offset read-write operation of disk sector is saved.It is carried under asynchronous to virtual Dropbox using asynchronous download mechanism, it can be real When Dynamically Announce cloud lists of documents, reel downloads on demand when double-clicking file, preferentially obtains urgent document, while having file more The shortcomings that new high-efficient, hard drive space occupies less, network bandwidth occupies low feature, this method is when data volume is big It waits, ability and speed are very slow.
Summary of the invention
In view of this, the present invention provides a kind of solution or part solves the above problems, one kind being based on filter Driver on FSD Virtual net disk technology device.To achieve the effect that above-mentioned technical proposal, the technical solution of the present invention is as follows: being filled comprising file filter It sets, virtual net disc apparatus device, asynchronous download apparatus, virtual Dropbox application subsystem device, Verification System device, redirect system Bulk cargo is set;
File filter device is provided to the system interface of application layer file for third party's module calling, is realized customized File system;File filter device includes sequence signature extraction module, recognition sequence module, sequence alignment module, sequence analysis Module, sequence checking module;Sequence signature extraction module extracts corresponding characteristic sequence feature for different file operations, Be sent to recognition sequence module and identify whether be required file can call operation, sequence alignment module grasps for required file Perform an analysis sequence signature, and sequence checking module is sent to text using filter Driver on FSD technical intercept to file needed for sequence analysis Part driving is tracked according to the file operation come identifying call application layer intercepted to what calling application layer operation generated And analysis, to realize the management and monitoring for calling filter operation to file;
Virtual net disc apparatus device is based on filter Driver on FSD technology, realizes the virtual Dropbox zone devices of Kernel Filtering, builds Vertical virtual net disc apparatus, foundation establish a kind of redirection relationship with local true NTFS partition path;Asynchronous download apparatus pair Virtual Dropbox uses asynchronous download mechanism, can Real time dynamic display cloud lists of documents, reel is downloaded on demand when double-clicking file, excellent First obtain urgent document;
Virtual net disc apparatus device is in filter Driver on FSD technical foundation, using based on Kernel Filtering access control skill Art;Access control based on Kernel Filtering connects permission and Kernel Filtering, is in systems not according to the needs of application The same corresponding Kernel Filtering of demand and creating environments, while being needed to assign suitable Kernel Filtering according to reel, reel passes through The Kernel Filtering assigned obtains corresponding permission;
Virtual Dropbox application subsystem apparatus function is that the interface for only having control foreground in whole system is handed over reel Mutually, it is connected to the request of reel, virtual net disc apparatus device is transferred to and is handled, the result of processing is presented to the face of reel Before;
Verification System apparatus function is that authentication module offer authentication service is only closed for verifying to reel identity Method reel just can be carried out subsequent file filtering and division operation;
Redirectional system apparatus function establishes the redirection with local true NTFS partition path;And to the text of Filtration Goal Part operation is monitored, and creation, write-in, deletion operation influential on system file security are redirected to specified security bit It sets, to protect the safety of original system file, while recording operation;After detection, it can be analyzed, be sentenced according to record file Whether disconnected program performs the file behavior of malice;
Virtual Dropbox application subsystem device provides virtual net disc apparatus system drive management data and reel application program Operation to file on disk, first by virtual Dropbox application subsystem device by calling virtual Dropbox application programming interfaces letter It counts and generates, serviced accordingly by virtual Dropbox application programming interfaces subsystem by calling, in virtual net disc apparatus system drive Control equipment and volume equipment generate anonymous volume equipment and control equipment anonymous device object, issue that operation is corresponding to ask It asks, is then received by Redirectional system device, and request is established into specific file system according to the characteristics of current file system Data structure is indicated with input output request packet, then issues the file filter device of lower layer, is established, deposit, is read for reel Out, modification, dump file, control the access and revocation of file;True Storage device object is bound, Redirectional system dress is intercepted It sets and is sent to target, most of file I/O operation can be monitored, be then transmitted to virtual net disc apparatus device, asynchronous downloading again Device, virtual Dropbox application subsystem device, Verification System device, Redirectional system device;It is finally complete by the driving of the bottom At, and processing result is transmitted upwards in turn, it finally returns that and gives Redirectional system device, then give virtual Dropbox application subsystem Bulk cargo is set, and processing result is returned to the virtual Dropbox application subsystem device for issuing request operation, until virtual net disc apparatus Stack traversal terminates, and finishes to this request operation processing.
Specific embodiment
In order to which technical problems, technical solutions and advantages to be solved are more clearly understood, tie below Embodiment is closed, the present invention will be described in detail.It should be noted that specific embodiment described herein is only to explain The present invention is not intended to limit the present invention, and the product for being able to achieve said function belongs to equivalent replacement and improvement, is all contained in this hair Within bright protection scope.The specific method is as follows:
2. embodiment 1: will be lifted below to a kind of application scenarios of virtual net disk technology device based on filter Driver on FSD Under such as: comprising file filter device, virtual net disc apparatus device, asynchronous download apparatus, virtual Dropbox application subsystem device, Verification System device, Redirectional system device;
File filter device is provided to the file system interface of application layer for third party's module calling, is realized customized File system;File filter device includes sequence signature extraction module, recognition sequence module, sequence alignment module, sequence analysis Module, sequence checking module;Sequence signature extraction module extracts corresponding characteristic sequence feature for different file operations, Be sent to recognition sequence module and identify whether be required file can call operation, sequence alignment module grasps for required file Perform an analysis sequence signature, and sequence checking module is sent to text using filter Driver on FSD technical intercept to file needed for sequence analysis Part driving is tracked according to the file operation come identifying call application layer intercepted to what calling application layer operation generated And analysis, to realize the management and monitoring for calling filter operation to file;
Virtual net disc apparatus device is based on filter Driver on FSD technology, realizes the virtual Dropbox zone devices of Kernel Filtering, builds Vertical virtual net disc apparatus, foundation establish a kind of redirection relationship with local true NTFS partition path;Asynchronous download apparatus pair Virtual Dropbox uses asynchronous download mechanism, can Real time dynamic display cloud lists of documents, reel is downloaded on demand when double-clicking file, excellent First obtain urgent document;
Virtual net disc apparatus device is to use role-base access control technology in filter Driver on FSD technical foundation RBAC(Role Based Access Control);Access control based roles connect permission and role, in system It is middle to need to create corresponding role for different work position according to application, while suitable angle is assigned according to reel responsibility Color, reel obtain corresponding permission by assigned role;
Virtual Dropbox application subsystem apparatus function be exactly that whole system only has the interface for controlling foreground and reel carries out Interaction, is connected to the request of reel, the module for being transferred to kernel is handled, and the result of processing is presented in face of reel;
Verification System apparatus function is that authentication module offer authentication service is only closed for verifying to reel identity Method reel just can be carried out subsequent file filtering and division operation;
Redirectional system apparatus function is a kind of redirection relationship established with local true NTFS partition path;To target The file operation of program is monitored, and the operation influential on system file security such as creation, write-in, deletion is redirected to finger Fixed home to protect the safety of original system file, while recording operation;It, can be according to record file after detection It is analyzed, whether determining program performs the file behavior of malice;
Virtual net disk technology device process based on filter Driver on FSD is to provide virtual net disc apparatus system drive management Data on hard disc of computer, operation of the reel application program to file on disk are filled by virtual Dropbox application subsystem first It sets by calling virtual Dropbox application program interface function to generate, by virtual Dropbox application programming interfaces subsystem by calling phase The service answered, control equipment in virtual net disc apparatus system drive and volume equipment generates an anonymous volume equipment and control is set Standby anonymous device object, issues the corresponding request of the operation, is then received by Redirectional system device, and by the request according to working as The characteristics of preceding document system, establishes specific file system data structures input output request packet (I/0 Request Package it) indicates, then issues the file filter device of lower layer, establish, deposit, read, modification, dump file for reel, Control the access and revocation of file;True Storage device object is bound, Redirectional system device is intercepted and is sent to target, can supervise Most of file I/O operation is controlled, is then transmitted to virtual net disc apparatus device, asynchronous download apparatus, encrypting and decrypting system again Device, authority control system device, file watching system device, virtual Dropbox application subsystem device, Verification System device, again Orientation system device;Finally by the driving of the bottom complete should, and processing result is transmitted upwards in turn, is finally returned that resetting To system and device, virtual Dropbox application subsystem device is then given, processing result is returned to the void for issuing request operation Quasi- Dropbox application subsystem device finishes until virtual net disc apparatus stack traversal terminates to this request operation processing.
The foregoing is merely the preferred embodiments of the invention, the claims that are not intended to limit the invention. Simultaneously it is described above, for those skilled in the technology concerned it would be appreciated that and implement, therefore other be based on institute of the present invention The equivalent change that disclosure is completed, should be included in the covering scope of the claims.
Beneficial achievement are as follows: the present invention provides a kind of virtual net disk technology device based on filter Driver on FSD, reel are double Downloaded on demand when hitting file, preferentially obtain urgent document, at the same have file update high-efficient, hard drive space occupy less, network The low feature of bandwidth occupancy.

Claims (1)

1. a kind of virtual net disk technology device based on filter Driver on FSD, which is characterized in that comprising file filter device, virtually Dropbox apparatus, asynchronous download apparatus, virtual Dropbox application subsystem device, Verification System device, Redirectional system device;
File filter device is provided to the system interface of application layer file for third party's module calling, realizes customized file System;File filter device include sequence signature extraction module, recognition sequence module, sequence alignment module, sequence analysis module, Sequence checking module;Sequence signature extraction module extracts corresponding characteristic sequence feature for different file operations, sends To recognition sequence module identify whether be required file can call operation, sequence alignment module is for required file operation point Sequence signature is analysed, sequence checking module is sent to file using filter Driver on FSD technical intercept to file needed for sequence analysis and drives It is dynamic, according to the file operation come identifying call application layer intercepted, to being tracked of calling that application layer operation generates and divided Analysis, to realize the management and monitoring for calling filter operation to file;
Virtual net disc apparatus device is based on filter Driver on FSD technology, realizes the virtual Dropbox zone devices of Kernel Filtering, establishes empty Quasi- Dropbox equipment, foundation establish a kind of redirection relationship with local true NTFS partition path;
Asynchronous download apparatus uses asynchronous download mechanism to virtual Dropbox, can Real time dynamic display cloud lists of documents, reel is double It is downloaded on demand when hitting file, preferentially obtains urgent document;
Virtual net disc apparatus device is in filter Driver on FSD technical foundation, using based on Kernel Filtering access control technology; Access control based on Kernel Filtering connects permission and Kernel Filtering, needs to be different according to application in systems Demand and the corresponding Kernel Filtering of creating environments, while being needed to assign suitable Kernel Filtering according to reel, reel passes through meaning The Kernel Filtering of group obtains corresponding permission;
Virtual Dropbox application subsystem apparatus function is that the interface for only having control foreground in whole system is interacted with reel, is connect To the request of reel, it is transferred to virtual net disc apparatus device and is handled, the result of processing is presented in face of reel;
Verification System apparatus function is that authentication module provides authentication service, for verifying to reel identity, only legal volume Disk just can be carried out subsequent file filtering and division operation;
Redirectional system apparatus function establishes the redirection with local true NTFS partition path;And the file of Filtration Goal is grasped It is monitored, creation, write-in, deletion operation influential on system file security is redirected to specified home, To protect the safety of original system file, while recording operation;After detection, it can be analyzed, be judged according to record file Whether various programs perform the file behavior of malice;
Virtual Dropbox application subsystem device provides virtual net disc apparatus system drive management data and reel application program to void The operation of file and data in quasi- Dropbox equipment, first by virtual Dropbox application subsystem device by calling virtual Dropbox application Program interface functions generate, by virtual Dropbox application programming interfaces subsystem by calling corresponding service, virtual net disc apparatus Control equipment and virtual net disc apparatus system drive in system drive generate an anonymous reel equipment and reel control Equipment anonymous device object issues and operates corresponding request, then received by Redirectional system device, and will request according to virtual The characteristics of Dropbox system, establishes specific virtual net disc system data structure and is indicated with reel request packet, then issues relevant layers Reel filter device, for reel establish, deposit, read, modification, dump file, control the access and revocation of file;Binding is true Real Storage device object intercepts Redirectional system device and is sent to target, can monitor most of file I/O operation, so It is transmitted to virtual net disc apparatus device, asynchronous download apparatus, virtual Dropbox application subsystem device, Verification System device, again again afterwards Orientation system device;It is finally completed by the driving of the bottom, and processing result is transmitted upwards in turn, finally returned that redirection Then system and device gives virtual Dropbox application subsystem device, processing result is returned to the virtual net for issuing request operation Disk application subsystem device finishes until virtual net disc apparatus stack traversal terminates to this request operation processing.
CN201910607175.1A 2019-07-07 2019-07-07 Virtual network disk technical device based on file filtering drive Active CN110413567B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910607175.1A CN110413567B (en) 2019-07-07 2019-07-07 Virtual network disk technical device based on file filtering drive

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910607175.1A CN110413567B (en) 2019-07-07 2019-07-07 Virtual network disk technical device based on file filtering drive

Publications (2)

Publication Number Publication Date
CN110413567A true CN110413567A (en) 2019-11-05
CN110413567B CN110413567B (en) 2020-12-22

Family

ID=68360577

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910607175.1A Active CN110413567B (en) 2019-07-07 2019-07-07 Virtual network disk technical device based on file filtering drive

Country Status (1)

Country Link
CN (1) CN110413567B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101470583A (en) * 2007-12-29 2009-07-01 英业达股份有限公司 System structure for implementing virtual disk service equipment
CN101763225A (en) * 2010-01-22 2010-06-30 蓝盾信息安全技术股份有限公司 System and method for protecting virtual disk files
CN102708326A (en) * 2012-05-22 2012-10-03 南京赛孚科技有限公司 Protection method for confidential files
CN102722500A (en) * 2011-03-31 2012-10-10 中国电信股份有限公司 Virtual file system and implementation method thereof
CN102821094A (en) * 2012-07-09 2012-12-12 深圳市深信服电子科技有限公司 Method and system for secure data processing in virtual desktop
US8453145B1 (en) * 2010-05-06 2013-05-28 Quest Software, Inc. Systems and methods for instant provisioning of virtual machine files
CN110134339A (en) * 2019-05-22 2019-08-16 北京明朝万达科技股份有限公司 A kind of data guard method and system based on file virtual disk

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101470583A (en) * 2007-12-29 2009-07-01 英业达股份有限公司 System structure for implementing virtual disk service equipment
CN101763225A (en) * 2010-01-22 2010-06-30 蓝盾信息安全技术股份有限公司 System and method for protecting virtual disk files
US8453145B1 (en) * 2010-05-06 2013-05-28 Quest Software, Inc. Systems and methods for instant provisioning of virtual machine files
CN102722500A (en) * 2011-03-31 2012-10-10 中国电信股份有限公司 Virtual file system and implementation method thereof
CN102708326A (en) * 2012-05-22 2012-10-03 南京赛孚科技有限公司 Protection method for confidential files
CN102821094A (en) * 2012-07-09 2012-12-12 深圳市深信服电子科技有限公司 Method and system for secure data processing in virtual desktop
CN110134339A (en) * 2019-05-22 2019-08-16 北京明朝万达科技股份有限公司 A kind of data guard method and system based on file virtual disk

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
雨中风华: "文件过滤驱动实现目录重定向", 《CSDN网址:HTTPS://BLOG.CSDN.NET/FANXIUSHU/ARTICLE/DETAILS/43636575》 *

Also Published As

Publication number Publication date
CN110413567B (en) 2020-12-22

Similar Documents

Publication Publication Date Title
US10547595B2 (en) Restricting guest instances in a shared environment
CN109639652B (en) Method and system for accessing internetwork data based on security isolation
US11303719B2 (en) System, method and computer program product for capturing touch events for a virtual mobile device platform
CN103198255B (en) Method and system for monitoring and intercepting sensitive behaviour of Android software
US6449652B1 (en) Method and apparatus for providing secure access to a computer system resource
US8769271B1 (en) Identifying and enforcing strict file confidentiality in the presence of system and storage administrators in a NAS system
CN109117664B (en) Access control method and device for application program
US9619673B1 (en) System, method and computer program product for capturing touch events for a virtual mobile device platform
CN107463369A (en) The access device control method and device of a kind of virtual desktop
US11095652B2 (en) Implementing a separation of duties for container security
CN107026825A (en) A kind of method and system for accessing big data system
US11481508B2 (en) Data access monitoring and control
CN111352737A (en) Container cloud computing service platform based on resource pool
CN106612280B (en) A kind of method and system of terminal device virtual management
CN109219949A (en) For configuring the method and arrangement of security domain in network function virtualization infrastructure
US20200097872A1 (en) Systems and methods for automated role redesign
CN110807191B (en) Safe operation method and device of application program
CN107609408B (en) Method for controlling file operation behavior based on filter driver
CN104123371B (en) The method of the transparent filtering of Windows kernel files based on hierarchical file system
CN110413567A (en) A kind of virtual net disk technology device based on filter Driver on FSD
US20170277792A1 (en) Adaptive response generation on an endpoint
CN106130968A (en) A kind of identity identifying method and system
CN104866761B (en) A kind of high security Android intelligent terminal
CN106155563A (en) A kind of disk access control method and device
CN107295013B (en) VDI communication method, first server, second server and communication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant