CN113065157A - Bastion file security protection method based on file stream - Google Patents
Bastion file security protection method based on file stream Download PDFInfo
- Publication number
- CN113065157A CN113065157A CN202110373355.5A CN202110373355A CN113065157A CN 113065157 A CN113065157 A CN 113065157A CN 202110373355 A CN202110373355 A CN 202110373355A CN 113065157 A CN113065157 A CN 113065157A
- Authority
- CN
- China
- Prior art keywords
- file
- fortress
- stream
- bastion
- protection method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000004224 protection Effects 0.000 title claims abstract description 36
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000005516 engineering process Methods 0.000 claims description 9
- 241000700605 Viruses Species 0.000 description 3
- 230000007123 defense Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004140 cleaning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/172—Caching, prefetching or hoarding of files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file stream-based security protection method for fortress files, which realizes the protection of files by writing the files into fortress file streams and comprises the following steps: s1, creating a fortress file; s2, writing the file needing to be protected into the file stream of the fortress file by using the given program; s3, after the written file is confirmed to be correct, the fortress file is promoted to the required authority; s4, reading the file through the given program, wherein the file reading needs to be carried out after all protections are removed; and S5, if the file is too large and cannot be written, the file can be divided and a plurality of bastion files or a plurality of file streams can be created and stored. The file is enabled to realize the security guarantee requirements of hiding, reading, being incapable of being tampered and the like through the technical means, the file to be protected is stored in the file stream of the fortress file, then the protection measures are set for the fortress file to realize the simultaneous protection of the file stream and the fortress file, and the file security is ensured.
Description
Technical Field
The invention belongs to the technical field of computer file protection, and particularly relates to a bastion file security protection method based on a file stream.
Background
With the increasing demand for network security, file protection has become an immense security solution. Aiming at the habit that modern hackers like copying important files when attacking, file backups are the first downloading and tampering targets when being attacked by a network, conventional backup files can be copied and transmitted by the network, can be visible to all logged-in users, can be damaged in a simple mode and can be tampered to cause great loss, file streams belong to a local file storage mode and cannot be transmitted by the network, the file streams can be deleted by cleaning a disk, the stability of the files cannot be realized, and host files can be changed or deleted by other people with a mind to destroy the file streams.
Disclosure of Invention
The invention aims to protect the defects in the prior art, solve the problems of file tampering and network transmission, and hide the backup of confidential information, thereby avoiding the expansion of an attack chain and the file security caused by network attack.
In order to achieve the purpose, the invention provides the following technical scheme:
a file stream-based fortress file security protection method, the file protection technology realizes the protection of files by writing the files into the fortress file stream, including the following steps:
s1, creating a fortress file;
s2, writing the file needing to be protected into the file stream of the fortress file by using the given program;
s3, after the written file is confirmed to be correct, the fortress file is promoted to the required authority;
s4, reading the file through the given program, wherein the file reading needs to be carried out after all protections are removed;
and S5, if the file is too large and cannot be written, the file can be divided and a plurality of bastion files or a plurality of file streams can be created and stored.
Preferably, S6 is further included, and if it is necessary to add a protected file, S1 to S3 are repeated.
Preferably, the bastion file in S1 is a file owned by the system.
Preferably, in S2, when writing the file into the fortress file, the following command is executed by using the compiled software ntfs.exe of ntfs.cpp, using the already given source code:
a. exe create { absolute path of fortress file } { file stream name to be created };
b. exe appended { absolute path of fortress file } { fortress file stream name } { absolute path of file that needs to be written into fortress stream };
c. and writing the file into the bastion file stream after the command is executed.
Preferably, in S4, the file stream name and file size of the write bastion file are checked using the following commands when reading the file:
a. exe enum { fort filename or absolute path }.
Preferably, in S4, the data stored in the fortress file stream is acquired by using the following command when reading the file;
a. exe dump { fort file filename or absolute path } { file stream name to view } { file size of file stream to view }.
Preferably, in S3, the authority level is a file authority that cannot be changed by a general user.
The invention has the technical effects and advantages that:
1. the file is enabled to realize the security guarantee requirements of hiding, reading, being incapable of being tampered and the like through the technical means, the file to be protected is stored in the file stream of the fortress file, then the protection measures are set for the fortress file to realize the simultaneous protection of the file stream and the fortress file, and the file security is ensured.
2. The principle is that the file protection is carried out by utilizing the characteristics of the file stream, and the file protection method is based on the characteristics that an ntfs file stream has readability, writeability, non-falsification, network transmission incapability and remote copying capacity, so as to prevent hackers or viruses from attacking and copying the file, and sensitive or confidential data is stored in the file stream through the characteristics of the ntfs file stream in windows, so that the purpose of protecting the file is achieved.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The file protection technology based on the file flow realizes the hiding and protection of the server or important network facilities to important files under the condition of being attacked by hackers, the method gives up the original idea of independent defense line, and realizes the deep defense of network security, namely the security of confidential information can be guaranteed after the server or the important network facilities are attacked by the network.
Ntfs (new Technology File system), a disk format specifically designed for network and disk quotas, File encryption, etc. to manage security features, provide long filenames, data protection and recovery, enable security through directory and File permissions, and support across partitions. The Window ntfs file stream technology is a very hidden technology and can play an unexpected role in hiding important files;
the NTFS file stream is originally designed for the HFS file system compatibility of Macintosh, and the related data can be written in a file resource (not written in the file) by using the technology, and the written data can be extracted to be read as an independent file, so that the following advantages are achieved:
1. the size and file content of Ntfs are not visible to the user; 2. the Ntfs file stream cannot be transmitted over a network and copied remotely; 3. the Ntfs can play a good defense effect on the encryption of the encrypted virus.
An Ntfs file stream is hosted, which is a modification made using an Ntfs file stream such that the file is hosted by other files. The aim is to avoid security scanning or for the authoring of file viruses. The Ntfs file stream encryption technology uses a file stream to store encryption information of encryption levels so as to realize non-inductive encryption and does not need a new local database.
The characteristics that the ntfs file stream cannot be packaged, transmitted by a network and copied remotely are utilized to realize the safety of the files in the ntfs file stream, and the method specifically comprises the following steps:
referring to fig. 1, the file protection technology realizes file protection by writing a file into a bastion file stream, and includes the following steps:
s1, creating a fortress file (a file carried by the system is adopted);
s2, writing the file to be protected into the file stream of the fortress file by using the given program,
with the source code already given, the following commands are executed using the compiled software ntfs.exe of ntfs.cpp:
a. exe create { absolute path of fortress file } { file stream name to be created };
b. exe appended { absolute path of fortress file } { fortress file stream name } { absolute path of file that needs to be written into fortress stream };
c. and writing the file into the bastion file stream after the command is executed.
S3, after confirming that the written file is correct, the fortress file is promoted to the required authority (preferably the authority of the file which can not be changed by a common user), or the fortress file is defended by other methods;
s4, reading the file through the given program, wherein the file reading needs to be carried out after all protections are removed;
the file stream name and file size of the written fortress file are viewed using the following commands when reading the file: a. exe enum { fort filename or absolute path }.
Acquiring data stored in the fortress file stream by using the following commands when reading the file; a. exes dump { fort file name or absolute path } { file stream name to view } { file size of file stream to view };
and S5, if the file is too large and cannot be written, the file can be divided and a plurality of bastion files or a plurality of file streams can be created and stored.
S6, if the protected file needs to be added, repeating S1 to S3.
In summary, the following steps: the file protection method is similar to the original technical implementation method, but the requirements on the concealment and the reducibility of the file are met, the file is enabled to be concealed, readable and incapable of being tampered, and other safety guarantee requirements are met through technical means.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments or portions thereof without departing from the spirit and scope of the invention.
Claims (7)
1. A file stream-based fortress file security protection method is characterized in that a file is written into a fortress file stream to realize the protection of the file, and the file protection technology comprises the following steps: the method comprises the following steps:
s1, creating a fortress file;
s2, writing the file needing to be protected into the file stream of the fortress file by using the given program;
s3, after the written file is confirmed to be correct, the fortress file is promoted to the required authority;
s4, reading the file through the given program, wherein the file reading needs to be carried out after all protections are removed;
and S5, if the file is too large and cannot be written, the file can be divided and a plurality of bastion files or a plurality of file streams can be created and stored.
2. The file flow-based bastion file security protection method according to claim 1, characterized in that: s6 is also included, and if the protected file needs to be added, S1 through S3 are repeated.
3. The file flow-based bastion file security protection method according to claim 1, characterized in that: and the bastion file in the S1 adopts a file carried by the system.
4. The file flow-based bastion file security protection method according to claim 1, characterized in that: in S2, when writing the file into the bastion file, the following command is executed using the compiled software ntfs.exe of ntfs.cpp, using the already given source code:
a. exe create { absolute path of fortress file } { file stream name to be created };
b. exe appended { absolute path of fortress file } { fortress file stream name } { absolute path of file that needs to be written into fortress stream };
c. and writing the file into the bastion file stream after the command is executed.
5. The file flow-based bastion file security protection method according to claim 1, characterized in that: in S4, the file stream name and file size of the fortress file are checked using the following commands when reading the file:
a. exe enum { fort filename or absolute path }.
6. The file flow-based bastion file security protection method according to claim 1, characterized in that: in S4, the data stored in the fortress file stream is acquired using the following command when reading the file;
a. exe dump { fort file filename or absolute path } { file stream name to view } { file size of file stream to view }.
7. The file flow-based bastion file security protection method according to claim 1, characterized in that: in S3, the authority level is a file authority that cannot be changed by a general user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110373355.5A CN113065157A (en) | 2021-04-07 | 2021-04-07 | Bastion file security protection method based on file stream |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110373355.5A CN113065157A (en) | 2021-04-07 | 2021-04-07 | Bastion file security protection method based on file stream |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113065157A true CN113065157A (en) | 2021-07-02 |
Family
ID=76566072
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110373355.5A Pending CN113065157A (en) | 2021-04-07 | 2021-04-07 | Bastion file security protection method based on file stream |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113065157A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657677A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File encryption method based on alternate data streams |
| CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
| CN110673911A (en) * | 2019-09-17 | 2020-01-10 | 张维加 | Cross-equipment editing system for digital files |
-
2021
- 2021-04-07 CN CN202110373355.5A patent/CN113065157A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104657677A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File encryption method based on alternate data streams |
| CN108763245A (en) * | 2018-03-28 | 2018-11-06 | 北京明朝万达科技股份有限公司 | A kind of document management method and system based on NTFS system file labels |
| CN110673911A (en) * | 2019-09-17 | 2020-01-10 | 张维加 | Cross-equipment editing system for digital files |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11372994B2 (en) | Security application for data security formatting, tagging and control | |
| US7376947B2 (en) | Computer system and method for secure installation and operation of software | |
| AU2008203454B2 (en) | Systems & Methods for Preventing Unauthorized Use of Digital Content | |
| US7606795B2 (en) | System and method for verifying the integrity and completeness of records | |
| US8234496B1 (en) | Image leak prevention using digital watermark | |
| US20100138619A1 (en) | Secure Erasure of Digital Files | |
| KR101424973B1 (en) | Method, recording medium and apparatus for updating revocation list and reproducing encrypted contents | |
| Steel | Windows forensics: The field guide for conducting corporate computer investigations | |
| US8311978B2 (en) | Computer enabled methods to inhibit file and volume name copying and to circumvent same | |
| US20150213286A1 (en) | Virtual file-based tamper resistant repository | |
| EP2341458B1 (en) | Method and device for detecting if a computer file has been copied | |
| CN113065157A (en) | Bastion file security protection method based on file stream | |
| Srinivasan et al. | Steganographic information hiding that exploits a novel file system vulnerability | |
| Kohlbrenner et al. | Poster: Hidden in plain sight: A filesystem for data integrity and confidentiality | |
| Paik et al. | Data protection based on hidden space in windows against ransomware | |
| CN100428260C (en) | Minimum invading data hidding method of computer network | |
| TWI646425B (en) | Virtual disk protection system | |
| KR100948386B1 (en) | Apparatus and method for saving original data in computer system | |
| US20110083188A1 (en) | Virus, trojan, worm and copy protection of audio, video, digital and multimedia, executable files and such installable programs | |
| Hsu et al. | WORM storage is not enough [Technical Forum] | |
| CN100561496C (en) | A kind of method that guarantees file security in the embedded system | |
| Chang | A Secure Erasure Method for Fragmented JPEG Images | |
| RO137262A2 (en) | Data protection system by access control of direct operations of data modification | |
| Li | Security and Management of Local Computer Data. | |
| CN117896075A (en) | Data operation behavior auditing system and method based on blockchain and digital watermark |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |