CN113722715B - Imported file checking method, checking system and computing equipment - Google Patents
Imported file checking method, checking system and computing equipment Download PDFInfo
- Publication number
- CN113722715B CN113722715B CN202111291897.4A CN202111291897A CN113722715B CN 113722715 B CN113722715 B CN 113722715B CN 202111291897 A CN202111291897 A CN 202111291897A CN 113722715 B CN113722715 B CN 113722715B
- Authority
- CN
- China
- Prior art keywords
- file
- data volume
- shared data
- container
- target file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 66
- 238000007689 inspection Methods 0.000 claims abstract description 90
- 230000008676 import Effects 0.000 claims description 43
- 238000009434 installation Methods 0.000 claims description 37
- 238000012544 monitoring process Methods 0.000 claims description 23
- 238000004891 communication Methods 0.000 description 17
- 238000001514 detection method Methods 0.000 description 13
- 230000008569 process Effects 0.000 description 10
- 238000012545 processing Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000001914 filtration Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000007723 transport mechanism Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
Abstract
The invention discloses an imported file checking method, an imported file checking system and computing equipment. The method is executed on an operating system, wherein a shared data volume and a container connected with the shared data volume are arranged on the operating system, and the method comprises the following steps: detecting whether a target file imported from the outside is newly added in the shared data volume through the container; if so, checking the target file to generate a check result file, and storing the check result file in the shared data volume; determining whether the target file passes the inspection according to the inspection result file; and if the check is passed, saving the target file and the check result file in the shared data volume in a preset directory of the operating system. According to the technical scheme of the invention, the checking function of the externally imported file is realized based on the operating system, and the safety and the integrity of the file imported into the system from the outside are ensured.
Description
Technical Field
The invention relates to the technical field of computers and operating systems, in particular to an imported file checking method, an imported file checking system and computing equipment.
Background
At present, an operating system does not have a solution for checking and filtering externally imported files, and checking of the imported files is generally performed through third-party applications, such as applications of a 360-terminal security system, a 360-security guard, and the like.
For a file imported from the outside into a system, an existing operating system lacks checking functions such as integrity check, installation test, dependency analysis, and the like for the imported file. Some developers of the Linux system provide some checking and filtering schemes for an incoming file import system, but all the checking and filtering schemes need to use an application specified by the developers to check the imported files, all checking processes are packaged in the applications of the developers, and the checking processes are not packaged in an operating system and cannot be provided for all developers who can acquire a system API.
Therefore, an inspection system and method are needed to solve the problems of the prior art.
Disclosure of Invention
To this end, the present invention provides an import file inspection method, an inspection system, and a computing device to solve or at least alleviate the above-existing problems.
According to an aspect of the present invention, there is provided an import file checking method, executed on an operating system on which a shared data volume and a container connected to the shared data volume are arranged, the method including the steps of: detecting whether a target file imported from the outside is newly added in the shared data volume through the container; if so, checking the target file to generate a check result file, and storing the check result file in the shared data volume; determining whether the target file passes the inspection according to the inspection result file; and if the check is passed, saving the target file and the check result file in the shared data volume in a preset directory of the operating system.
Optionally, in the imported file checking method according to the present invention, if it is detected that a target file imported from the outside is newly added to the shared data volume, the method further includes: checking whether a target file in the shared data volume executes in the container; if so, generating a container restart file, and storing the container restart file in the shared data volume.
Optionally, in the import file checking method according to the present invention, the method further includes: and when monitoring that a container restart file is newly added in the shared data volume, restarting the container according to the newly added container restart file.
Optionally, in the imported file checking method according to the present invention, the checking the target file includes: checking the integrity of the target file to generate integrity information, and checking the size of the target file to generate file size information; determining the type of a target file; if the target file type is an installation package file, performing security check and installation dependence check on the target file to generate security information and installation dependence information; if the type of the target file is an executable file, performing security check on the target file to generate security information; generating an inspection result file based on one or more of the integrity information, file size information, security information, installation dependency information.
Optionally, in the import file checking method according to the present invention, the method further includes: and if the target file check fails, deleting the target file and the check result file in the shared data volume.
Optionally, in the imported file checking method according to the present invention, the step of saving the target file and the check result file in the shared data volume in a predetermined directory of an operating system includes: acquiring the target file and the check result file from the shared data volume; and judging whether the information in the check result file corresponding to the target file contains one or more types of attribute information in the file saving attribute list, and if so, saving the check result file and the target file in a preset directory of the operating system.
Optionally, in the imported file checking method according to the present invention, the step of determining whether the target file passes the check according to the check result file includes: and when monitoring that the shared data volume is newly added with the inspection result file, determining whether the target file passes the inspection according to the newly added inspection result file.
Optionally, in the method for checking an import file according to the present invention, the operating system further includes a monitoring module connected to the container and the shared data volume, and the monitoring module is adapted to: monitoring whether a file is newly added in the shared data volume, and determining the type of the newly added file; if the type of the newly added file is the check result file, determining whether the target file passes the check according to the check result file; and if the type of the newly added file is the container restart file, restarting the container according to the newly added container restart file.
Optionally, in the imported file checking method according to the present invention, the container includes a detection module and a file checking module, and the step of detecting whether an externally imported target file is added to the shared data volume includes: detecting whether a file is newly added in the shared data volume through a detection module, and determining the type of the newly added file; and if the type of the newly added file is the target file, calling a file checking module to check the target file.
According to an aspect of the present invention, there is provided an inspection system, arranged on an operating system, comprising: sharing the data volume; the container is connected with the shared data volume and is suitable for detecting whether an externally imported target file is newly added in the shared data volume, if so, the target file is checked to generate a check result file, and the check result file is stored in the shared data volume; the supervision module is connected with the shared data volume and the container and is suitable for determining whether the target file passes the inspection according to the inspection result file in the shared data volume; and the file export module is connected with the supervision module and the shared data volume and is suitable for storing the target file and the inspection result file in the shared data volume in a preset directory of the operating system after the target file passes the inspection.
Optionally, in an inspection system according to the invention, the container is further adapted to: checking whether a target file in the shared data volume executes in the container; if so, generating a container restart file, and storing the container restart file in the shared data volume.
Optionally, in the inspection system according to the invention, the supervision module is further adapted to: and when monitoring that a container restart file is newly added in the shared data volume, restarting the container according to the newly added container restart file so as to initialize the container.
Optionally, in the inspection system according to the invention, the container is further adapted to: checking the integrity of the target file to generate integrity information, and checking the size of the target file to generate file size information; determining the type of a target file; if the target file type is an installation package file, performing security check and installation dependence check on the target file to generate security information and installation dependence information; if the type of the target file is an executable file, performing security check on the target file to generate security information; generating an inspection result file based on one or more of the integrity information, file size information, security information, installation dependency information.
Optionally, in the inspection system according to the present invention, the file export module is further adapted to: acquiring the target file and the check result file from the shared data volume; and judging whether the information in the check result file corresponding to the target file contains one or more types of attribute information in the file saving attribute list, and if so, saving the check result file and the target file in a preset directory of the operating system.
Optionally, in the inspection system according to the invention, the supervision module is adapted to: monitoring whether a file is newly added in the shared data volume, and determining the type of the newly added file; if the type of the newly added file is the check result file, determining whether the target file passes the check according to the check result file; and if the type of the newly added file is the container restart file, restarting the container according to the newly added container restart file.
Optionally, in an inspection system according to the invention, the container comprises: the detection module is suitable for detecting whether a file is newly added in the shared data volume and determining the type of the newly added file; and the file checking module is suitable for checking the target file when the type of the newly added file is the target file.
According to an aspect of the invention, there is provided a computing device comprising: at least one processor; a memory storing program instructions configured to be suitable for execution by the at least one processor, the program instructions comprising instructions for performing the import file check method as described above.
According to an aspect of the present invention, there is provided a readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to execute the imported file checking method as described above.
According to the technical scheme of the invention, the method and the system for checking the imported file are provided, and the checking function of the externally imported file is integrated into an operating system by constructing the checking system comprising the container and the shared data volume on the operating system. Based on this, by importing the file (external file) downloaded by the third-party application into the shared data volume, the file in the shared data volume can be checked by the checking system, and the file is saved in the predetermined directory of the operating system after the check is passed, so as to ensure that the file passing the check can be imported into the operating system. Thus, the security and integrity of the file imported from the outside into the system can be ensured.
Further, after the external file is checked to be passed, whether the file meets the import condition is judged based on the file saving attribute list, and the file is imported into the system when the import condition is met. In this way, a filtering function for an external import file is realized.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
To the accomplishment of the foregoing and related ends, certain illustrative aspects are described herein in connection with the following description and the annexed drawings, which are indicative of various ways in which the principles disclosed herein may be practiced, and all aspects and equivalents thereof are intended to be within the scope of the claimed subject matter. The above and other objects, features and advantages of the present disclosure will become more apparent from the following detailed description read in conjunction with the accompanying drawings. Throughout this disclosure, like reference numerals generally refer to like parts or elements.
FIG. 1 shows a schematic diagram of an inspection system 100 according to one embodiment of the invention;
FIG. 2 shows a schematic diagram of a computing device 200, according to one embodiment of the invention;
FIG. 3 shows a flow diagram of an import file check method 300 according to one embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
FIG. 1 shows a schematic diagram of an inspection system 100 according to one embodiment of the invention. The checking system 100 is adapted to perform the imported file checking method according to the present invention so as to perform checking filtering on files of the external import operating system.
Inspection system 100 resides in a computing device, i.e., a host computer running an operating system, i.e., a system that needs to be protected by inspecting external import files.
Wherein the inspection system 100 is deployed on an operating system of a computing device. It is understood that the operating system includes a kernel, and user space disposed above the kernel. Here, the inspection system 100 is disposed in the kernel of the operating system. The user space of the operating system may have one or more applications disposed therein. It should be noted that the present invention is not limited to the kind of the operating system, for example, the operating system may be implemented as a Linux operating system, and may also be implemented as a Windows operating system.
As shown in FIG. 1, the inspection system 100 includes a container 130 running on an operating system, and a shared data volume 150, a supervisor module 110, a file export module 160 disposed on the operating system. Wherein the container 130, the administration module 110, and the file export module 160 are all connected to the shared data volume 150. The administration module 110 is also connected to the container 130, the file export module 160, respectively.
It should be noted that the monitoring module 110 is a boot service, and the monitoring module 110 can monitor file changes in the shared data volume and manage the container 130. Shared data volume 150 is a data volume (which may map operating system directories into containers) and is a file system that enables the operating system of a computing device to share data with container 130. A container is a separate virtual operating system that is launched based on a container image run on the operating system of a computing device (host). Here, the container image is packaged with a runtime environment of the operating system and is pre-integrated in the operating system of the computing device.
In one embodiment, the supervisor module 110 may be configured to automatically boot up after the computing device is powered on. Wherein, the administration module 110 may modify configuration information of the container after startup based on the creation information of the shared data volume to mount the shared data volume 150 to the container 130 so that the container 130 can access files in the shared data volume 150. Also, the supervisor module 110 may create a container based on the container image and start the container to have the container 130 run on the operating system.
According to the embodiment of the present invention, it is possible to detect whether the target file imported from the outside is newly added to the shared data volume 150 through the container 130. Specifically, the container detects a file change in the shared data volume, determines the type of the newly added file when detecting that the file is newly added in the shared data volume, and detects that the target file imported from the outside is newly added in the shared data volume if the type of the newly added file is the target file.
It should be noted that the target file is a file imported from the outside through the interface into the shared data volume on the operating system, and may include an installation package file, an executable file, a normal file, and the like. The interface is an interface (API) provided by the operating system and called by one or more applications (third-party applications) when downloading a file, and the checking of the downloaded foreign file is realized by calling the interface. In particular, one or more applications may call the interface when downloading a file in order to import the downloaded file into the shared file volume 150 on the operating system. After downloading the files, the one or more applications import the downloaded files into the shared file volume, namely, the target files to be checked. The application that invokes the interface may be implemented, for example, as a mailbox, various social applications, etc., and the invention is not limited to a particular type of application.
If it is detected that an externally imported target file is newly added to the shared data volume 150, the container 130 checks the target file, generates a check result file, and outputs and stores the check result file in the shared data volume 150.
According to one embodiment, as shown in FIG. 1, the container 130 includes a detection module 131 and a document inspection module 132. The detection module 131 in the container 130 may detect whether a target file imported from the outside is newly added to the shared data volume. The file inspection module 132 in the container 130 may inspect the target file, generate an inspection result file, and output and store the inspection result file in the shared data volume 150.
Specifically, the container 130 first detects whether a file is newly added to the shared data volume through the detection module 131, and determines the type of the newly added file. Upon determining that the type of the newly added file is the target file, the file inspection module 132 is invoked to inspect the target file.
The administration module 110 may determine whether the target file passes the inspection based on the inspection result file. Specifically, the monitoring module 110 is connected to the shared data volume 150, and may monitor whether an inspection result file is newly added to the shared data volume 150, and determine whether the target file passes the inspection according to the inspection result file when it is monitored that the inspection result file is newly added to the shared data volume.
If the object file passes the check, the object file passing the check in the shared data volume 150 and the check result file are exported by the file export module 160 and stored in a predetermined directory of the operating system. Here, the predetermined directory may be a directory selected when the application calls the interface to download the file, and the predetermined directory is not particularly limited in the present invention. In addition, if the target file check fails, the file export module 160 deletes the target file and the check result file in the shared data volume 150, so that the target file and the check result file are not imported into the operating system.
According to one embodiment, the container 130, when invoking the file checking module 132 to check the target file, also checks whether the target file in the shared data volume is executing in the container 130 through the file checking module 132. If it is checked that the target file in the shared data volume 150 is installed and executed in the container 130, a container restart file is generated in the container 130 and stored in the shared data volume 130.
The monitoring module 110 may monitor whether a container reboot file is newly added to the shared data volume 150, and reboot the container 130 according to the newly added container reboot file when monitoring that the container reboot file is newly added to the shared data volume, so as to initialize the container. Specifically, the supervisor module 110 implements a restart of the container by closing the currently running container and deleting the container, re-creating a new container based on the container image again, and loading the new container.
The administration module 110 may monitor the directories of the shared data volume 150 after being started, wherein the directories of the shared data volume 150 are monitored to determine whether a file is newly added. And when the newly added file is monitored, determining the type of the newly added file. And if the type of the newly added file is the check result file, determining whether the target file passes the check according to the check result file. And if the type of the newly added file is the container restart file, restarting the container according to the newly added container restart file.
In addition, if the monitoring module 110 monitors that the type of the newly added file in the shared data volume is the target file, the target file is ignored and no processing is performed. Accordingly, if the detection module 131 in the container 130 detects that the type of the newly added file in the shared data volume is the check result file or the container restart file, the detected check result file or the container restart file is ignored, and no processing is performed. In addition, when the monitoring module 110 and the detection module 131 in the container 130 detect that the file in the shared data volume is reduced, the file change is ignored and no processing is performed.
According to one embodiment of the invention, the document inspection module 132 in the container 130 may inspect the target document according to the following steps:
the integrity of the target file may first be checked to generate integrity information. Here, the integrity check is to check whether the target file is accurate.
Subsequently, the size of the target file is checked, and file size information is generated. Here, examining the size of the target file may determine the amount of storage space occupied by the target file.
Next, the type of the target file is checked to determine the target file type. Here, the target file type includes, for example, an installation package file, an executable file, and a normal file. The installation package file, i.e. the software installation package, is a collection of files that can be decompressed by itself, including all the files of the software installation package. An executable file is a file that may be downloaded and executed by an operating system, such as a script file, an ELF file, and the like. The common files include, for example, text files, Office files, PDF files, audio-video files, and the like.
If the target file type is an installation package file, security checking and installation dependency checking may be performed on the target file to generate corresponding security information and installation dependency information. If the target file type is an executable file, security checking is performed on the target file to generate security information. Here, the security check is to determine whether the executable file is security hardened by reading a symbol table of the executable file.
Next, an inspection result file is generated based on one or more of integrity information, file size information, security information, and installation dependency information. Here, the inspection result file includes all attribute information of the target file, that is, the summary of integrity information, file size information, security information, and installation dependency information generated in the foregoing inspection process.
It should be noted that checking the integrity of the target file, as well as checking the size of the target file, is a check for all types of target files. When the target file type is the installation package file, because security check and installation dependency check are also performed in the checking process, the checking result file is finally generated after the target file (installation package file) is checked, and the checking result file comprises integrity information, file size information, security information and installation dependency information. When the type of the target file is an executable file, because security check is also performed in the checking process, a checking result file is finally generated after the checking of the target file (executable file) is completed, wherein the checking result file comprises integrity information, file size information and security information. In addition, when the target file type is a normal file, only integrity check and file size check are performed, and therefore, the integrity information and the file size information are included in the finally generated check result file after the target file (normal file) is checked.
In one embodiment, the administration module 110 is coupled to the file export module 160, the shared data volume 150, respectively. After determining that the target file in the shared data volume 150 passes the inspection, the monitoring module 110 calls the file export module 160, obtains the target file passing the inspection and the corresponding inspection result file from the shared data volume 150 through the file export module 160, and saves the target file passing the inspection and the corresponding inspection result file in a predetermined directory of the operating system, so as to import the target file into the operating system.
In one embodiment, the generated check result file is transferred to the shared data volume 150, so that the file export module 160 determines whether the corresponding target file meets the import condition based on the check result file in the shared data volume 150, and the target file is imported into the predetermined directory of the operating system when the import condition is met, so as to filter the external import file.
Specifically, the file export module 160 contains a file saving attribute list that can be configured by the user, and the file saving attribute list contains one or more kinds of attribute information that can be configured by the user according to the actual needs. After the target file and the corresponding check result file which pass the check are acquired from the shared data volume 150, whether the information in the check result file corresponding to the target file contains one or more attribute information in the file saving attribute list is judged, if the check result file contains one or more attribute information in the file saving attribute list, it is determined that the import condition is satisfied, and the check result file and the target file are saved in a predetermined directory of the operating system. Otherwise, if the information in the inspection result file does not contain one or more types of attribute information in the file saving attribute list and does not satisfy the import condition, the file export module 160 directly deletes the inspection result file and the target file. In this way, a filtering function for an external import file is realized based on the file save attribute list.
In one embodiment, the computing device on which the inspection system 100 resides may be implemented as the computing device 200, such that the imported file inspection method of the present invention may be performed in the computing device 200.
FIG. 2 shows a schematic diagram of a computing device 200, according to one embodiment of the invention.
As shown in FIG. 2, in a basic configuration 202, a computing device 200 typically includes a system memory 206 and one or more processors 204. A memory bus 208 may be used for communication between the processor 204 and the system memory 206.
Depending on the desired configuration, the processor 204 may be any type of processing, including but not limited to: a microprocessor (UP), a microcontroller (UC), a digital information processor (DSP), or any combination thereof. The processor 204 may include one or more levels of cache, such as a level one cache 210 and a level two cache 212, a processor core 214, and registers 216. Example processor cores 214 may include Arithmetic Logic Units (ALUs), Floating Point Units (FPUs), digital signal processing cores (DSP cores), or any combination thereof. The example memory controller 218 may be used with the processor 204, or in some implementations the memory controller 218 may be an internal part of the processor 204.
Depending on the desired configuration, system memory 206 may be any type of memory, including but not limited to: volatile memory (such as RAM), non-volatile memory (such as ROM, flash memory, etc.), or any combination thereof. System memory 206 may include an operating system 220, one or more applications 222, and program data 224. The application 222 is actually a plurality of program instructions that direct the processor 204 to perform corresponding operations. In some embodiments, application 222 may be arranged to cause processor 204 to operate with program data 224 on an operating system.
Computing device 200 also includes storage device 232, storage device 232 including removable storage 236 and non-removable storage 238.
Computing device 200 may also include a storage interface bus 234. The storage interface bus 234 enables communication from the storage devices 232 (e.g., removable storage 236 and non-removable storage 238) to the basic configuration 202 via the bus/interface controller 230. At least a portion of the operating system 220, applications 222, and data 224 may be stored on removable storage 236 and/or non-removable storage 238, and loaded into system memory 206 via storage interface bus 234 and executed by the one or more processors 204 when the computing device 200 is powered on or the applications 222 are to be executed.
Computing device 200 may also include an interface bus 240 that facilitates communication from various interface devices (e.g., output devices 242, peripheral interfaces 244, and communication devices 246) to the basic configuration 202 via the bus/interface controller 230. The exemplary output device 242 includes an image processing unit 248 and an audio processing unit 250. They may be configured to facilitate communication with various external devices, such as a display or speakers, via one or more a/V ports 252. Example peripheral interfaces 244 can include a serial interface controller 254 and a parallel interface controller 256, which can be configured to facilitate communications with external devices such as input devices (e.g., keyboard, mouse, pen, voice input device, touch input device) or other peripherals (e.g., printer, scanner, etc.) via one or more I/O ports 258. An example communication device 246 may include a network controller 260, which may be arranged to facilitate communications with one or more other computing devices 262 over a network communication link via one or more communication ports 264.
A network communication link may be one example of a communication medium. Communication media may typically be embodied by computer readable instructions, data structures, program modules, and may include any information delivery media, such as carrier waves or other transport mechanisms, in a modulated data signal. A "modulated data signal" may be a signal that has one or more of its data set or its changes made in a manner that encodes information in the signal. By way of non-limiting example, communication media may include wired media such as a wired network or private-wired network, and various wireless media such as acoustic, Radio Frequency (RF), microwave, Infrared (IR), or other wireless media. The term computer readable media as used herein may include both storage media and communication media.
In an embodiment in accordance with the invention, the computing device 200 is configured to perform an import file check method 300 in accordance with the invention. The operating system of the computing device 200 includes a plurality of program instructions for performing the imported file inspection method 300 of the present invention, such that the imported file inspection method 300 of the present invention may be performed in the operating system of the computing device 200.
According to one embodiment of the present invention, the inspection system 100 is deployed on an operating system of the computing device 200, and in particular, the inspection system 100 is disposed in a kernel of the operating system of the computing device 200. The inspection system 100 includes a container 130 running on an operating system, and a shared data volume 150, a policing module 110, and a file export module 160 disposed on the operating system, wherein the container 130, the policing module 110, and the file export module 160 are all connected to the shared data volume 150. The checking system 100 comprises a plurality of program instructions for executing the import file checking method 300, and the program instructions may instruct the processor 204 to execute the import file checking method 300 of the present invention, so that the operating system of the computing device 200 checks the files of the external import system by executing the import file checking method 300 of the present invention.
It should be noted that the present invention is not limited to the kind of the operating system, for example, the operating system may be implemented as a Linux operating system, and may also be implemented as a Windows operating system.
FIG. 3 shows a flow diagram of an import file check method 300 according to one embodiment of the invention. The method 300 is suitable for execution in an inspection system 100 deployed on an operating system of a computing device, such as the computing device 200 described above.
As shown in fig. 3, the method 300 begins at step S310.
In step S310, it is detected by the container 130 whether the target file imported from the outside is added to the shared data volume.
Specifically, the container detects a file change in the shared data volume, determines the type of the newly added file when detecting that the file is newly added in the shared data volume, and detects that the target file imported from the outside is newly added in the shared data volume if the type of the newly added file is the target file.
It should be noted that the target file is a file imported from the outside through the interface into the shared data volume on the operating system, and may include an installation package file, an executable file, a normal file, and the like. The interface is an interface (API) provided by the operating system that may be called by one or more applications when downloading files. In other words, one or more applications may call the interface when downloading a file in order to import the downloaded file into the shared file volume 150 on the operating system. After downloading the files, the one or more applications import the downloaded files into the shared file volume, namely, the target files to be checked. The application that invokes the interface may be implemented, for example, as a mailbox, various social applications, etc., and the invention is not limited to a particular type of application.
If it is detected that the target file imported from the outside is newly added to the shared data volume, step S320 is performed. In step S320, the target file is checked, an inspection result file is generated, and the inspection result file is stored in the shared data volume.
According to one embodiment of the present invention, the container 130 includes a detection module 131 and a document check module 132. The detection module 131 in the container 130 may execute step S310 to detect whether the target file imported from the outside is newly added to the shared data volume. The file inspection module 132 in the container 130 may perform step S320 to inspect the target file, generate an inspection result file, and output and store the inspection result file in the shared data volume 150.
Specifically, the container 130 first detects whether a file is newly added to the shared data volume through the detection module 131, and determines the type of the newly added file. If the type of the newly added file is a target file, the file checking module 132 is invoked to check the target file.
Subsequently, in step S330, the supervision module 110 determines whether the target file passes the check according to the check result file. Specifically, the monitoring module 110 is connected to the shared data volume 150, and may monitor whether an inspection result file is newly added to the shared data volume, and determine whether the target file passes the inspection according to the inspection result file when the inspection result file is newly added to the shared data volume.
Finally, in step S340, if it is determined that the target file check passes, the target file and the check result file that pass the check in the shared data volume 150 are exported by the file export module 160 and saved in a predetermined directory of the operating system. In this way, after the target file is checked, the target file that passes the check is imported into the operating system. Here, the predetermined directory may be a directory selected when the application calls the interface to download the file, and the predetermined directory is not particularly limited in the present invention.
In addition, if the target file check fails, the target file and the check result file in the shared data volume 150 are deleted. In this way, the target file that fails the check is not imported into the operating system.
In one implementation, the supervisor module 110 may be configured to automatically boot up after the computing device is powered on. Before the method 300 is executed, the shared data volume 150, container 130 is created on the operating system in advance by the supervisor module 110. Wherein, the administration module 110 may modify configuration information of the container after startup based on the creation information of the shared data volume to mount the shared data volume 150 to the container 130 so that the container 130 can access files in the shared data volume 150. Also, the supervisor module 110 may create a container based on the container image and start the container to have the container 130 run on the operating system.
According to one embodiment, if it is detected that the target file imported from the outside is newly added to the shared data volume, the container 130, when the target file is checked by the calling file checking module 132, also checks whether the target file in the shared data volume is executed in the container through the file checking module 132. If it is checked that the target file in the shared data volume is installed and executed in the container, a container restart file is generated in the container 130 and stored in the shared data volume 130.
The container 130 is then restarted according to the container restart file to enable initialization of the container 130. Here, the monitoring module 110 may also monitor whether a container reboot file is newly added to the shared data volume 150, and when the container reboot file is monitored to be newly added to the shared data volume, reboot the container 130 according to the newly added container reboot file to initialize the container. Specifically, the supervisor module 110 implements a restart of the container by closing the currently running container and deleting the container, re-creating a new container based on the container image again, and loading the new container.
In one implementation, the administration module 110 may monitor the shared data volume 150 for new files and determine the type of file to be added. And if the type of the newly added file is the check result file, determining whether the target file passes the check according to the check result file. And if the type of the newly added file is the container restart file, restarting the container according to the newly added container restart file.
In addition, if the monitoring module 110 monitors that the type of the newly added file in the shared data volume is the target file, the target file is ignored and no processing is performed. Accordingly, if the detection module 131 in the container 130 detects that the type of the newly added file in the shared data volume is the check result file or the container restart file, the detected check result file or the container restart file is ignored, and no processing is performed. In addition, when the monitoring module 110 and the detection module 131 in the container 130 detect that the file in the shared data volume is reduced, the file change is ignored and no processing is performed.
According to an embodiment of the present invention, when detecting that an externally imported target file is newly added to a shared data volume, the target file may be checked according to the following steps:
the integrity of the target file may first be checked to generate integrity information. Here, the integrity check is to check whether the target file is accurate.
Subsequently, the size of the target file is checked, and file size information is generated. Here, examining the size of the target file may determine the amount of storage space occupied by the target file.
Next, the type of the target file is checked to determine the target file type. Here, the target file type includes, for example, an installation package file, an executable file, and a normal file. The installation package file, i.e. the software installation package, is a collection of files that can be decompressed by itself, including all the files of the software installation package. An executable file is a file that may be downloaded and executed by an operating system, such as a script file, an ELF file, and the like. The common files include, for example, text files, Office files, PDF files, audio-video files, and the like.
If the target file type is an installation package file, security checking and installation dependency checking may be performed on the target file to generate corresponding security information and installation dependency information. If the target file type is an executable file, security checking is performed on the target file to generate security information. Here, the security check is to determine whether the executable file is security hardened by reading a symbol table of the executable file.
Next, an inspection result file is generated based on one or more of integrity information, file size information, security information, and installation dependency information. Here, the inspection result file includes all attribute information of the target file, that is, the summary of integrity information, file size information, security information, and installation dependency information generated in the foregoing inspection process.
It should be noted that checking the integrity of the target file, as well as checking the size of the target file, is a check for all types of target files. When the target file type is the installation package file, because security check and installation dependency check are also performed in the checking process, the checking result file is finally generated after the target file (installation package file) is checked, and the checking result file comprises integrity information, file size information, security information and installation dependency information. When the type of the target file is an executable file, because security check is also performed in the checking process, a checking result file is finally generated after the checking of the target file (executable file) is completed, wherein the checking result file comprises integrity information, file size information and security information. In addition, when the target file type is a normal file, only integrity check and file size check are performed, and therefore, the integrity information and the file size information are included in the finally generated check result file after the target file (normal file) is checked.
According to one embodiment, file export module 160 is coupled to shared data volume 150. The file export module 160 may obtain the checked target file and the corresponding check result file from the shared data volume 150, and save the checked target file and the corresponding check result file in a predetermined directory of the operating system, so as to import the target file into the operating system.
In one embodiment, the file export module 160 may import the target file into the operating system to filter the external import file when the import condition is satisfied by passing the generated inspection result file into the shared data volume 150 so that whether the corresponding target file satisfies the import condition is determined based on the inspection result file in the shared data volume 150.
Specifically, the file export module 160 contains a file saving attribute list that can be configured by the user, and the file saving attribute list contains one or more kinds of attribute information that can be configured by the user according to the actual needs. After the target file passing the inspection and the corresponding inspection result file are acquired from the shared data volume 150, it is further determined whether the information in the inspection result file corresponding to the target file contains one or more attribute information in the file saving attribute list, and if the inspection result file contains one or more attribute information in the file saving attribute list, it is determined that the import condition is satisfied, and the inspection result file and the target file are saved in a predetermined directory of the operating system. Otherwise, if the information in the inspection result file does not contain one or more types of attribute information in the file saving attribute list and does not satisfy the import condition, the file export module 160 directly deletes the inspection result file and the target file. In this way, a filtering function for an external import file is realized based on the file save attribute list.
According to the imported file checking scheme, the checking function of the external imported file is integrated into the operating system by constructing the checking system comprising the container and the shared data volume on the operating system. Based on this, by importing the file (external file) downloaded by the third-party application into the shared data volume, the file in the shared data volume can be checked by the checking system, and the file is saved in the predetermined directory of the operating system after the check is passed, so as to ensure that the file passing the check can be imported into the operating system. Thus, the security and integrity of the file imported from the outside into the system can be ensured. Further, after the external file is checked to be passed, whether the file meets the import condition is judged based on the file saving attribute list, and the file is imported into the system when the import condition is met. In this way, a filtering function for an external import file is realized.
The various techniques described herein may be implemented in connection with hardware or software or, alternatively, with a combination of both. Thus, the methods and apparatus of the present invention, or certain aspects or portions thereof, may take the form of program code (i.e., instructions) embodied in tangible media, such as removable hard drives, U.S. disks, floppy disks, CD-ROMs, or any other machine-readable storage medium, wherein, when the program is loaded into and executed by a machine, such as a computer, the machine becomes an apparatus for practicing the invention.
In the case of program code execution on programmable computers, the mobile terminal generally includes a processor, a storage medium readable by the processor (including volatile and non-volatile memory and/or storage elements), at least one input device, and at least one output device. Wherein the memory is configured to store program code; the processor is configured to execute the import file check method of the present invention according to instructions in the program code stored in the memory.
By way of example, and not limitation, readable media may comprise readable storage media and communication media. Readable storage media store information such as computer readable instructions, data structures, program modules or other data. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. Combinations of any of the above are also included within the scope of readable media.
In the description provided herein, algorithms and displays are not inherently related to any particular computer, virtual system, or other apparatus. Various general purpose systems may also be used with examples of this invention. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules or units or components of the devices in the examples disclosed herein may be arranged in a device as described in this embodiment or alternatively may be located in one or more devices different from the devices in this example. The modules in the foregoing examples may be combined into one module or may be further divided into multiple sub-modules.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments.
Furthermore, some of the described embodiments are described herein as a method or combination of method elements that can be performed by a processor of a computer system or by other means of performing the described functions. A processor having the necessary instructions for carrying out the method or method elements thus forms a means for carrying out the method or method elements. Further, the elements of the apparatus embodiments described herein are examples of the following apparatus: the apparatus is used to implement the functions performed by the elements for the purpose of carrying out the invention.
As used herein, unless otherwise specified the use of the ordinal adjectives "first", "second", "third", etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.
While the invention has been described with respect to a limited number of embodiments, those skilled in the art, having benefit of this description, will appreciate that other embodiments can be devised which do not depart from the scope of the invention as described herein. Furthermore, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter. Accordingly, many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the appended claims. The present invention has been disclosed in an illustrative rather than a restrictive sense with respect to the scope of the invention, as defined in the appended claims.
Claims (8)
1. An import file checking method, executed on an operating system on which a shared data volume and a container connected to the shared data volume are arranged, the method comprising the steps of:
detecting whether a target file imported from the outside is newly added in the shared data volume through the container;
if so, checking the target file to generate a check result file, and storing the check result file in the shared data volume;
determining whether the target file passes the inspection according to the inspection result file;
if the check is passed, saving the target file and the check result file in the shared data volume in a preset directory of the operating system;
checking whether a target file in the shared data volume executes in the container;
if so, generating a container restart file, and storing the container restart file in the shared data volume;
and when monitoring that a container restart file is newly added in the shared data volume, restarting the container according to the newly added container restart file.
2. The method of claim 1, wherein the step of inspecting the target file comprises:
checking the integrity of the target file to generate integrity information, and checking the size of the target file to generate file size information;
determining the type of a target file;
if the target file type is an installation package file, performing security check and installation dependence check on the target file to generate security information and installation dependence information;
if the type of the target file is an executable file, performing security check on the target file to generate security information;
generating an inspection result file based on the integrity information, the file size information, the security information, and the installation dependency information.
3. The method of any one of claims 1-2, wherein the step of saving the target file and the check result file in the shared data volume under a predetermined directory of an operating system comprises:
acquiring the target file and the check result file from the shared data volume;
and judging whether the information in the check result file corresponding to the target file contains one or more types of attribute information in the file saving attribute list, and if so, saving the check result file and the target file in a preset directory of the operating system.
4. An inspection system, disposed on an operating system, comprising:
sharing the data volume;
the container is connected with the shared data volume and is suitable for detecting whether an externally imported target file is newly added in the shared data volume, if so, the target file is checked to generate a check result file, and the check result file is stored in the shared data volume; the container is further adapted to check whether a target file in the shared data volume is executed in the container, and if so, generate a container reboot file and store the container reboot file in the shared data volume;
the supervision module is connected with the shared data volume and the container and is suitable for determining whether the target file passes the inspection according to the inspection result file in the shared data volume; the monitoring module is further suitable for restarting the container according to the newly added container restart file when monitoring that the container restart file is newly added in the shared data volume so as to initialize the container; and
and the file export module is connected with the supervision module and the shared data volume and is suitable for storing the target file and the inspection result file in the shared data volume in a preset directory of the operating system after the target file passes the inspection.
5. The inspection system of claim 4, wherein the file export module is further adapted to:
acquiring the target file and the check result file from the shared data volume;
and judging whether the information in the check result file corresponding to the target file contains one or more types of attribute information in the file saving attribute list, and if so, saving the check result file and the target file in a preset directory of the operating system.
6. An inspection system according to any one of claims 4 to 5, wherein the supervision module is adapted to:
monitoring whether a file is newly added in the shared data volume, and determining the type of the newly added file;
if the type of the newly added file is the check result file, determining whether the target file passes the check according to the check result file;
and if the type of the newly added file is the container restart file, restarting the container according to the newly added container restart file.
7. A computing device, comprising:
at least one processor; and
a memory storing program instructions, wherein the program instructions are configured to be adapted to be executed by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 1-3.
8. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method of any of claims 1-3.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111291897.4A CN113722715B (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
| CN202210061788.1A CN114398639A (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111291897.4A CN113722715B (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210061788.1A Division CN114398639A (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113722715A CN113722715A (en) | 2021-11-30 |
| CN113722715B true CN113722715B (en) | 2022-02-25 |
Family
ID=78686631
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111291897.4A Active CN113722715B (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
| CN202210061788.1A Pending CN114398639A (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210061788.1A Pending CN114398639A (en) | 2021-11-03 | 2021-11-03 | Imported file checking method, checking system and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN113722715B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106909420A (en) * | 2017-02-16 | 2017-06-30 | 杭州迪普科技股份有限公司 | A kind of file introduction method and device |
| CN112565366A (en) * | 2020-11-27 | 2021-03-26 | 平安普惠企业管理有限公司 | Distributed file importing method, device, equipment and storage medium |
| CN113449291A (en) * | 2021-08-30 | 2021-09-28 | 统信软件技术有限公司 | File import method and device, computing equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7392263B2 (en) * | 2005-02-28 | 2008-06-24 | Microsoft Corporation | File system represented inside a database |
-
2021
- 2021-11-03 CN CN202111291897.4A patent/CN113722715B/en active Active
- 2021-11-03 CN CN202210061788.1A patent/CN114398639A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106909420A (en) * | 2017-02-16 | 2017-06-30 | 杭州迪普科技股份有限公司 | A kind of file introduction method and device |
| CN112565366A (en) * | 2020-11-27 | 2021-03-26 | 平安普惠企业管理有限公司 | Distributed file importing method, device, equipment and storage medium |
| CN113449291A (en) * | 2021-08-30 | 2021-09-28 | 统信软件技术有限公司 | File import method and device, computing equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113722715A (en) | 2021-11-30 |
| CN114398639A (en) | 2022-04-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109062617B (en) | Application method of platform supporting multiple types of equipment and mobile terminal | |
| KR101880375B1 (en) | Segregating executable files exhibiting network activity | |
| CN104008340B (en) | Virus scanning and killing method and device | |
| KR101434102B1 (en) | Providing authenticated anti-virus agents a direct access to scan memory | |
| CN108847950B (en) | Electronic device, cloud system software automatic deployment method and storage medium | |
| US10019598B2 (en) | Dynamic service discovery | |
| CN105786538B (en) | software upgrading method and device based on android system | |
| WO2019072008A1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| CN107808096B (en) | method for detecting malicious codes injected during APK running, terminal equipment and storage medium | |
| CN111428241B (en) | Multi-security access policy control method and computing device | |
| JP2009238153A (en) | Malware handling system, method, and program | |
| CN107567629A (en) | Dynamic firmware module loader in credible performing environment container | |
| CN110515671B (en) | Initialization method, initialization device, terminal device and readable storage medium | |
| CN107967192B (en) | System crash processing method and device for intelligent terminal | |
| CN113204385A (en) | Plug-in loading method and device, computing equipment and readable storage medium | |
| CN113722715B (en) | Imported file checking method, checking system and computing equipment | |
| CN113396391B (en) | Application program starting method and device, electronic equipment and storage medium | |
| CN108959915B (en) | Rootkit detection method, rootkit detection device and server | |
| CN109408265B (en) | IOS abnormal operation protection method and device, terminal equipment and storage medium | |
| CN109144595B (en) | Method and device for starting assembly based on plug-in framework | |
| CN110442380B (en) | Data preheating method and computing equipment | |
| CN114936368A (en) | Java memory Trojan detection method, terminal device and storage medium | |
| CN112685744B (en) | Method and device for detecting software bugs by using stack-related registers | |
| CN107330327B (en) | Infected file detection method, server, processing method, device and detection system | |
| CN112379943A (en) | Plug-in application method and device of Electron application program and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |