CN112068890A - Method, system and storage medium for controlling computer external equipment - Google Patents
Method, system and storage medium for controlling computer external equipment Download PDFInfo
- Publication number
- CN112068890A CN112068890A CN202010810288.4A CN202010810288A CN112068890A CN 112068890 A CN112068890 A CN 112068890A CN 202010810288 A CN202010810288 A CN 202010810288A CN 112068890 A CN112068890 A CN 112068890A
- Authority
- CN
- China
- Prior art keywords
- peripheral
- equipment
- module
- control
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000002093 peripheral effect Effects 0.000 claims abstract description 190
- 238000011217 control strategy Methods 0.000 claims abstract description 20
- 230000006399 behavior Effects 0.000 claims abstract description 11
- 238000001914 filtration Methods 0.000 claims abstract description 8
- 230000000903 blocking effect Effects 0.000 claims abstract description 6
- 230000008569 process Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 238000012550 audit Methods 0.000 claims description 3
- 230000001960 triggered effect Effects 0.000 claims description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005764 inhibitory process Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the field of computer security, and discloses a method, a system and a storage medium for controlling computer external equipment, wherein a general peripheral drive control module is constructed by highly abstracting and extracting the commonality of various peripherals by utilizing the filtering drive principle of Windows operating system equipment; the method comprises the following steps that a peripheral strategy module is used for generating a control strategy for information to be controlled and sending the control strategy to a peripheral drive control module, and the peripheral drive control module is dynamically connected with a corresponding peripheral; when the peripheral is accessed to the operating system, generating a similar device object for the peripheral, hanging the similar device object into a device stack of the peripheral, and controlling the starting of the peripheral; when reading and writing data through the peripheral, controlling the reading and writing according to the control parameters; and releasing the access and data read-write of the exception equipment, blocking the access and data read-write behaviors of the equipment violating the control rule and recording an alarm log. The invention can forbid the appointed peripheral equipment, configure the exceptional peripheral equipment, control read-only, read-write and the like according to the needs of the user scene, and has high flexibility and good user experience.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a method and a system for controlling external equipment of a computer and a storage medium.
Background
The use of computer peripherals brings convenience and brings potential safety hazards of information leakage. In an intranet environment, part of workers illegally use peripheral equipment on an internal work computer or transmit intranet data outside through the peripheral equipment, so that internal information is intentionally/unintentionally leaked, and serious security hidden dangers exist. In order to reduce the risk of information leakage and prevent the behavior of illegally using the peripheral equipment, the peripheral equipment of the computer needs to be strictly controlled, only authorized equipment is allowed to be accessed, meanwhile, all the peripheral equipment is classified and classified to be filtered and controlled, the illegal behavior is blocked and alarmed, so that the peripheral equipment using behavior of workers is standardized, and the purpose of safety and confidentiality is achieved. At present, the peripheral control function on the market is mostly controlled by adopting an application layer hook mode, so that certain risks exist, and if an application program fails to start, the peripheral control fails; some vendors use drivers to control peripherals, but currently it is not possible to control all peripherals with the same driver.
Disclosure of Invention
In order to solve the above problems, the present invention provides a method, a system and a storage medium for controlling a computer external device, wherein a driver is used for performing classified and graded filtering control on all peripherals, and the specific technical scheme is as follows:
the invention relates to a control method of computer external equipment, which utilizes the filtering driving principle of Windows operating system equipment to highly abstract and extract the commonality of various peripherals and construct a universal peripheral driving control module; generating a control strategy by using a peripheral strategy module and sending the information to be controlled to the peripheral drive control module, wherein the information to be controlled comprises equipment types, control parameters and exceptional equipment IDs, and the peripheral drive control module dynamically hooks corresponding peripherals; when the peripheral is accessed to the operating system, generating a similar device object for the peripheral, hanging the similar device object into a device stack of the peripheral, and controlling the starting of the peripheral; when reading and writing data through the peripheral, controlling the reading and writing according to the control parameters; and releasing the access and data read-write of the exception equipment, blocking the access and data read-write behaviors of the equipment violating the control rule and recording an alarm log.
Furthermore, an upper-layer filter driver in a layered driver framework is used for filtering the I/O request packet, and a filter driver is used for generating multiple types of device instances by performing differential analysis, redundancy removal and refinement on I/O processing routines of various devices, wherein the device instances respectively process the I/O request packet of the devices, so that the start, stop, read and write control of the various devices and interfaces by the filter driver is realized.
Further, the peripheral policy module sets an interception rule to the peripheral drive control module; the access of the application program to the equipment is converted into I/O request packets through the I/O manager, the peripheral drive control module identifies and analyzes the I/O request packets, the I/O request packets conforming to the rules are released, the I/O request packets violating the rules are blocked, and an alarm log is recorded.
Further, when the peripheral is inserted into the computer provided with the drive control module, a PNP request is triggered, and whether the peripheral can be started or stopped and an alarm is given according to a control strategy; and triggering read-write permission control when the data is read and written after the authorized peripheral is accessed.
The invention relates to a computer peripheral equipment control system, comprising:
the peripheral policy module is used for managing information of various peripherals configured by a user and generating a control policy, wherein the information of various peripherals configured by the user comprises forbidden information, read-only information, read-write information and exception information;
the peripheral driving control module is used for monitoring the peripheral using behavior on the computer, and performing release or blocking and alarming according to the control strategy sent by the peripheral strategy module;
and the peripheral alarm module acquires alarm information from the peripheral drive control module and can check and audit all alarm information when receiving the event of acquiring the alarm information notified by the peripheral drive control module.
Further, the control strategy is sent to the peripheral drive control module through the peripheral strategy module, the peripheral drive control module constructs a controlled peripheral instance according to the control strategy, real-time control is carried out on the peripheral of the computer, the peripheral alarm module is informed of the alarm information blocked by the peripheral, and then the peripheral alarm module acquires and displays the alarm information.
Further, the peripheral drive control module is directly installed through an INF file or installed in a mode of adding services in a registry; the configuration service type of the peripheral drive control module is drive and is started by an operating system loading program.
Furthermore, the peripheral policy module and the peripheral alarm module are operated in the host program as plug-ins and are installed and operated along with the host program.
A storage medium of the present invention stores a computer program that, when executed by a processor, can implement the computer peripheral device control method.
The invention has the beneficial effects that:
1) the peripheral drive control module shields the difference of various peripherals and performs high abstraction, realizes the function of monitoring all peripherals by the same drive hanging and connection, and eliminates redundancy;
2) the peripheral drive control module is started by an operating system loading program, is earlier than the initialization process of the operating system, and can control equipment according to the control strategy of the latest cache until shutdown, so that the whole process is controlled;
3) the peripheral drive control module of the invention dynamically hooks peripheral types according to the control strategy, thereby avoiding hooking all equipment even if the control is not needed, and reducing the system overhead;
4) the invention can forbid the appointed peripheral equipment, configure the exceptional peripheral equipment, control read-only, read-write and the like according to the needs of the user scene, and has high flexibility and relatively good user experience.
Drawings
FIG. 1 is a principal technical schematic of the present invention;
FIG. 2 is an overall architecture diagram of the present invention;
FIG. 3 is a detailed control logic diagram of the present invention.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, specific embodiments of the present invention will now be described. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
Because the types of the external devices of the computer are more, the difference of various devices is larger, and the internal processing mechanism of the drive is complex, the control drive needs to be written for controlling each type of external device; in order to not influence the development of normal working business, equipment is required to be used in some working processes while peripheral equipment is controlled; in a user scenario, security control with finer granularity is often required, for example, a high security level environment can only read information from a peripheral in a low security level environment, but cannot write information, so as to avoid high-density low-transmission.
Windows supports a layered driver architecture that allows drivers to be attached to other drivers to form a driver stack. Each time a device access request is processed, the request is passed down the driver stack. In the Windows Driver Model (Windows Driver Model, WDM), each hardware device has at least two drivers: a function driver and a bus driver. A device may also have a filter driver to alter the behavior of a standard device driver. The drivers of these same devices form a linked list called the device stack.
The device object at the bottom of the stack is called physical device object pdo (physical device object) and represents the connection between the device and the bus. An object for implementing a specific function of a device in a device object stack is called a functional device object fdo (functional device object), and is a main driver of a physical device. There are also filter device objects above and below the FDO. Filter device objects located above the FDO are referred to as upper level filter drivers and filter device objects located below the FDO (but still above the PDO) are referred to as lower level filter drivers. A filter driver is a special type of intermediate driver. The filter driver can more easily bypass the limitations of the low-level driver, which are located above some other driver, intercepting requests to device objects of the low-level driver. Users of low-level drivers are completely unaware that their requests were pre-processed or intercepted by the filter driver.
Example 1
The embodiment provides a control method of computer external equipment, which utilizes the filtering driving principle of Windows operating system equipment to highly abstract and extract the commonality of various peripherals and construct a universal peripheral driving control module. And generating a control strategy by using the peripheral strategy module according to the information to be controlled, and sending the control strategy to the peripheral drive control module, wherein the information to be controlled comprises the equipment type, the control parameters and the exceptional equipment ID, and the peripheral drive control module dynamically hooks the corresponding peripheral. When the peripheral is accessed to the operating system, the same kind of equipment object is generated for the peripheral and is hung in an equipment stack of the peripheral to control the starting of the peripheral. When the data is read and written through the peripheral, the reading and writing of the data are controlled according to the control parameters, the access of the exceptional equipment and the data reading and writing are released, the equipment access and data reading and writing behaviors violating the control rules are blocked, and an alarm log is recorded.
The control method of the computer external equipment utilizes the upper-layer filter driver in the layered driver framework to filter the I/O request packet, and generates multiple types of equipment instances by one filter driver through performing differential analysis, redundancy removal and refinement on I/O processing routines of various equipment, wherein the I/O request packet of the equipment is processed by each equipment instance, so that the start, stop, read and write control of various equipment and interfaces by one filter driver is realized without mutual influence. Specifically, the supported device types include serial ports, parallel ports, 1394 interfaces, USB interfaces, floppy drives, optical drives, infrared, bluetooth, network cards, PCMCIA, printers, and the like.
As shown in fig. 1, the peripheral policy module sets an interception rule to the peripheral drive control module; the access of the application program to the equipment is converted into I/O request packets through the I/O manager, the peripheral drive control module identifies and analyzes the I/O request packets, the I/O request packets which accord with the rules are released, the I/O request packets which violate the rules are blocked, and an alarm log is recorded.
The embodiment further provides a computer peripheral control system, as shown in fig. 2, including:
the peripheral policy module is used for managing information of various peripherals configured by a user and generating a control policy, wherein the information of various peripherals configured by the user comprises forbidden information, read-only information, read-write information and exception information;
the peripheral driving control module is used for monitoring the peripheral using behavior on the computer, and performing release or blocking and alarming according to the control strategy sent by the peripheral strategy module;
and the peripheral alarm module acquires alarm information from the peripheral drive control module and can check and audit all alarm information when receiving the event of acquiring the alarm information notified by the peripheral drive control module.
The computer peripheral equipment control system sends the control strategy to the peripheral drive control module through the peripheral strategy module, the peripheral drive control module constructs a controlled peripheral example according to the control strategy, real-time control is carried out on the computer peripheral equipment, the peripheral alarm module is informed of the alarm information blocked by the peripheral equipment, and then the peripheral alarm module acquires and displays the alarm information.
The present embodiment also provides a storage medium storing a computer program, which when executed by a processor can implement the above-described computer peripheral device control method.
Example 2
This example is based on example 1:
the detailed control logic of the control method for the computer peripheral device is shown in fig. 3, and comprises the following processes:
firstly, a peripheral policy module encrypts policy information such as device types, control modes, exception devices and the like which are required to be controlled and configured by a management user and then transmits the encrypted policy information to a peripheral drive control module through a DeviceIoControl interface;
after receiving the control information from the peripheral strategy module, the peripheral drive control module decrypts and verifies the control information and stores the control information in the kernel memory;
the peripheral drive control module encrypts the control information passing the verification again and stores the encrypted control information into a registry so as to be used before the peripheral strategy module updates the strategy when the computer is started next time;
the peripheral drive control module sets the self drive as the filter drive according to the type of the equipment to be controlled configured in the control information, globally detects the equipment accessed to the system, dynamically hangs the equipment stack of the equipment if the accessed equipment is found to belong to the controlled equipment, and builds an IRP to stop the equipment if the equipment is required to be forbidden;
the peripheral drive control module waits for new access equipment according to the type of equipment to be controlled configured in the control information, and if the equipment belongs to controlled equipment, the similar equipment is created;
sixthly, the peripheral drive control module acquires the detailed information of the controlled equipment, stores the detailed information in the equipment information extension of the newly-built equipment, and hangs the created equipment in the fifth step into an equipment stack of the controlled equipment;
the peripheral driving control module judges whether the equipment can be started or not in the IRP _ MJ _ PNP according to the equipment information extension and control strategy, if the access is not allowed, the equipment is prohibited to be started, and if the access is allowed, the peripheral driving control module continues to transmit the IRP;
and the peripheral driving control module judges whether to permit or prevent the equipment from reading and writing the data in the IRP _ MJ _ READ and the IRP _ MJ _ WRITE according to the equipment information expansion and control strategy.
Ninthly, when the prevention action in the step (c) and the step (b) occurs, the peripheral drive control module records the detailed equipment information and the violated control rule into a warning information cache list and informs the peripheral warning module of acquiring the information;
and after receiving the alarm acquisition notice, the alarm module arranged at the outside at the front part acquires an alarm log from the external drive control module, and stores and provides an alarm information viewing and auditing interface.
Example 3
This example is based on example 1:
1) module mounting
The peripheral drive control module is a general drive which is highly abstract and is constructed by extracting the commonalities of various peripherals, and mainly completes the control function of the control method of the computer peripheral equipment. The peripheral drive control module can be directly installed through an INF file or can be installed in a mode of adding services in a registry, but the configuration service type is a drive, the starting mode is 0 (started by an operating system loader), and the group to which the drive belongs is 'PnP Filter';
the peripheral strategy module and the peripheral alarm module are used as plug-ins to operate in the host program and are installed and operated along with the host program.
2) Peripheral control
And configuring information such as prohibition, enablement (read-only, read-write), exceptional equipment ID and the like of the equipment on a strategy configuration interface of the peripheral strategy module according to the equipment type, and transmitting the information to the peripheral drive control module.
When the peripheral is inserted into a computer provided with a peripheral driving control module, triggering a PNP request, and determining whether the equipment can be started or stopped and giving an alarm according to a control strategy; triggering the read-write authority control of the equipment when the data is read and written after the authorized equipment is accessed;
peripheral control use cases, as follows:
a) peripheral inhibition
After logging in with the identity of a security administrator, configuring a policy configuration interface of an external policy module to prohibit using USB equipment, clicking a storage policy, transmitting the policy to the external drive control module, inserting a U disk or a mobile hard disk at the moment, and prompting a system to detect that the illegal access to the USB equipment is blocked! "the drive symbol of the U disk or the mobile hard disk cannot be seen on the operating system, the peripheral alarm module is checked, and the alarm log of the illegal access peripheral can be seen;
b) exceptions to peripherals
After logging in by the identity of a security administrator, configuring a policy configuration interface of an external policy module to prohibit USB equipment from being used, clicking an 'exception' button, inputting an equipment instance path in a popped interface (the equipment instance path viewing mode is that after a U disk or a mobile hard disk is inserted, clicking a computer-attribute-equipment manager-universal serial bus controller-USB mass storage equipment-attribute-detailed information-equipment instance path), clicking to confirm that the equipment instance path is returned to a policy main interface, clicking a storage policy, transmitting the policy to the external drive control module, and then inserting the U disk or the mobile hard disk used in the previous step again, wherein the U disk or the mobile hard disk can be displayed as a disk symbol on an operating system; the normal operation can be performed when the user browses the disk, copies files into and out of the disk or edits the files in the disk.
c) Peripheral read-only
After logging in by the identity of a security administrator, maintaining the control setting of the previous USB equipment on a policy configuration interface of an external policy module, configuring the control mode of the USB mass storage equipment as read-only, clicking a storage policy, transmitting the policy to an external drive control module, and inserting the USB flash disk or the mobile hard disk used in the previous step again, wherein the USB flash disk can be displayed as a disk identifier on an operating system; browsing into the disc can copy files from the disc or open files in the disc, but copying files to the disc or editing files on the disc and saving them later will prompt "permission is not sufficient, file saving fails! ". And viewing the peripheral alarm module to see alarm logs of illegal use of the U disk or the mobile hard disk.
3) Violation alarm
When the peripheral device is accessed illegally or data is transmitted illegally, the alarm information generated by the peripheral drive control module is acquired and stored by the peripheral alarm module and an alarm information viewing and auditing interface is provided.
The foregoing is illustrative of the preferred embodiments of this invention, and it is to be understood that the invention is not limited to the precise form disclosed herein and that various other combinations, modifications, and environments may be resorted to, falling within the scope of the concept as disclosed herein, either as described above or as apparent to those skilled in the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (9)
1. A computer peripheral equipment control method is characterized in that a general peripheral equipment drive control module is constructed by utilizing a Windows operating system equipment filter drive principle and highly abstracting the commonality of various peripheral equipment; generating a control strategy by using a peripheral strategy module and sending the information to be controlled to the peripheral drive control module, wherein the information to be controlled comprises equipment types, control parameters and exceptional equipment IDs, and the peripheral drive control module dynamically hooks corresponding peripherals; when the peripheral is accessed to the operating system, generating a similar device object for the peripheral, hanging the similar device object into a device stack of the peripheral, and controlling the starting of the peripheral; when reading and writing data through the peripheral, controlling the reading and writing according to the control parameters; and releasing the access and data read-write of the exception equipment, blocking the access and data read-write behaviors of the equipment violating the control rule and recording an alarm log.
2. The method as claimed in claim 1, wherein the filtering driver in the upper layer of the hierarchical driver architecture is used to filter the I/O request packet, and the I/O processing routines of various devices are analyzed differentially, and the redundancy is removed and refined, so as to generate multiple types of device instances with one filtering driver, and each device instance processes the I/O request packet of the device, thereby implementing the start, stop, read and write control of the filtering driver on various devices and interfaces.
3. The computer peripheral device control method according to claim 2, wherein the peripheral policy module sets an interception rule to the peripheral drive control module; the access of the application program to the equipment is converted into I/O request packets through the I/O manager, the peripheral drive control module identifies and analyzes the I/O request packets, the I/O request packets conforming to the rules are released, the I/O request packets violating the rules are blocked, and an alarm log is recorded.
4. The method as claimed in claim 2, wherein when the peripheral device is inserted into the computer with the driving control module installed, a PNP request is triggered, and at this time, whether the peripheral device can be started or blocked and an alarm is given according to the control strategy; and triggering read-write permission control when the data is read and written after the authorized peripheral is accessed.
5. A computer peripheral control system, comprising:
the peripheral policy module is used for managing information of various peripherals configured by a user and generating a control policy, wherein the information of various peripherals configured by the user comprises forbidden information, read-only information, read-write information and exception information;
the peripheral driving control module is used for monitoring the peripheral using behavior on the computer, and performing release or blocking and alarming according to the control strategy sent by the peripheral strategy module;
and the peripheral alarm module acquires alarm information from the peripheral drive control module and can check and audit all alarm information when receiving the event of acquiring the alarm information notified by the peripheral drive control module.
6. The computer peripheral device control system according to claim 5, wherein the peripheral device policy module sends the control policy to the peripheral device driver control module, the peripheral device driver control module constructs a controlled peripheral device instance according to the control policy, controls the computer peripheral device in real time, notifies the peripheral device alarm module of the alarm information blocked by the peripheral device, and obtains the display alarm information by the peripheral device alarm module.
7. The computer peripheral device control system according to claim 5, wherein the peripheral driver control module is installed directly through an INF file or installed by adding a service in a registry; the configuration service type of the peripheral drive control module is drive and is started by an operating system loading program.
8. The computer peripheral device control system according to claim 5, wherein the peripheral policy module and the peripheral alarm module are run in the host program as plug-ins, and are installed and run with the host program.
9. A storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the method for controlling a computer peripheral according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010810288.4A CN112068890A (en) | 2020-08-13 | 2020-08-13 | Method, system and storage medium for controlling computer external equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010810288.4A CN112068890A (en) | 2020-08-13 | 2020-08-13 | Method, system and storage medium for controlling computer external equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112068890A true CN112068890A (en) | 2020-12-11 |
Family
ID=73661535
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010810288.4A Pending CN112068890A (en) | 2020-08-13 | 2020-08-13 | Method, system and storage medium for controlling computer external equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112068890A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112818341A (en) * | 2021-01-26 | 2021-05-18 | 山东方寸微电子科技有限公司 | External device control method and device based on operating system filter layer drive |
| CN113297121A (en) * | 2021-06-16 | 2021-08-24 | 深信服科技股份有限公司 | Interface management method, device, equipment and readable storage medium |
| CN115189941A (en) * | 2022-07-07 | 2022-10-14 | 成都域卫科技有限公司 | Host and virtual machine isolation method and device and storage medium |
| CN116756786A (en) * | 2023-08-18 | 2023-09-15 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838137A (en) * | 2006-04-26 | 2006-09-27 | 南京大学 | Read-write access control method for plug-in memory device |
| CN1845071A (en) * | 2006-05-17 | 2006-10-11 | 北京飞天诚信科技有限公司 | Computer device driver updating method |
| CN102750164A (en) * | 2012-05-29 | 2012-10-24 | 湖北盛天网络技术股份有限公司 | Method for automatically configuring device driver |
| CN102760104A (en) * | 2012-06-25 | 2012-10-31 | 成都卫士通信息产业股份有限公司 | USB (Universal Serial Bus) equipment control method |
| CN103034799A (en) * | 2012-12-14 | 2013-04-10 | 南京中孚信息技术有限公司 | Kernel level desktop access control method |
| CN103778081A (en) * | 2014-02-11 | 2014-05-07 | 成都卫士通信息安全技术有限公司 | USB peripheral access control method |
| CN104063633A (en) * | 2014-04-29 | 2014-09-24 | 航天恒星科技有限公司 | Safe auditing system based on filter driver |
| CN106951789A (en) * | 2016-12-09 | 2017-07-14 | 中国电子科技集团公司第三十研究所 | A kind of USB Anti-ferry methods based on safety label |
-
2020
- 2020-08-13 CN CN202010810288.4A patent/CN112068890A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1838137A (en) * | 2006-04-26 | 2006-09-27 | 南京大学 | Read-write access control method for plug-in memory device |
| CN1845071A (en) * | 2006-05-17 | 2006-10-11 | 北京飞天诚信科技有限公司 | Computer device driver updating method |
| CN102750164A (en) * | 2012-05-29 | 2012-10-24 | 湖北盛天网络技术股份有限公司 | Method for automatically configuring device driver |
| CN102760104A (en) * | 2012-06-25 | 2012-10-31 | 成都卫士通信息产业股份有限公司 | USB (Universal Serial Bus) equipment control method |
| CN103034799A (en) * | 2012-12-14 | 2013-04-10 | 南京中孚信息技术有限公司 | Kernel level desktop access control method |
| CN103778081A (en) * | 2014-02-11 | 2014-05-07 | 成都卫士通信息安全技术有限公司 | USB peripheral access control method |
| CN104063633A (en) * | 2014-04-29 | 2014-09-24 | 航天恒星科技有限公司 | Safe auditing system based on filter driver |
| CN106951789A (en) * | 2016-12-09 | 2017-07-14 | 中国电子科技集团公司第三十研究所 | A kind of USB Anti-ferry methods based on safety label |
Non-Patent Citations (3)
| Title |
|---|
| 左朝树等: "信息系统的可信计算体系", 《信息安全与通信保密》 * |
| 肖准: "基于可信计算模块的外设控制系统研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 * |
| 高发桂: "一种基于Windows的通用外设管控系统", 《湖北民族学院学报(自然科学版)》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112818341A (en) * | 2021-01-26 | 2021-05-18 | 山东方寸微电子科技有限公司 | External device control method and device based on operating system filter layer drive |
| CN112818341B (en) * | 2021-01-26 | 2023-02-24 | 山东方寸微电子科技有限公司 | External device control method and device based on operating system filter layer drive |
| CN113297121A (en) * | 2021-06-16 | 2021-08-24 | 深信服科技股份有限公司 | Interface management method, device, equipment and readable storage medium |
| CN113297121B (en) * | 2021-06-16 | 2024-02-23 | 深信服科技股份有限公司 | Interface management method, device, equipment and readable storage medium |
| CN115189941A (en) * | 2022-07-07 | 2022-10-14 | 成都域卫科技有限公司 | Host and virtual machine isolation method and device and storage medium |
| CN115189941B (en) * | 2022-07-07 | 2024-06-25 | 成都域卫科技有限公司 | Method and device for isolating host from virtual machine and storage medium |
| CN116756786A (en) * | 2023-08-18 | 2023-09-15 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
| CN116756786B (en) * | 2023-08-18 | 2023-11-07 | 长扬科技(北京)股份有限公司 | Method and device for controlling use and safety of mobile storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112068890A (en) | Method, system and storage medium for controlling computer external equipment | |
| US7484245B1 (en) | System and method for providing data security | |
| US9881013B2 (en) | Method and system for providing restricted access to a storage medium | |
| CN106295355B (en) | A kind of active safety support method towards Linux server | |
| US8484327B2 (en) | Method and system for generic real time management of devices on computers connected to a network | |
| CA2520707C (en) | Security system and method for computer operating systems | |
| US20110239306A1 (en) | Data leak protection application | |
| CA2490695C (en) | Security system and method for computers | |
| US20070028292A1 (en) | Bus bridge security system and method for computers | |
| US20070266444A1 (en) | Method and System for Securing Data Stored in a Storage Device | |
| CN110622163B (en) | Auxiliary storage device with independent recovery area and equipment suitable for same | |
| CN109684866B (en) | Safe USB flash disk system supporting multi-user data protection | |
| US11113391B2 (en) | Method and computer system for preventing malicious software from attacking files of the computer system and corresponding non-transitory computer readable storage medium | |
| CN107729777A (en) | A kind of safety encryption solid-state storage method | |
| US8978151B1 (en) | Removable drive security monitoring method and system | |
| CN102194074A (en) | Computer protection method based on process right | |
| WO2023090297A1 (en) | Storage device and program | |
| JP5310075B2 (en) | Log collection system, information processing apparatus, log collection method, and program | |
| KR102338774B1 (en) | Data protection method to prevent data leakage and corruption by preventing file contents from being read and written at the kernel level of the storage operating system | |
| JP7527539B2 (en) | Electronic data management method, electronic data management device, program therefor, and recording medium | |
| CN117436079B (en) | Integrity protection method and system for Linux system | |
| CN112052477B (en) | Isolation method and system based on portable operating system disk | |
| McGovern | Guide to Securing Microsoft Windows 2000 File and Disk Resources Resources | |
| den Boef | Microcomputer Software can Threaten Mainframe Computer Security | |
| RCW06D-ASE | Security Target for RedCastle v2. 0 for Windows |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201211 |
|
| RJ01 | Rejection of invention patent application after publication |