CN112269547B - Active and controllable hard disk data deleting method and device without operating system - Google Patents
Active and controllable hard disk data deleting method and device without operating system Download PDFInfo
- Publication number
- CN112269547B CN112269547B CN202011169043.4A CN202011169043A CN112269547B CN 112269547 B CN112269547 B CN 112269547B CN 202011169043 A CN202011169043 A CN 202011169043A CN 112269547 B CN112269547 B CN 112269547B
- Authority
- CN
- China
- Prior art keywords
- security
- file
- chip
- operating system
- hard disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000037430 deletion Effects 0.000 claims abstract description 68
- 238000012217 deletion Methods 0.000 claims abstract description 61
- 238000004458 analytical method Methods 0.000 claims abstract description 42
- 230000007958 sleep Effects 0.000 claims abstract description 9
- 238000005192 partition Methods 0.000 claims description 65
- 238000012544 monitoring process Methods 0.000 claims description 57
- 230000006870 function Effects 0.000 claims description 53
- 238000004891 communication Methods 0.000 claims description 49
- 238000002513 implantation Methods 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 17
- 208000015181 infectious disease Diseases 0.000 claims description 14
- 230000003993 interaction Effects 0.000 claims description 12
- 230000001681 protective effect Effects 0.000 claims description 11
- 230000005059 dormancy Effects 0.000 claims description 10
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 238000007792 addition Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 101100226364 Arabidopsis thaliana EXT1 gene Proteins 0.000 description 5
- 230000006399 behavior Effects 0.000 description 3
- 230000006378 damage Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000018109 developmental process Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000001954 sterilising effect Effects 0.000 description 2
- 238000004659 sterilization and disinfection Methods 0.000 description 2
- 101100226366 Arabidopsis thaliana EXT3 gene Proteins 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- DMBHHRLKUKUOEG-UHFFFAOYSA-N diphenylamine Chemical compound C=1C=CC=CC=1NC1=CC=CC=C1 DMBHHRLKUKUOEG-UHFFFAOYSA-N 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000008570 general process Effects 0.000 description 1
- 230000006266 hibernation Effects 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 208000034420 multiple type III exostoses Diseases 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000010926 purge Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
- G06F21/87—Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0646—Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
- G06F3/0652—Erasing, e.g. deleting, data cleaning, moving of data to a wastebasket
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Human Computer Interaction (AREA)
- Software Systems (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an active and controllable hard disk data deleting method and device without operating system, which can detect whether a high-risk event sensitive to geographical position occurs or not by combining a security chip and a positioning chip under the condition of no operating system, and can locate the sector where the high-security level data is located by an independent hardware level file system analysis algorithm of the operating system when the high-risk event sensitive to geographical position occurs, directly encrypt and permanently delete the sector and directly delete the key under the condition of no operating system, and realize the high-security level data deletion under the multi-state of startup/sleep/shutdown by a mode of multiple random number rewriting the sector, thereby realizing the automatic data deletion under the conditions that a confidential computer is lost, personnel carried by the confidential computer are forced by force, personnel in a confidential unit leave the confidential computer and the like, and ensuring the security of the confidential data.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an active and controllable hard disk data deleting method and device without an operating system.
Background
The loss of high-security-level data can bring serious consequences, in order to ensure the security of the high-security-level data, a strict confidentiality system is set by the country, and if a confidential computer is required to be carried about after strict procedures are fulfilled, the confidential computer is required to be accessed in a confidential room and carried out. However, a strict privacy system cannot replace a privacy technology, and in a special case, data with high security level may still face a huge risk of disclosure, and some scenarios are as follows:
(1) the personnel in the unit intentionally or unintentionally bring the confidential computer out of the security room;
(2) the staff who carries the confidential computer out is forced by force;
(3) and a secret-related computer carried out is lost.
Therefore, on the basis of a strict confidentiality system, corresponding high-security level data protection technologies must be correspondingly developed, and common high-security level data protection methods include encryption, trusted computing, access control, data clearing and the like, and are characterized in that:
encryption achieves protection of high security level data by transforming the plaintext of the high security level data into ciphertext with different semantic security, but the security of the encryption method depends on the security of the key, and if the cipher key is an internal attacker who holds the key (case (1) above) or a worker is forced to give out the key (case (2) above), the security of the encrypted data is completely lost. For the case of duress surrender of the key (case (2) above), the academics developed a "reasonable denial" technique, namely: the true key is protected from leakage and personal safety by surrendering the false key, in case of the false key, the system can still work normally, only the data with low safety level is revealed to the attacker, and the data with high safety level is hidden. But reasonable rejection techniques have not gained popularity for reasons of efficiency and deployment.
Trusted computing focuses on the "trustworthiness" of the computing. According to the definition of Trusted Computing Group (TCG), "Trusted" refers to: "the behavior of an entity is toward an intended target in an intended manner". It emphasizes "behavior is as expected". The trusted computing technology can prevent the application/code from being maliciously tampered or running off expectations, so that malicious codes such as viruses, trojans and worms are prevented from stealing high-security-level data. However, for an attacker (scenarios (1) (2) (3) above) who can provide complete authentication credentials and have physical access to a trusted computing device, the trusted computing technology cannot protect it because the attacker can access the high-security-level data without changing the expected operating behavior of the system.
Access control techniques apply access control to high security level data. The models of access control are many, such as: mandatory access control, autonomous access control, role-based access control, attribute-based access control, usage control, and the like. Their basic idea is: the subject (under what conditions, policies, or permissions) can perform what operations on the object. Access may be performed as long as the constraints of the access control model are met. In other words, the access control itself cannot determine whether the current access is a normal access or a malicious access by an internal attacker (case (1) above), or an access after being coerced by a worker (case (2) above), or an unauthorized user access (case (3) above).
Data erasure (erasure) is a general term for a class of methods that permanently erase data from a storage medium. A representative guideline for data clearance is NIST800-88 of the national institute of standards and technology. The data erasure methods mentioned in NIST800-88 are: encryption erase (i.e., permanently discarding the encryption key after encrypting data), data overwrite (over write), media erasure, media physical destruction, etc. Data purging is a recommended operation of a medium storing high security level data before it is discarded.
In summary, in the special cases of the foregoing cases (1) (2) (3), the conventional techniques of encryption, trusted computing, access control, etc. cannot fully guarantee the security of the data with high security level. When high security level data is at great risk of imminent compromise, urgent data cleanup remains a necessary job for high security level data protection. However, how to implement automatic urgent data clearing still remains a problem to be solved.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide an active and controllable hard disk data deleting method and device without an operating system, and aims to solve the problem of how to automatically and emergently clear high-security-level data under various conditions such as startup/dormancy/shutdown and the like when the high-security-level data face a huge risk of secret divulgence.
In order to achieve the above purpose, the invention provides an active and controllable hard disk data deleting method without an operating system, wherein a safety chip, a positioning chip and a backup power supply are arranged on a computer host; the safety chip and the main CPU of the computer host are mutually independent, and the safety chip has a protective storage function so as to perform protective storage on important data; the positioning chip is used for positioning the geographical position of the computer host; the backup power supply is used for supplying power to the mainboard, the safety chip, the positioning chip and the hard disk after the mainboard of the computer host is powered off, and the method comprises the following steps:
the safety chip is combined with the positioning chip, whether a high-risk event sensitive to the geographical position occurs is detected regularly, and when the high-risk event sensitive to the geographical position occurs, high-safety-level data in the hard disk are deleted actively;
acquiring a background instruction sent by a monitoring background through the interaction capacity of the positioning chip and the monitoring background, and deleting high-security-level data with controllable strategy and granularity according to the background instruction;
the security chip is internally provided with a file system analysis algorithm independent of an operating system, and under the condition that no operating system and file system drive support exists, the file system analysis algorithm is used for positioning sector addresses corresponding to any directories and files in any partition on the hard disk from a hardware level so as to directly add, delete, modify or replace any file from the hardware level under the condition that the computer host is started up/dormant/shut down;
when a high security risk event occurs, directly positioning a sector where high security level data is located from a hardware level through the file system analysis algorithm under the condition of no support of an operating system, and realizing the deletion of the high security level data under multiple states of 'startup/sleep/shutdown' in a mode of encrypting the sector, permanently deleting a key and then repeatedly rewriting random numbers of the sector;
when a high security risk event occurs, directly reading and writing the sector corresponding to the kernel target file of the operating system from the hardware level by bypassing the support and protection of the operating system through the file system analysis algorithm so as to realize the addition, deletion, modification and replacement of the kernel file of the operating system, thereby implanting a monitoring code under the condition of 'startup/sleep/shutdown'.
Optionally, the detecting, by combining the security chip with the positioning chip, whether a high-risk event sensitive to a geographic location occurs is performed periodically, and when the high-risk event sensitive to the geographic location occurs is detected, actively deleting high-security-level data in the hard disk includes:
the safety chip periodically initiates a positioning request to the positioning chip and judges whether the computer host is separated from a safety access area or deviates from a preset path according to the geographical position returned by the positioning chip;
when the computer host is separated from a safe access area or deviates from a preset path, judging that a high-risk event sensitive to the geographical position occurs, and actively deleting high-level data in the hard disk when detecting that the high-risk event sensitive to the geographical position occurs.
Optionally, the secure chip includes: the system comprises a security coprocessor, a lost memory, a non-lost memory, a key engine, a cipher engine and a random number generator; the safety coprocessor is a coprocessor independent of the main CPU and used for processing safety-related calculation; the said lost memory and the said non-lost memory are packaged in the said safety chip, invisible to the main CPU; the key engine is used for generating an encryption key; the key engine is used for cryptographic calculation; the random number generator is used for generating a random number;
by utilizing the protective storage function of the security chip, the following modules are stored in the non-lost memory: the security system comprises a communication module, a security policy module, an operating system independent file system analysis module, a high security level file deletion module and a monitoring code implantation module, wherein the modules are called by the security coprocessor to run.
Optionally, the communication module is configured to implement a communication function of the secure chip, where the communication function includes: the communication function with the positioning chip, the communication function with the monitoring background, the communication function with the north bridge/south bridge of the mainboard and the communication function with the host kernel driver;
the security policy module is used for storing and configuring security policies, default security policies are preset in the security chip, the security policies issued by the monitoring background are acquired through the communication chip, the priority of the security policies issued by the background is higher than that of the default security policies, and the default security policies are automatically executed when the issued security policies cannot be acquired from the monitoring background;
the independent file system analysis module of the operating system independently analyzes to obtain a global sector linear address corresponding to any file/directory in any partition of the hard disk through a file system analysis algorithm under the condition of not needing the operating system;
the high-security-level file deleting module is used for encrypting a file to be deleted, permanently discarding an encryption key to delete the file in a cryptographic sense, and then performing random number rewriting on a sector where the file to be deleted is located for multiple times to further improve the deleting security, and is also used for deleting granularity control;
the monitoring code implantation module is used for invoking the file deletion module to delete the high-risk file when an emergency occurs, and then implanting a kernel monitoring code from a hardware level in a concealed manner so as to collect system state and user information;
wherein the monitoring code implantation module comprises: the system comprises an operating system characteristic collection module, a kernel infection and implantation module and a monitoring function realization module;
the operating system characteristic collection module is used for reading the hard disk main guide sector information by using the operating system independent file system analysis module, and obtaining the initial sector address of each partition and the operating system type of the partition according to the hard disk main guide sector information;
the operating system feature collection module is also used for directly reading a hard disk to obtain an operating system kernel file by utilizing the operating system independent file system analysis module in a starting-up/dormancy/shutdown state, and obtaining operating system features according to the operating system kernel file;
the kernel infection and implantation module is used for determining information required by kernel infection and implantation according to the characteristics of the operating system, and performing data addition, deletion, modification and replacement in a power-on/dormancy/power-off state according to the information required by the kernel infection and implantation by using the independent file system analysis module of the operating system so as to realize kernel infection and monitoring function implantation;
and the monitoring function realization module is used for collecting system state information and user information and sending the system state information and the user information to a monitoring background.
Optionally, the file system parsing module independent of the operating system independently parses, through a file system parsing algorithm, a global sector linear address corresponding to any file/directory in any partition of the hard disk without the operating system, and includes:
acquiring the main boot sector information of the hard disk, and calculating the initial sector address of a target partition according to the boot sector information of the hard disk;
acquiring metadata, and analyzing the hard disk layout of a target file system to acquire hard disk layout information;
analyzing in a recursive mode to obtain the storage address in the file system of the target file according to the metadata and the hard disk layout information;
and equivalently converting the storage address in the file system of the target file into a global sector linear address.
Optionally, the analyzing the in-file system storage address of the target file in a recursive manner according to the metadata and the hard disk layout information includes:
determining a directory data structure of a root directory of a target file system according to the hard disk layout information;
reading the structural body of the root directory from the fixed position of the disk partition where the target file is located, and obtaining the structural body of the subdirectory from the structural body of the root directory;
analyzing the structure of the sub-directory to obtain a sub-directory structure inside the sub-directory;
recursion is carried out on the process until a structural body of a directory where the target file is located is obtained;
analyzing the structural body of the directory where the target file is located to obtain the structural body of the target file;
and obtaining the storage address of the target file in the file system in the target file system from the structural body of the target file.
Optionally, after equivalently converting the in-file system storage address of the target file into the global sector linear address, the method further includes:
and directly reading and writing the file from the hard disk under the condition of no operating system according to the global sector linear address of the target file, and adding, deleting, modifying and replacing the target file according to the security policy in the security policy module.
Optionally, the high security level file deleting module is configured to encrypt a file to be deleted, permanently discard an encryption key to implement deletion in a cryptographic sense, and perform multiple random number rewrites on a sector where the file to be deleted is located to further improve the security of deletion, and includes:
when the security chip is directly solidified on the mainboard, reading the security policy from the security policy module through the security chip, and obtaining the absolute path file name of the file to be deleted;
calling an independent file system analysis module of an operating system, calculating to obtain a global sector linear address of the file to be deleted according to the absolute path file name, encrypting the file to be deleted based on the global sector linear address, and permanently discarding an encryption key to delete the file in a cryptographic sense;
and repeating random number multiple times on the sector where the file to be deleted is located so as to further improve the safety of deleting the high-safety-level file.
Optionally, the high security level file deleting module is configured to encrypt a file to be deleted, permanently discard an encryption key to implement deletion in a cryptographic sense, and perform multiple random number rewrites on a sector where the file to be deleted is located to further improve the security of deletion, and includes:
when the safety chip is connected to the mainboard in the form of a PCI-E board card, if the safety chip of the PCI-E board card is in a shutdown state, the mainboard and the main CPU are started, the main CPU end drive is loaded from UEFI, and bridging of the main CPU end drive and the safety chip end drive is completed;
after the bridging is finished, analyzing by a file system analysis module in a security chip to obtain a global sector linear address where the file to be deleted is located, and transmitting the global sector linear address to a main CPU through driving;
the main CPU reads plaintext data from the hard disk according to the global sector linear address and transmits the plaintext data back to the security chip through driving;
a key engine in the safety chip generates an encryption key, the safety chip encrypts received plaintext data by using the generated encryption key to obtain a ciphertext, the ciphertext is transmitted to a main CPU through driving, the main CPU writes the ciphertext back to a corresponding sector, and the safety chip permanently discards the encryption key to delete the encryption key in a cryptology sense;
the security chip utilizes the random number generator to generate a plurality of random data, the random data are transmitted to the main CPU through driving, and the main CPU writes the random data back to the corresponding sector for a plurality of times so as to further enhance the security of deleting the high-security-level file.
In addition, in order to achieve the above object, the present invention further provides an active and controllable hard disk data deleting device without an operating system, the device comprising: a memory, a processor and a data deletion program stored on the memory and executable on the processor, the data deletion program configured to implement the steps of the method as described above.
Compared with the prior art, the invention has the following advantages:
(1) the operating system is independent.
The operating system has two main advantages:
(a) firstly, a disk sector number of any file can be directly positioned without depending on an operating system and a file system driver, so that the hard disk can be directly accessed to delete high-security-level data in various states of startup/dormancy/shutdown and the like;
(b) secondly, the whole high-security-level data deleting process does not call any operating system service, and the deleting work of the high-security-level data can be finished without an operating system (such as a shutdown state), so that an attacker can be prevented from exerting control from an operating system kernel to cause deleting failure.
(2) And (4) controllable.
The method has three advantages:
(a) first, a high security level data deletion policy may be controlled. Background monitoring personnel can control the deletion strategy of the high-security-level data by sending an interactive instruction. In addition, in an emergency or when the background instruction cannot be received, the preset deletion strategy can be directly executed.
(b) Second, the high security level data deletion granularity may be controlled. The invention adopts the scheme of NIST800-88 specification of the national institute of standards and technology, and realizes the deletion in the cryptology sense by a method of encrypting the high-security-level data to be deleted and then permanently discarding the key. The invention can specify the granularity of high-security-level data deletion, namely: a partition and a secret key; a file and a secret key; a sector-key; one byte and one key to cope with different security deletion strength requirements.
(c) Third, a remote monitoring code may be implanted. The invention can automatically analyze the file system without driving an operating system and the file system, and realizes the one-to-one mapping of any directory/file and hard disk sector. Therefore, the invention can realize the addition, deletion, modification and replacement of files including the kernel drive of the operating system and the like by directly accessing the hard disk sector, thereby directly implanting kernel-level remote monitoring codes in various states of startup/dormancy/shutdown and the like, and realizing the information collection and monitoring of the state of the high-security-level data host and the operator in emergency.
Drawings
FIG. 1 is a schematic structural diagram of an active and controllable hard disk data deleting device without an operating system in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of an active and controllable method for deleting data from a hard disk without an operating system according to the present invention
FIG. 3 is a diagram of a hardware architecture for security enhancement in one embodiment;
FIG. 4 is a diagram of an example of an internal implementation of a security chip in one embodiment;
FIG. 5 is a diagram of a security chip software module and architecture in one embodiment;
FIG. 6 is a diagram illustrating a functional configuration of a monitor code placement module according to an embodiment.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an active and controllable hard disk data deleting device in a hardware operating environment according to an embodiment of the present invention, which does not need an operating system.
As shown in fig. 1, the active and controllable hard disk data deleting device without an operating system may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005, and sensors 1006. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may comprise a Display screen (Display), an input unit such as keys, and the optional user interface 1003 may also comprise a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface. The Memory 1005 may be a Random Access Memory (RAM) Memory or a non-volatile Memory (e.g., a magnetic disk Memory). The memory 1005 may alternatively be a storage device separate from the processor 1001. The sensor 1006 is used to detect whether the active and controllable hard disk data deleting device without the operating system is in a forced on state. The processor 1001 is configured to run the data deleting program when the active and controllable hard disk data deleting apparatus that does not require an operating system is in the forced on state.
Those skilled in the art will appreciate that the device architecture shown in fig. 1 does not constitute a limitation of an active, controllable hard disk data deletion apparatus that does not require an operating system, and may include more or fewer components than those shown, or some components in combination, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a storage medium, may include therein an operating system, a network communication module, a user interface module, and a data deletion program.
In the active and controllable hard disk data deleting device without an operating system shown in fig. 1, the network interface 1004 is mainly used for performing secure communication with the monitoring background through a domestic positioning communication chip such as beidou; the user interface 1003 is mainly used for connecting to a user equipment and performing data communication with the user equipment; the device calls a data deleting program stored in the memory 1005 through the processor 1001 and executes the active and controllable hard disk data deleting method without an operating system provided by the embodiment of the invention.
Based on the hardware structure, the embodiment of the method for deleting the active and controllable hard disk data without an operating system is provided.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of an active and controllable hard disk data deletion method without an operating system according to the present invention.
In the first embodiment, a security chip, a positioning chip and a backup power supply are arranged on a computer host; the safety chip and the main CPU of the computer host are mutually independent, and the safety chip has a protective storage function so as to perform protective storage on important data. Meanwhile, the safety chip detects the safety of the backup power supply and the case, and when the backup power supply is low in electric quantity and a preset threshold value and is not charged in time or the safety case is illegally opened, the safety chip automatically executes high-sensitivity data deletion work according to a preset safety strategy; the positioning chip is used for positioning the geographical position of the computer host; the backup power supply is used for supplying power to the mainboard, the safety chip, the positioning chip and the hard disk after the mainboard of the computer host is powered off, and the method comprises the following steps:
and step S10, the security chip is combined with the positioning chip to periodically detect whether a high-risk event sensitive to the geographical position occurs, and actively delete the high-security-level data in the hard disk when the high-risk event sensitive to the geographical position occurs.
It should be noted that the execution subject in this embodiment may be an active and controllable hard disk data deleting device that does not need an operating system, and may also be other devices that can achieve the same or similar functions.
It should be understood that, the security chip in this embodiment is provided independently from the main CPU of the computer host, and by introducing the security chip from the hardware architecture, a secure computing environment independent from the main CPU (i.e., the host CPU where the high-security-level data is located) is constructed, and the protective storage of important data is implemented, so as to implement a secure computing and secure storage environment independent from the main CPU.
Further, the combination of the security chip and the positioning chip periodically detects whether a high-risk event sensitive to the geographic location occurs, and actively deletes the high-security-level data in the hard disk when the high-risk event sensitive to the geographic location occurs, including:
the safety chip periodically initiates a positioning request to the positioning chip and judges whether the computer host is separated from a safety access area or deviates from a preset path according to the geographical position returned by the positioning chip;
when the computer host is separated from a safe access area or deviates from a preset path, judging that a high-risk event sensitive to the geographical position occurs, and actively deleting high-level data in the hard disk when detecting that the high-risk event sensitive to the geographical position occurs.
Through the combination of the security chip and the positioning chip, whether a high-risk event sensitive to the geographic position occurs is periodically detected, such as: whether the high security data host is out of the security access area (corresponding to the aforementioned case (1) when the host can only access in a specific area such as a privacy room), or whether it deviates from a preset path (corresponding to the aforementioned case (2) (3) when the host can carry out outgoing while normally handling privacy procedures), and the like. And actively deleting the high-risk security level data once the occurrence of the high-risk event sensitive to the geographic position is detected so as to actively delete the high-risk security level data sensitive to the geographic position.
The safety chip is also responsible for regularly detecting the electric quantity of the backup power supply and the safety of the safety case. When the backup power supply is low in electric quantity and a preset threshold value and is not charged in time, or the safety case is illegally opened, the safety chip can automatically trigger highly sensitive data deletion work according to a preset safety strategy.
And step S20, acquiring a background instruction sent by the monitoring background through the interaction capacity of the positioning chip and the monitoring background, and deleting high-security-level data with controllable strategy and granularity according to the background instruction.
It should be understood that the interaction capability of the positioning chip and the background can be utilized to implement policy-controllable and granularity-controllable security level data deletion according to the background instruction, so as to implement background interaction-controllable high security level data deletion.
Step S30, an operating system independent file system parsing algorithm is built in the security chip, and by the file system parsing algorithm, under the condition that there is no operating system and file system driver support, any directory and sector address corresponding to a file in any partition on the hard disk are located, so as to directly add, delete, modify or replace any file from the hardware level under the condition that the computer host is powered on/dormant/powered off.
It should be understood that the security chip has an operating system independent file system parsing algorithm built therein, and can locate a sector Address (LBA, logical Block Address) corresponding to any directory and file in any partition on the target hard disk without the support of an operating system and a file system driver, so that any file can be directly added, deleted, modified, and replaced from a hardware level under the conditions of power on/sleep/power off, so as to implement operating system independent file system parsing.
And step S40, positioning the sector where the high-security-level data is located through the file system analysis algorithm, and realizing the deletion of the high-security-level data under the multi-state of startup/dormancy/shutdown by directly encrypting the sector and permanently deleting the key.
It should be understood that the aforementioned operating system independent file system parsing algorithm may be utilized to locate the sector where the high security level data is located, and the emergency deletion of the high security level data in the power-on/hibernation/power-off multi-state is implemented by directly encrypting the corresponding sector and permanently deleting the key, and then rewriting the random number of times to the sector.
And step S50, directly reading and writing the sector corresponding to the kernel target file of the operating system by bypassing the support and protection of the operating system through the file system analysis algorithm so as to realize the addition, deletion, modification and replacement of the kernel file of the operating system, and directly implanting a monitoring code from a hardware level.
It should be understood that, based on the understanding of the kernel and the boot process of the operating system, the aforementioned independent file system parsing algorithm of the operating system is utilized, the support and protection of the operating system are bypassed, the sector corresponding to the kernel target file of the operating system is directly read and written, the addition, deletion, modification and replacement of the kernel file of the operating system are realized, and the kernel monitoring code is directly implanted from the hardware level, so as to realize the implantation of the kernel monitoring code.
Further, the secure chip includes: the system comprises a security coprocessor, a lost memory, a non-lost memory, a key engine, a cipher engine and a random number generator; the safety coprocessor is a coprocessor independent of the main CPU and used for processing safety-related calculation; the said lost memory and the said non-lost memory are packaged in the said safety chip, invisible to the main CPU; the key engine is used for generating an encryption key; the key engine is used for cryptographic calculation; the random number generator is used for generating a random number;
by utilizing the protective storage function of the security chip, the following modules are stored in the non-loss memory: the security system comprises a communication module, a security policy module, an operating system independent file system analysis module, a high security level file deletion module and a monitoring code implantation module, wherein the modules are called by the security coprocessor to run.
In order to implement the functions of the present invention, security enhancement needs to be performed on the host storing data with high security level, and fig. 3 shows a hardware architecture of security enhancement. Fig. 3 is added with a security chip, a positioning chip and a backup power supply on the basis of a general computer architecture, and the functions of the three parts are as follows:
(1) and a security chip.
The safety chip is used as a co-processing device and executes a safety function independent of the main CPU. In the invention, the main functions of the security chip are as follows: firstly, the method is matched with a positioning chip to judge whether a high-security-level data host computer has a high-risk event sensitive to the geographic position. Specifically, the security chip periodically initiates a positioning request to the positioning chip, and determines whether the current high security data host is out of the security access area (corresponding to the above-mentioned case (1) when access is only possible in a specific area such as a privacy room) or deviates from a preset path (corresponding to the above-mentioned cases (2) (3) when a normal privacy handling procedure can be carried out. Secondly, the positioning chip is used for interacting instructions and information with the background. The Beidou chip is recommended to be used as a positioning chip. By utilizing the short message two-way communication function of the Beidou, the safety chip responds to the instruction of the background monitoring personnel and simultaneously performs information interaction with the background. And thirdly, analyzing the file system independent of the operating system. The analysis algorithm of the built-in file system of the security chip can directly position the linear sector Address (LBA, logical Block Address) of any directory and file in the target partition on the hard disk under the condition of no operating system, thereby directly deleting the high security level data at the hardware level under the conditions of startup/sleep/shutdown and the like, and implanting the kernel level remote monitoring code into the target hard disk. Fourth, the confidential data (including but not limited to the root keys, security policies, background interactive instruction sets, etc. needed to implement the functionality of the present invention) is stored in a protected and secure manner.
From the implementation point of view, the security chip is a system on a chip soc (system on a chip) and has independent CPU, memory, storage and operating system. Fig. 4 shows an example of an implementation of the security chip. Note that fig. 4 is merely an example, and on the basis of fig. 4, a designer may change the scheme of fig. 4 as needed.
In fig. 4:
(a) the security coprocessor is a coprocessor independent of the main CPU. Security coprocessors are notorious for being dedicated to handling security-related computations (especially computations that are inconvenient to run on the main CPU for various reasons). The safety coprocessor and the main CPU are mutually independent and can run simultaneously and concurrently.
(b) The lost memory can be regarded as the memory of the security chip. The lost memory has two safety features, one is invisible to the main CPU; secondly, the chip is packaged in the chip to protect the chip. The security features enable the lost memory to be protected from various attacks (such as "cold boot" attacks) against the memory, so that the lost memory can be used for computing confidential information safely.
(c) The non-volatile memory may be considered "external memory" of the security chip. The non-lost memory has two security features similar to those of the lost memory: invisible to the main CPU and tightly protected inside the chip package. The security features described above make the non-volatile memory suitable for the protected storage of confidential data.
(d) The key engine is used to generate keys. The key engine can be further subdivided into a symmetric key engine, an asymmetric key engine, etc. according to the different cryptographic algorithms used. This is collectively represented in fig. 4 by a key engine, which in practical designs can be further divided as desired by researchers.
(e) The cryptographic engine is used for cryptographic calculations. The cipher engine can be further subdivided into a symmetric cipher engine, an asymmetric cipher engine, etc. according to the different adopted encryption algorithms. Collectively, in fig. 4, a cryptographic engine is shown. In practical designs, researchers can further divide them as needed.
(f) A random number generator. The random number generator is used for generating random numbers.
(2) And positioning the chip.
The positioning chip is used for positioning the geographical position of the host storing the high-security-level data. The Beidou chip is recommended to be selected. The reason for selecting the Beidou chip is as follows: firstly, domestic safety is controllable, and secondly, the big dipper has a unique short message two-way communication function, can be used to carry out instruction and information interaction with the background control.
(3) And a backup power supply.
The backup power supply is used for supplying power to the mainboard, the safety chip, the positioning chip and the hard disk after the mainboard is powered off, and continuous positioning of the high-safety-level data host and data deletion in emergency are achieved.
When the mainboard is externally connected with the power supply, the external power supply charges the backup power supply, and the external power supply supplies power to the mainboard, the safety chip, the positioning chip and the like.
It should be noted that, the connection manner of the security enhanced hardware module in this embodiment includes:
(1) and a security chip.
The security chip can be solidified on the mainboard, and can also be used as a peripheral (such as a PCI-E board card and the like) to be connected with the mainboard.
The safety chip solidified on the mainboard can be directly connected with the north bridge/south bridge of the mainboard and the bus, so as to realize the control and interaction of the CPU and the hard disk where the memory/high-safety-level data are positioned. Therefore, it is recommended to access the peripheral directly by the secure chip in a solid manner, where possible.
(2) The chip is positioned.
The positioning chip is directly connected with the safety chip, receives the command control of the safety chip and carries out data interaction with the safety chip.
Further, the communication module is configured to implement a communication function of the secure chip, where the communication function includes: the communication function with the positioning chip, the communication function with the monitoring background, the communication function with the north bridge/south bridge of the mainboard and the communication function with the host kernel driver;
the security policy module is used for storing and configuring security policies, a default security policy is preset in the security chip, the security policy issued by the monitoring background is acquired through the communication chip, the priority of the security policy issued by the background is higher than that of the default security policy, and the default security policy is automatically executed when the issued security policy cannot be acquired from the monitoring background;
the independent file system analysis module of the operating system independently analyzes to obtain a global sector linear address corresponding to any file/directory in any partition of the hard disk through a file system analysis algorithm under the condition of not needing the operating system;
the high-security-level file deleting module is used for encrypting a file to be deleted, permanently discarding an encryption key to delete the file in a cryptographic sense, and then performing random number rewriting on a sector where the file to be deleted is located for multiple times to further improve the deleting security, and is also used for deleting granularity control;
the monitoring code implantation module is used for embedding a kernel monitoring code from a hardware level in a concealed manner to collect system state and user information after the file deletion module is called to delete a high-risk file when an emergency occurs, wherein the monitoring code implantation module comprises: the system comprises an operating system characteristic collection module, a kernel infection and implantation module and a monitoring function realization module.
It should be noted that, as shown in fig. 5, fig. 5 shows a software module diagram as cooperating with the hardware security enhancement. In fig. 5, there are 5 basic security enhancement modules, which are: the system comprises a communication module, a security policy module, an operating system independent file system analysis module, a high security level file (data) deletion module and a monitoring code implantation module. All the module codes are safely stored in the non-lost memory by utilizing the protective memory function of the safety chip, and are called to run by the safety chip coprocessor.
The implementation of each block in fig. 5 is described in detail below.
(1) And a communication module.
The communication module realizes the necessary communication functions of the security chip, and specifically comprises:
(a) and a communication function with the positioning chip.
The functions are as follows: the safety chip sends a positioning request to the positioning chip periodically and receives the geographical position information returned by the positioning chip.
The function is related to the positioning chip and can be developed according to a development manual of the positioning chip.
(b) And a communication function with background monitoring.
The function means that: the safety chip utilizes the bidirectional message communication function of the positioning chip (the Beidou chip is recommended to be used in the invention) to realize instruction receiving and information interaction with the monitoring background.
The function is related to the positioning chip and can be developed according to a development manual of the positioning chip.
(c) Communication function with the north/south bridge of the motherboard.
When the security chip is embedded in the mainboard in a curing mode, the security chip is directly connected with the north bridge/south bridge of the mainboard through hardware wiring so as to realize the control and interaction of the main CPU, the memory and the hard disk.
This function is associated with the north/south bridge chip and the motherboard. And correspondingly developing the kernel communication driver of the safety chip by referring to a north bridge/south bridge chip manual and a mainboard design manual.
(d) And a communication function driven by the host kernel.
When the security chip is connected to the motherboard in a peripheral mode (such as a PCI-E board), the security chip cannot directly communicate with the north bridge/south bridge. At this time, in order to realize control and interaction of the main CPU, the memory, and the hard disk, bridging by a driver is required. Namely: writing a driver 1 in a kernel of a host where high-security-level data is located; and programming a driver 2 in the security chip, and realizing the control and interaction of the security chip on the main CPU, the memory and the hard disk through the bridging of the driver 1 and the driver 2.
The function is related to the operating system of the host where the high-security level data is located, the north bridge/south bridge chip and the security chip operating system. It is sufficient to refer to an operating system driver development manual and a north bridge/south bridge chip manual to develop driver 1 and driver 2.
(2) And a security policy module.
The security policy module is used for storing and configuring security policies. A default security policy is preset in the security chip; the communication module can also be used for acquiring the security policy issued by the background, and the priority of the security policy issued by the background is higher. When the issued security policy cannot be obtained from the background for various reasons (e.g., the signal is intentionally masked), the default security policy is automatically executed.
(3) And the file system analysis module is independent of the operating system.
And the independent file system analysis module of the operating system independently analyzes to obtain the global sector linear address corresponding to any file/directory in any partition of the hard disk under the condition of not needing the operating system.
(4) And (4) a high-security-level file (data) deleting module.
The method of 'deleting CE (Cryptographic Erase) based on cryptography' combined with 'sector multiple-time copying' is adopted for deleting the high-security level files (data). The CE is to encrypt a file (data) to be deleted, and then permanently discard an encryption key, thereby realizing deletion in a cryptographic sense; the sector multi-overwrite is to overwrite a storage sector corresponding to a high security level file a plurality of times with a random number. In the national institute of standards and technology (stn) directive specification NIST800-88 for clearing (sterilization) devices that store sensitive information, CE and multiple overwrites are used as the recommended data clearing (sterilization) method.
(5) A code instrumentation module is monitored.
The monitoring code implantation module is used for further concealing and implanting the kernel level monitoring code to collect necessary system state and user information after a high risk file (data) is deleted by a calling file (data) deletion module in the event of an emergency (namely, the high security level data is exposed to a high risk of disclosure, including but not limited to the above-mentioned conditions that a computer storing the high security level data is taken out of a security area without authorization, the computer is taken out with authorization but deviates from a preset route, and the like).
Further, the file system analysis module independent of the operating system obtains the global sector linear address corresponding to any file/directory in any partition of the hard disk through independent analysis by a file system analysis algorithm without the operating system, and the method includes:
acquiring the main boot sector information of the hard disk, and calculating the initial sector address of a target partition according to the boot sector information of the hard disk;
acquiring metadata, and analyzing the hard disk layout of a target file system to acquire hard disk layout information;
analyzing in a recursive mode to obtain the storage address in the file system of the target file according to the metadata and the hard disk layout information;
and equivalently converting the storage address in the file system of the target file into a global sector linear address.
Further, the analyzing the in-file system storage address of the target file in a recursive manner according to the metadata and the hard disk layout information includes:
determining a directory data structure of a root directory of a target file system according to the hard disk layout information;
reading the structural body of the root directory from the fixed position of the disk partition where the target file is located, and obtaining the structural body of the subdirectory from the structural body of the root directory;
analyzing the structure of the sub-directory to obtain a sub-directory structure inside the sub-directory;
recursion is carried out on the process until a structural body of a directory where the target file is located is obtained;
analyzing the structural body of the directory where the target file is located to obtain the structural body of the target file;
and obtaining the storage address of the target file in the file system in the target file system from the structural body of the target file.
It should be noted that, in this embodiment, an implementation scheme of file system parsing independent of an operating system in a general case (that is, applicable to different file systems) is provided. The above steps are explained in detail as follows:
(a) reading a master Boot sector MBR (Master Boot record) of the target hard disk, and analyzing to obtain an initial sector address of the target partition.
Table 1 gives the format of the MBR. Table 1 it can be seen that any MBR contains four partition tables (note that if there are more than five partitions, then the fourth partition will be formatted as an extended partition, and the remaining partitions are logical partitions partitioned from the extended partition.
Table 1 master boot sector MBR format
For any partition table in table 1, the 16-byte meaning is shown in table 2.
Table 2 partition table format
Starting from table 2, the starting sector address of the target partition (i.e., the partition where the target file is located) can be calculated. Note that this sector address is the logical Block address lba (logic Block address) used by modern large hard disks. The logical block address refers to: all sectors of the hard disk are numbered in a linear increment of 1 from 0. Since the LBA is global, the LBA may also be referred to as global Sector Linear Address GSLA (Global Sector Linear Address).
The method for calculating the partition starting sector address from the partition table comprises the following steps: first, the cylinder number C, head number H and sector number S of the partition start sector are obtained from bytes 0x01-0x03 of the partition table. Then, GSLA is calculated using the following equation (1):
GSLA=(C*HPC+H)*SPT+(S-1) (1)
wherein the CHS may be derived from bytes 0x01-0x03 of the partition table (Table 2); HPC and SPT are the number of heads and sectors, respectively (HPC and SPT are explicitly labeled on hard disks, and can generally default to 16 and 63 for modern large disks). The GSLA calculated from the CHS information of the partition table by using formula (1) is the starting sector address of the target partition, and is denoted as partition _ GSLA.
Note that: in any file system, the address obtained by the file system is an offset address from the partition in which the file system is located (i.e., an offset address from the partition _ gsla). Therefore, the partition _ gsla is regarded as the base address, the address of any directory/file obtained by the file system analysis is regarded as the offset address file _ offset, and the result of the addition of the partition _ gsla + file _ offset is the global sector linear address of any directory/file on the hard disk. Once the global sector linear address is obtained, the directory/file can be read directly from the hard disk without the need for an operating system.
This section shows a method for calculating the arbitrary partition starting sector address partition _ gsla from the master boot sector MBR, and in the following steps (b) to (d), how to calculate the offset address file _ offset of the arbitrary directory/file in the file system will be described.
(b) File system metadata is obtained.
Any file system must have a data structure for interpreting file system data, called "meta-data". Without the metadata, the file system driver cannot interpret the data stored on the hard disk and thus cannot initialize properly, so that the metadata must be stored in a fixed location. This fixed position is usually indicated by an offset meta _ offset from the partition's first address. The meta _ offset of different file system metadata may not be the same, but must be a fixed value for the same file system. What is the specific meta _ offset value can be obtained through a file system manual, a related research document, a file system driver source code, or reverse engineering, etc. After the meta _ offset is obtained, the meta _ offset is added to the start address partition _ gsla of the partition where the file system is located, i.e., partition _ gsla + meta _ offset, and the obtained result is the start address of the metadata. Note that this metadata start address is a global sector linear address so we can read metadata directly from the hard disk without the need for an operating system.
(c) The hard disk layout of the target file system, in particular the (sub) directories and the data structures of the files stored on the hard disk, are analyzed.
Any file system must store directory and file information on the hard disk according to a specific format (i.e. data structure), which is called the hard disk layout of the file system. Analyzing the hard disk layout of a target file system is a technical basis for directly accessing any directory/file without the support of an operating system. For any file system, the hard disk layout of the target can be clarified through a file system manual, related research documents, file system drivers, reverse engineering, or the like, and in particular, the following two points need to be focused:
1) a directory data structure of the target file system.
The directory organization structure in any file system may be represented in the form of an inverted tree with one tree root above. The tree root has only one, the "root directory" in the file system. Starting from the root directory, all (sub) directories in the file system can be obtained through traversal by adopting a breadth-first mode.
It is known from an operating system perspective that a directory may contain files and subdirectories. Correspondingly, from the viewpoint of the file system driver, the directory data structure records all the "file data structure (corresponding to the files one by one) + subdirectory data structure (corresponding to the subdirectories one by one)" under the directory. Since all (sub) directories in the file system can be traversed starting from the root directory, the file data structure corresponding to any file in the file system can be obtained by parsing the directory data structure of these (sub) directories.
2) A file data structure of the target file system.
Any file system must store files on the hard disk according to a specific data structure, which is called file data structure file _ data _ struct. All information related to the file is recorded in the file data structure file _ data _ struct, such as: memory address, file size, access time, etc. Note that the storage address recorded in the file data structure is essentially an offset file _ offset from the first address of the partition in which the file system is located. And adding the file _ offset and the partition starting address partition _ gsla, wherein the obtained partition _ gasl + file _ offset _ addr is the global sector linear address of the file storage. Since the global sector linear address of any file is available, we can directly add, delete, modify and replace any file in the partition without the operating system.
(d) For any given file, the storage address of the file is obtained in a recursive manner starting from the root directory, according to the metadata and the hard disk layout of the target file system.
After the metadata and the hard disk layout of the file system are obtained, the storage address of any file in the file system can be obtained under the condition of no support of an operating system. The general process is as follows:
1) first, a directory data structure of a root directory is obtained. Since the root directory is the entry (starting point of traversal) for all directories in the file system, the root directory must be stored in a fixed location. For example: in Linux, the root directory inode number of EXTX (EXT3 and EXT4) is fixed to "2", in other words, the inode structure No. 2 is the root directory structure, and the inode numbers of all (sub) directories except the root directory are dynamically allocated when stored.
2) And reading the structure of the root directory from the fixed position of the disk partition where the target file is located, and obtaining the structures of all the sub-directories therein. The structure of the subdirectory is analyzed, and the subdirectory structure inside the subdirectory can be further obtained. This process recurses until the structure of the directory in which the target file is located is finally obtained.
3) And analyzing the structural body of the directory where the target file is located to obtain the structural body of the target file. The storage address of the target file in the file system can be obtained from the structure of the target file.
Without loss of generality, the method for obtaining the file storage address based on the above general procedure is described below by taking a "/home/sample/security/password" file in the EXT4 file system as an example.
1) First, in EXT4, the inode of the root directory "/" is fixed to 2. The inode structure number 2, this is the root directory structure, is read.
2) And analyzing the root directory structure, and obtaining the structures of all files and subdirectories under the root directory (each subdirectory and each file under the root directory have one-to-one corresponding structure). In other words, starting from the "/" structure, we can certainly find the structure of the subdirectory "/home". Similarly, from the "/home" structure we must have access to the structure of the "/home/sample" internal subdirectory. This process is recursive until the structure of the "/home/sample/security" directory is finally obtained.
3) Similarly, starting from the "/home/sample/security" directory structure, we can get the structure of all the sub-directories and files inside it. Therefore, by analyzing the structure of the "/home/sample/security" directory, we can obtain the structure of the "/home/sample/security/password" file therein. Note that this structure is a file structure, and in EXT4, the i _ block [15] element inside the file structure stores the storage addresses of the file blocks in order.
It should be noted that the address obtained by the file system data structure parsing is os (or file system) dependent, and this address must be converted into a global sector linear address to be able to read directly from the hard disk without the os.
(e) And equivalently converting the storage address in the file system of the target file into a global sector linear address.
To improve access efficiency, all file systems will make up multiple sectors into the smallest read/write unit, such as a block in the EXT4 file system, a cluster in the FAT file system, etc. These minimum read-write units are also the minimum unit of file storage.
And (d) analyzing the file system to obtain the file block storage address, wherein the file block storage address is essentially the number of the minimum read-write units away from the first address of the partition where the file system is located. And because the sector number contained in a minimum read-write unit can be obtained from the metadata, the storage address of the file block can be equivalently converted into the sector number away from the first address of the partition where the file system is located. Without loss of generality, it is not assumed that the sector number of a certain file block from the partition first address is file _ block _ secs _ offset, and the sector number is added to the partition first address partition _ gsla, and the obtained result "partition _ gsla + file _ block _ secs _ offset" is the global sector linear address of the file block.
(f) And processing the target file according to the security policy.
According to the method in the step (d) and the step (e), the global sector linear address of any specified file is obtained, so that the file can be directly read and written from the hard disk without an operating system, and the target file is added, deleted, modified and replaced according to the security policy in the security policy module.
Further, after equivalently converting the in-file system storage address of the target file into the global sector linear address, the method further includes:
and directly reading and writing the file from the hard disk under the condition of no operating system according to the global sector linear address of the target file, and adding, deleting, modifying and replacing the target file according to the security policy in the security policy module.
Further, the high security level file deleting module is configured to encrypt a file to be deleted, then discard the encryption key permanently to implement deletion in a cryptographic sense, and then perform multiple random number rewrites on a sector where the file to be deleted is located to further improve the security of deletion, including:
when the security chip is directly solidified on the mainboard, reading the security policy from the security policy module through the security chip, and obtaining the absolute path file name of the file to be deleted;
calling an independent file system analysis module of an operating system, calculating to obtain a global sector linear address of the file to be deleted according to the absolute path file name, encrypting the file to be deleted based on the global sector linear address, and permanently discarding an encryption key to delete the file in a cryptology sense;
and repeating random number multiple times on the sector where the file to be deleted is located so as to further improve the safety of deleting the high-safety-level file.
Further, the high security level file deletion module is configured to encrypt a file to be deleted, and then permanently discard an encryption key to implement deletion in a cryptographic sense, including:
when the safety chip is connected to the mainboard in the form of a PCI-E board card, if the safety chip of the PCI-E board card is in a shutdown state, the mainboard and the main CPU are started, the main CPU end drive is loaded from UEFI, and bridging of the main CPU end drive and the safety chip end drive is completed;
after the bridging is finished, analyzing by a file system analysis module in a security chip to obtain a global sector linear address where the file to be deleted is located, and transmitting the global sector linear address to a main CPU through driving;
the main CPU reads plaintext data from the hard disk according to the global sector linear address and transmits the plaintext data back to the security chip through driving;
a key engine in the safety chip generates an encryption key, the safety chip encrypts received plaintext data by using the generated encryption key to obtain a ciphertext, the ciphertext is transmitted to a main CPU through driving, the main CPU writes the ciphertext back to a corresponding sector, and the safety chip permanently discards the encryption key to delete the encryption key in a cryptology sense;
the security chip utilizes the random number generator to generate a plurality of random data, the random data are transmitted to the main CPU through driving, and the main CPU writes the random data back to the corresponding sector for a plurality of times so as to further enhance the security of deleting the high-security-level file.
It should be noted that the specific implementation key points of data deletion are as follows:
(a) the deleting method comprises the following steps: cryptographic based deletion of CE.
The implementation of the CE is different according to the different connection modes of the security chip and the motherboard.
1) If the security chip is directly solidified on the mainboard, the security chip is directly connected with the south bridge and the bus of the mainboard through hardware wiring, and the hard disk can be directly controlled and interacted. The security chip firstly reads the security policy from the security policy module and obtains the absolute path file name of the file to be deleted; then, calling an independent file system analysis module of an operating system, and calculating to obtain a global sector linear address of a file to be deleted; and finally, performing CE deletion on all the global sector linear addresses.
The specific deletion process is as follows: firstly, a key engine in a security chip generates a key; then, the security chip directly reads data from the hard disk according to the global sector linear address and loads the data to a lost memory of the security chip; then, the security chip encrypts the read data by using the generated key and writes the encrypted ciphertext back to the original sector; and finally, the security chip permanently destroys the encryption key. The generation of the encryption key, the encryption of the plaintext and the destruction of the key in the deleting process are all carried out in the security chip and are strictly protected by the security chip.
Finally, because the security chip can directly control and interact with the hard disk (through the south bridge chip and the bus), in this situation, the deletion of the high security level file (data) is completely performed by the security chip, and the whole deletion process can be completed under the conditions of startup/dormancy/shutdown, regardless of the main CPU, the memory and the like.
2) If the security chip is connected to the motherboard in the form of a PCI-E board card, the security chip cannot directly control the hard disk through the south bridge chip, and the deletion work needs to be completed by the main CPU.
Because the security chip needs to use the main CPU, if the security chip is in the power-off state, the main board and the main CPU need to be started by the security chip of the PCI-E board card (the new main board supports PCI-E start at present). However, the boot does not need to load an operating system (otherwise, the effect of abnormal deletion of silence may be lost), and only the driver 1 at the main CPU end needs to be loaded from the unified Extensible Firmware interface uefi (unified Extensible Firmware interface) or the BIOS, so as to complete the bridge connection between the driver 1 and the driver 2 inside the security chip.
The specific deletion process is as follows: firstly, if the PCI-E board is in a shutdown state, a security chip of the PCI-E board starts a main board and a main CPU, a drive 1 is loaded from UEFI or BIOS, and bridging of a main CPU end drive 1 and a security chip end drive 2 is completed. If the system is in the starting/sleeping state, the bridging of the main CPU end driver 1 and the safety chip end driver 2 is directly completed. After the drive bridging is completed, the security chip utilizes a file system analysis module to analyze to obtain a global sector linear address where a high-security-level file (data) is located, and transmits the address to the main CPU through the drive. And then, the main CPU directly reads the plaintext data from the hard disk according to the global sector linear address, and transmits the plaintext data back to the security chip through driving. And then, a key engine in the security chip generates a key, the security chip encrypts the received plaintext data by using the generated key, and then the ciphertext is transmitted to the main CPU by driving, and the main CPU writes back the ciphertext to the corresponding sector. And finally, the security chip permanently destroys the encryption key.
Similar to the situation that the security chip is fixed on the main board, the generation of the encryption key, the encryption of the plaintext and the destruction of the encryption key are all carried out in the security chip by adopting the PCI-E board card in the deleting process, and are strictly protected by the security chip. The only difference is that the reading of the hard disk is finished by the main CPU because the security chip in the PCI-E board card form can not directly control the south bridge.
(b) Granularity of deletion
The granularity of the deletion is specified in the security policy module. Deletion may be at the system level, i.e., the entire file system uses the same encryption key; it can be file level, that is, different files use different encryption keys; may be sector level, i.e., one sector one encryption key; it may also be byte level, i.e. one byte per key. The finer the granularity, the higher the deletion security, but the longer the deletion time at the same time.
According to the difference of the deletion granularity, the key engine and the password engine need to be correspondingly pre-designed to support the above granularity.
Further, as shown in fig. 6, the implementation of the monitoring code implantation module is composed of the following parts:
(a) an operating system feature collection module.
Kernel-level monitor code implementations rely on operating system kernel features, including: operating system type, version number, patched, etc. Therefore, the above-mentioned features of the operating system need to be collected first.
The MBR is directly read by an operating system independent file system analysis module, and the starting sector address of each partition and the operating system type of the partition are analyzed (see byte 0x04 in Table 2). And because the offset of the OSloader of the kernel of the operating system from the address of the initial sector of the partition is fixed or the file name is fixed, the kernel of the operating system can be obtained by directly reading a hard disk under various conditions of startup/dormancy/shutdown and the like by utilizing the independent file system analysis module of the operating system, and the kernel of the operating system is obtained by analyzing the kernel (locally analyzing or uploading the kernel to a background by utilizing a communication module) the kernel of the operating system.
(b) Kernel infection and implant modules.
According to the obtained operating system characteristics, determining information required by kernel infection and implantation (after being uploaded to a background analysis by a local analysis or a communication module), such as: the operating system starts a flow, OSLoader key files, and the kernel can utilize bugs and the like. And then, by utilizing an independent file system analysis module of the operating system, under the conditions of startup/dormancy/shutdown and the like, adding, deleting, modifying and replacing key codes/files/data such as MBR, key boot sectors, OSLoaders, configuration files, security policy files and the like, and finally realizing kernel infection and monitoring function implantation.
(c) And a monitoring function implementation module.
The monitoring function implementation module is used for implementing the monitoring function implanted in the step (b), and mainly comprises: collecting host state and operator information, and establishing a path with a background interactive link, such as: concealing and opening a microphone from an inner core, monitoring keyboard input, establishing a back door, establishing a rebound port for monitoring, self-hiding and the like. And sending the collected host state information and the collected operator information to a background through the communication module by utilizing the positioning chip or the established backdoor and the monitoring port (if the establishment is successful).
In addition, an embodiment of the present invention further provides an active and controllable hard disk data deleting device without an operating system, where the device includes: a memory, a processor and a data deletion program stored on the memory and executable on the processor, the data deletion program configured to implement the steps of the method as described above.
Since the present apparatus employs all technical solutions of all the above embodiments, at least all the beneficial effects brought by the technical solutions of the above embodiments are achieved, and are not described in detail herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly, the security and efficiency are higher by hardware, but the cost and technical difficulty are higher. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) readable by an estimator as described above, and includes instructions for enabling an intelligent device (e.g. a mobile phone, an estimator, an active and controllable hard disk data deleting device without an operating system, an air conditioner, or an active and controllable hard disk data deleting device without an operating system for a network) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A method for deleting active and controllable hard disk data without an operating system is characterized in that a safety chip, a positioning chip and a backup power supply are arranged on a computer host; the safety chip and the main CPU of the computer host are mutually independent, and the safety chip has a protective storage function so as to perform protective storage on important data; the positioning chip is used for positioning the geographical position of the computer host; the backup power supply is used for supplying power to the mainboard, the safety chip, the positioning chip and the hard disk after the mainboard of the computer host is powered off;
an operating system independent file system analysis algorithm is arranged in the security chip; the security chip includes: the system comprises a security coprocessor, a lost memory, a non-lost memory, a key engine, a cipher engine and a random number generator; by utilizing the protective storage function of the security chip, the following modules are stored in the non-loss memory: the security system comprises a communication module, a security policy module, an operating system independent file system analysis module, a high security level file deletion module and a monitoring code implantation module, wherein the modules are called and run by the security coprocessor;
the monitoring code implantation module comprises: the system comprises an operating system characteristic collection module, a kernel infection and implantation module and a monitoring function realization module;
the method comprises the following steps:
the safety chip is combined with the positioning chip, whether a high-risk event sensitive to the geographical position occurs is detected regularly, and when the high-risk event sensitive to the geographical position occurs, it is judged that high-safety-level data in the hard disk needs to be deleted actively;
acquiring a background instruction sent by a monitoring background through the interaction capacity of the positioning chip and the monitoring background, and deleting high-security-level data with controllable strategy and granularity according to a security strategy contained in the background instruction; if the issued security policy cannot be acquired from the monitoring background, automatically executing a default security policy to delete the high-security-level data;
in the process of deleting data, acquiring the main boot sector information of a hard disk by the file system analysis algorithm built in the security chip under the condition of no support of an operating system and a file system driver, and calculating the initial sector address of a target partition according to the hard disk boot sector information; acquiring metadata, and analyzing the hard disk layout of a target file system to acquire hard disk layout information; analyzing in a recursive mode to obtain the storage address in the file system of the target file according to the metadata and the hard disk layout information; equivalently converting the storage address in the file system of the target file into a global sector linear address so as to directly position the sector where the high-security-level data is located from a hardware level;
combining the global sector linear address and the security strategy through a high security level file deleting module, directly reading and writing files from a hard disk under the condition of no operating system, encrypting the files to be deleted, permanently discarding an encryption key to delete the files in a cryptology sense, and then repeatedly rewriting random numbers for the sectors to delete high security level data under multiple states of 'power on/sleep/power off';
after a high-security risk event occurs and the high-security level file deleting module is called to delete a file, reading the main boot sector information of the hard disk by the operating system feature collecting module by using the file system analyzing module, and obtaining the initial sector address of each partition and the operating system type of the partition according to the main boot sector information of the hard disk; directly reading a hard disk to obtain an operating system kernel file by using the file system analysis module in a startup/dormancy/shutdown state, and obtaining operating system characteristics according to the operating system kernel file;
and determining information required by kernel infection and implantation according to the characteristics of the operating system through the kernel infection and implantation module, and adding, deleting, modifying and replacing data in a power-on/sleep/power-off state according to the information required by the kernel infection and implantation by using the file system analysis module so as to realize the addition, deletion, modification and replacement of kernel files of the operating system, thereby implanting monitoring codes under the condition of power-on/sleep/power-off.
2. The method of claim 1, wherein the detecting of the occurrence of the high-risk event sensitive to the geographic location periodically by the security chip in combination with the positioning chip, and actively deleting the high-security-level data in the hard disk when the occurrence of the high-risk event sensitive to the geographic location is detected comprises:
the safety chip periodically initiates a positioning request to the positioning chip and judges whether the computer host is separated from a safety access area or deviates from a preset path according to the geographical position returned by the positioning chip;
when the host computer is out of a safe access area or deviates from a preset path, judging that a high-risk event sensitive to the geographical position occurs, and actively deleting high-level data in the hard disk when detecting that the high-risk event sensitive to the geographical position occurs.
3. The method of claim 1, wherein the security co-processor is a separate co-processor from the main CPU for processing security-related computations; the said lost memory and the said non-lost memory are packaged in the said safety chip, invisible to the main CPU; the key engine is used for generating an encryption key; the key engine is used for cryptographic calculation; the random number generator is used for generating random numbers.
4. The method of claim 1, wherein the communication module is to implement a communication function of the secure chip, the communication function comprising: the communication function with the positioning chip, the communication function with the monitoring background, the communication function with the north bridge/south bridge of the mainboard and the communication function with the host kernel driver;
after the data is added, deleted, modified and replaced in the 'power-on/sleep/power-off' state according to the information required by the kernel infection and implantation, the method further comprises the following steps:
and the monitoring function realization module collects system state information and user information and sends the system state information and the user information to a monitoring background.
5. The method of claim 1, wherein resolving the in-file system storage address of the target file in a recursive manner based on the metadata and the hard disk layout information comprises:
determining a directory data structure of a root directory of a target file system according to the hard disk layout information;
reading the structural body of the root directory from the fixed position of the disk partition where the target file is located, and obtaining the structural body of the subdirectory from the structural body of the root directory;
analyzing the structure of the sub-directory to obtain a sub-directory structure inside the sub-directory;
recursion is carried out on the process until a structural body of a directory where the target file is located is obtained;
analyzing a structural body of a directory where the target file is located to obtain the structural body of the target file;
and obtaining the storage address of the target file in the file system in the target file system from the structural body of the target file.
6. The method of claim 1, wherein said writing and reading files directly from a hard disk without an operating system by a high security level file deletion module in combination with said global sector linear address and security policy, encrypting the file to be deleted, then permanently discarding the encryption key to achieve cryptographically-meaningful deletion, and then rewriting said sector with random numbers multiple times comprises:
when the security chip is directly solidified on the mainboard, reading the security policy from the security policy module through the security chip, and obtaining the absolute path file name of the file to be deleted;
calling an independent file system analysis module of an operating system, calculating to obtain a global sector linear address of the file to be deleted according to the absolute path file name, encrypting the file to be deleted based on the global sector linear address, and permanently discarding an encryption key to delete the file in a cryptology sense;
and repeating random number multiple times on the sector where the file to be deleted is located so as to further improve the safety of deleting the high-safety-level file.
7. The method of claim 1, wherein said writing and reading files directly from a hard disk without an operating system by a high security level file deletion module in combination with said global sector linear address and security policy, encrypting the file to be deleted, then permanently discarding the encryption key to achieve cryptographically-meaningful deletion, and then rewriting said sector with random numbers multiple times comprises:
when the safety chip is connected to the mainboard in the form of a PCI-E board card, if the safety chip of the PCI-E board card is in a shutdown state, the mainboard and the main CPU are started, the main CPU end drive is loaded from UEFI, and bridging of the main CPU end drive and the safety chip end drive is completed;
after the bridging is finished, analyzing by a file system analysis module in a security chip to obtain a global sector linear address where the file to be deleted is located, and transmitting the global sector linear address to a main CPU through driving;
the main CPU reads plaintext data from the hard disk according to the global sector linear address and transmits the plaintext data back to the security chip through driving;
a key engine in the safety chip generates an encryption key, the safety chip encrypts received plaintext data by using the generated encryption key to obtain a ciphertext, the ciphertext is transmitted to a main CPU through driving, the main CPU writes the ciphertext back to a corresponding sector, and the safety chip permanently discards the encryption key to delete the encryption key in a cryptology sense;
the security chip utilizes the random number generator to generate a plurality of random data, the random data are transmitted to the main CPU through driving, and the main CPU writes the random data back to the corresponding sector for a plurality of times so as to further improve the security of deleting the high-security-level file.
8. An active, controllable hard disk data deletion apparatus that does not require an operating system, the apparatus comprising: a memory, a processor, and a data deletion program stored on the memory and executable on the processor, the data deletion program configured to implement the steps of the method of any of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011169043.4A CN112269547B (en) | 2020-10-26 | 2020-10-26 | Active and controllable hard disk data deleting method and device without operating system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011169043.4A CN112269547B (en) | 2020-10-26 | 2020-10-26 | Active and controllable hard disk data deleting method and device without operating system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112269547A CN112269547A (en) | 2021-01-26 |
CN112269547B true CN112269547B (en) | 2022-07-01 |
Family
ID=74344267
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011169043.4A Active CN112269547B (en) | 2020-10-26 | 2020-10-26 | Active and controllable hard disk data deleting method and device without operating system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112269547B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113076564B (en) * | 2021-04-13 | 2022-10-14 | 山东北斗云信息技术有限公司 | Hard disk protection method, device and equipment based on Beidou positioning and storage medium |
CN113221197A (en) * | 2021-05-08 | 2021-08-06 | 北京汇钧科技有限公司 | Automatic erasing method and device of disk data, storage medium and electronic equipment |
WO2022248515A1 (en) * | 2021-05-24 | 2022-12-01 | Softiron Limited | Detection and remediation of unauthorized relocation of storage media |
CN113468010B (en) * | 2021-09-02 | 2021-11-16 | 湖北芯擎科技有限公司 | File processing method and device, electronic equipment and computer readable storage medium |
CN115268793A (en) * | 2022-08-03 | 2022-11-01 | 中国电子科技集团公司信息科学研究院 | Data safety deleting method based on data encryption and overwriting |
CN116795741B (en) * | 2023-08-28 | 2023-11-10 | 凡澈科技(武汉)有限公司 | Method and system for preventing memory data from being deleted and tampered |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1359071A (en) * | 2001-11-29 | 2002-07-17 | 上海格尔软件股份有限公司 | Method for completely deleting files on hard disk |
CN101158921A (en) * | 2007-10-31 | 2008-04-09 | 苏州工业园区新大诚科技发展有限公司 | Data management method in intelligent measuring systems |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100739722B1 (en) * | 2005-08-20 | 2007-07-13 | 삼성전자주식회사 | A method for managing a flash memory and a flash memory system |
KR101442539B1 (en) * | 2013-12-31 | 2014-09-26 | 권용구 | Storage system having security storage device and managing method thereof |
-
2020
- 2020-10-26 CN CN202011169043.4A patent/CN112269547B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1359071A (en) * | 2001-11-29 | 2002-07-17 | 上海格尔软件股份有限公司 | Method for completely deleting files on hard disk |
CN101158921A (en) * | 2007-10-31 | 2008-04-09 | 苏州工业园区新大诚科技发展有限公司 | Data management method in intelligent measuring systems |
Non-Patent Citations (2)
Title |
---|
基于硬盘固件的窃密技术分析及对策研究;张帆;《保密科学技术》;20170520(第05期);第39至41页 * |
面向存储介质的数据安全删除;吴莎莎等;《计算机系统应用》;20171115(第11期);第36至43页 * |
Also Published As
Publication number | Publication date |
---|---|
CN112269547A (en) | 2021-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112269547B (en) | Active and controllable hard disk data deleting method and device without operating system | |
KR101699998B1 (en) | Secure storage of temporary secrets | |
JP4392241B2 (en) | Method and system for promoting safety protection in a computer system employing an attached storage device | |
US8745386B2 (en) | Single-use authentication methods for accessing encrypted data | |
AU2007252841B2 (en) | Method and system for defending security application in a user's computer | |
US7840750B2 (en) | Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof | |
EP2717186A1 (en) | Information processing device and information processing method | |
US20070180257A1 (en) | Application-based access control system and method using virtual disk | |
CN103488919B (en) | A kind of guard method of executable program and device | |
Yu et al. | Mobihydra: Pragmatic and multi-level plausibly deniable encryption storage for mobile devices | |
TWI607338B (en) | Storage device, data protection method therefor, and data protection system | |
Hong et al. | Personal privacy protection framework based on hidden technology for smartphones | |
US8307175B2 (en) | Data recovery and overwrite independent of operating system | |
CN101350034B (en) | Mobile memory apparatus and method for visiting file | |
Huber et al. | A flexible framework for mobile device forensics based on cold boot attacks | |
US11960737B2 (en) | Self-deploying encrypted hard disk, deployment method thereof, self-deploying encrypted hard disk system and boot method thereof | |
KR101761799B1 (en) | Apparatus and method for managing data security of terminal | |
Dafoe et al. | Enabling Real-Time Restoration of Compromised ECU Firmware in Connected and Autonomous Vehicles | |
Taubmann et al. | A lightweight framework for cold boot based forensics on mobile devices | |
JP2009169868A (en) | Storage area access device and method for accessing storage area | |
Shu et al. | Burn After Reading: Expunging Execution Footprints of Android Apps | |
FanJiao et al. | A high efficiency encryption scheme of dual data partitions for android devices | |
KR102386292B1 (en) | Apparatus and method for deleting data | |
CN113553231B (en) | Embedded operating system running environment monitoring method based on security chip | |
KR102106689B1 (en) | Data availability ssd architecture for providing user data protection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240412 Address after: No. 10, 8th Floor, Building G1, Wuhan Poly City, Tieji Road, Hongshan District, Wuhan City, Hubei Province, 430070 Patentee after: Wuhan Diameter Technology Co.,Ltd. Country or region after: China Address before: 430023 No. 68, Xuefu Road, Changqing Garden, Dongxihu District, Wuhan, Hubei Patentee before: WUHAN POLYTECHNIC University Country or region before: China |
|
TR01 | Transfer of patent right |