CN114238988A - Computer interface control method and device and electronic equipment - Google Patents

Computer interface control method and device and electronic equipment Download PDF

Info

Publication number
CN114238988A
CN114238988A CN202111566193.3A CN202111566193A CN114238988A CN 114238988 A CN114238988 A CN 114238988A CN 202111566193 A CN202111566193 A CN 202111566193A CN 114238988 A CN114238988 A CN 114238988A
Authority
CN
China
Prior art keywords
filter driver
bios
computer
target interface
registry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111566193.3A
Other languages
Chinese (zh)
Inventor
宋志成
黄建武
邵华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ziguang Computer Technology Co Ltd
Original Assignee
Ziguang Computer Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ziguang Computer Technology Co Ltd filed Critical Ziguang Computer Technology Co Ltd
Priority to CN202111566193.3A priority Critical patent/CN114238988A/en
Publication of CN114238988A publication Critical patent/CN114238988A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a computer interface control method, a device and electronic equipment, wherein the method comprises the following steps: starting a computer, controlling a target interface through a BIOS, and simultaneously releasing a filter driver and registering a registry through a filter driver registration program and a filter driver file embedded in the BIOS; after the operating system is entered and the filter driver is started, the BIOS is informed to interrupt the control authority of the target interface, and the filter driver is started to control the target interface. The technical scheme provided by the invention can improve the flexibility of managing the computer interface on the premise of ensuring the control safety of the computer interface.

Description

Computer interface control method and device and electronic equipment
Technical Field
The invention relates to the field of computer drive design, in particular to a computer interface control method and device and electronic equipment.
Background
With the popularization of informatization, Personal Computers (PCs) bring convenience to production and life, and meanwhile, countless security events including network attacks, data leakage, virus trojans and the like are also caused. The network security and the data security are not only concerned with individuals and enterprises, but also with the national security. The USB and other interfaces of the computer are usually effective channels for computer virus transmission, more and more enterprises and individuals carry out access limitation on the interfaces (namely hardware interfaces) of the internal computer, the technology for limiting the interfaces usually comprises BIOS control and filter drive control, and the BIOS control has the advantages that no matter what operating system is installed on the PC, access control of interface equipment can be carried out, and leaks are difficult to drill. The filter driver is a special device driver, works on the upper layer or the lower layer of the function driver, intercepts requests sent to or returned from the device, is used for access control or device enhancement under the condition of not modifying the device function driver, and can be configured with various control strategies, such as a mode of only releasing a keyboard and a mouse, a mode of only intercepting the write operation of the USB storage device, a mode of intercepting the USB device with a specified model and the like, but a user can disable the filter driver by deleting a registry entry in an operating system. Therefore, how to improve the flexibility of managing computer interfaces on the premise of ensuring the control security of the computer interfaces is an urgent problem to be solved.
Disclosure of Invention
In view of this, embodiments of the present invention provide a computer interface control method, apparatus, and electronic device, so that on the premise of ensuring the control security of a computer interface, the flexibility of managing the computer interface is improved.
According to a first aspect, the present invention provides a computer interface control method, the method comprising: starting a computer, controlling a target interface through a BIOS, and simultaneously releasing a filter driver and registering a registry through a filter driver registration program and a filter driver file embedded in the BIOS; and after the operating system is entered and the filter driver is started, informing a BIOS of interrupting the control authority of the target interface, and starting the filter driver to control the target interface.
Optionally, the method further comprises: after an operating system is entered and a filter driver is started, monitoring a registry key of the filter driver by calling a registry callback function in a system kernel; and if the registry key is changed, restoring the registry key to an initial state through the registry callback function.
Optionally, the releasing the filter driver and registering the registry through the filter driver registration program and the filter driver file embedded in the BIOS includes: releasing a filter driver registration program embedded in the BIOS to a first preset path through a Windows platform binary table and starting the filter driver registration program; and releasing the filter driver file embedded in the BIOS to a second preset path through the filter driver registration program, and registering the registration item of the filter driver file in a registry.
Optionally, the notifying the BIOS to interrupt the control authority of the target interface and enable the filter driver to control the target interface includes: sending an interrupt message to a BIOS through a system management interrupt interface so that the BIOS verifies the interrupt message, and interrupting the control authority of the target interface when the interrupt message passes the verification; and trying to control the target interface at a preset frequency through the filter driver so as to enable the filter driver to take over the control authority of the target interface when the control authority of the BIOS is interrupted.
Optionally, the controlling the target interface by the BIOS includes: when the external device accessed by the target interface is a storage type device, the communication connection between the external device and the computer is intercepted through the BIOS.
Optionally, the enabling the filter driver to control the target interface includes: and allowing the communication connection between the external equipment and the computer, monitoring the operation type of the external equipment, and intercepting the write operation of the external equipment when the operation type of the external equipment to the computer is write operation.
Optionally, the enabling the filter driver to control the target interface further includes: when the device ID of the external device is a trust ID preset by the filter driver, allowing the write operation of the external device.
According to a second aspect, the present invention provides a computer interface control apparatus, the apparatus comprising: the BIOS control module is used for starting a computer, controlling a target interface through the BIOS and releasing the filter driver and registering a registry through a filter driver registration program and a filter driver file which are embedded in the BIOS; and the filter driver control module is used for informing a BIOS of interrupting the control authority of the target interface after the filter driver is started, and starting the filter driver to control the target interface.
According to a third aspect, an embodiment of the present invention provides an electronic device, including: a memory and a processor, the memory and the processor being communicatively coupled to each other, the memory having stored therein computer instructions, and the processor performing the method of the first aspect, or any one of the optional embodiments of the first aspect, by executing the computer instructions.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to thereby perform the method of the first aspect, or any one of the optional implementation manners of the first aspect.
The technical scheme provided by the application has the following advantages:
the technical scheme provided by the application includes that when a computer is started, a target interface is strongly controlled through a BIOS, the target interface is limited to only use a mouse and a keyboard or only allow external equipment to execute strategies such as reading operation and the like, when the computer enters an operating system and a filter driver is started, the BIOS is informed to interrupt the control authority of the target interface, the filter driver is used for controlling the target interface, so that various control strategy configurations of the target interface are realized, the flexibility of managing the target interface is improved, in order to avoid the removal of the registry key of the filter driver from the registry by external personnel, a register program of the filter driver and a filter driver file are embedded in the BIOS, the filter driver register program embedded in the BIOS is automatically operated before the computer is started to enter the operating system every time, the filter driver file is released, and the registry key of the filter driver is added into the registry to complete the registration of the registry, therefore, the difficulty of removing the filter driver registry key by external personnel is improved, the external personnel needs to realize the modification of the registration program and the filter driver file of the filter driver embedded in the BIOS on the kernel layer, the operation difficulty is quite high, and the flexibility of managing the computer interface is improved on the premise of ensuring the control safety of the computer interface.
In addition, in an embodiment of the present invention, after entering the operating system, the registry callback function in the system kernel is also called to monitor the filter-driven registry key, and if the registry key is changed, the registry key is restored to the initial state through the registry callback function. Through the operation, even if an external person removes the registry key from the user layer of the operating system, the callback function can be immediately recovered, so that the removal of the external person fails. If an external person wants to close the callback function, the callback function needs to be modified in the kernel layer, and the operation difficulty is quite high, so that the safety of computer interface control is further improved.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and not to be construed as limiting the invention in any way, and in which:
FIG. 1 is a schematic diagram illustrating the steps of a computer interface control method according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating an example of a computer interface control method in one embodiment of the invention;
FIG. 3 is a flow chart illustrating a computer interface control method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer interface control apparatus according to an embodiment of the present invention;
fig. 5 shows a schematic structural diagram of an electronic device in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings of the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1 and fig. 2, in an embodiment, a computer interface control method specifically includes the following steps:
step S101: and starting the computer, controlling the target interface through the BIOS, and simultaneously releasing the filter driver and registering the registry through a filter driver registration program and a filter driver file embedded in the BIOS.
Step S102: after the operating system is entered and the filter driver is started, the BIOS is informed to interrupt the control authority of the target interface, and the filter driver is started to control the target interface.
Specifically, before the computer is booted and enters the operating system, the target interface is strongly controlled by the BIOS, for example: and the target interface is limited to only use mouse and keyboard or only allow external equipment to execute strategies such as reading operation and the like. Because the control mode is set on the BIOS interface, the embodiment of the invention also sets the access password for the BIOS to prevent malicious tampering. After the operating system is entered and the filter driver is started, the BIOS is informed to interrupt the control authority of the BIOS on the target interface, and the filter driver is used for controlling the target interface, so that various control strategy configurations of the target interface are realized, and the flexibility of managing the target interface is improved. Taking a USB interface as an example, there are two types of filter driver starting occasions, the first is to register a filter driver for the first time, such as reinstalling a system, resetting the system, etc., before restarting, a first USB device needs to be inserted to start, and once started, the first USB device will not stop; the second is that the filter driver is already registered, and in the initial boot stage of the system startup, the filter driver will start early (earlier than the filter driver registration procedure) with the USB controller due to the existence of the built-in USB controller (also a USB device).
The computer operating system used by the outsider belongs to the win32 subsystem, belongs to the user level, and the outsider can find the registry key of the filter driver in the registry and remove the registry key, so that the filter driver fails. In this embodiment, in order to avoid the removal of the registry key of the filter driver from the registry by external personnel, the registry program of the filter driver and the filter driver file are embedded in the BIOS, and before the operating system is started each time, the filter driver registry program embedded in the BIOS is automatically run, the filter driver file is released, and the registry key of the filter driver is added to the registry to complete the registration of the registry, so that the removal difficulty of the filter driver registry key by the external personnel is improved, and the security of computer interface management is improved.
In this embodiment, the specific steps of step S101 are as follows:
the method comprises the following steps: and releasing the filter driver registration program embedded in the BIOS to a first preset path through a Windows platform binary table and starting.
Step two: and releasing the filter driver file embedded in the BIOS to a second preset path through a filter driver registration program, and registering the registration item of the filter driver file in a registry.
In particular, in the embodiment, the computer interface management is applied to the computer environment of the windows operating system, in the environment, firstly, the drive file of the filter drive and native App (local application, namely filter drive register program) responsible for registering the filter drive are embedded in the BIOS, after the operating system is started, the native app automatically releases and executes through a WPBT (Windows Platform Binary Table) technology, reads and releases the drive file stored in the BIOS to the hard disk, and performs filter-driven registration, WPBT is a component that most windows computers carry itself, configurable by BIOS, the main function of WPBT is to allow critical software to persist, the WPBT functionality provides the ability for certain software to be reinstalled into an operating system and continue to work as intended, even if the operating system has changed or is reinstalled in a "clean" configuration. According to the method and the device, the registration program and the drive file of the filter driver are embedded in the BIOS by means of the WPBT characteristic, so that the filter driver can be reinstalled and registered once through the WPBT technology when the computer is started up, no matter whether the filter driver exists in the computer or not, and even if the registry key is removed in a WinPE environment, the system can be registered again after being started. The difficulty of removing the filter driving registry key by external personnel is improved. Under Windows, a driver service item is added first, then in a registry interface installation class item (for example, a USB installation class item), a driver service name is added to an UpperFilters key value, so that the registration of a filter driver is completed, and a user inserts an external device corresponding to a target interface to automatically load the filter driver.
As shown in fig. 3, in the present embodiment, the specific operation steps of the step S102 are as follows:
step three: and sending an interrupt message to the BIOS through the system management interrupt interface so that the BIOS verifies the interrupt message, and interrupting the control authority of the target interface when the interrupt message passes the verification.
Step four: and trying to control the target interface at a preset frequency through the filter driver so as to enable the filter driver to take over the control authority of the target interface when the control authority of the BIOS is interrupted.
Specifically, in this embodiment, after the operating system is started and the filter driver is started, the operating system actively communicates with the BIOS to notify the BIOS whether the filter driver is enabled, and if not, the filter driver is controlled by the BIOS, and if so, the filter driver is controlled by the filter driver. The specific communication mode is that the filter driver writes data into an I/O port of an SMI (System Management interrupt, which is a type of function interface in a kernel System), generates an SMI interrupt message (usually a string code), and after receiving the interrupt message, the BIOS checks the interrupt message, for example, determines whether the string code is incorrect, and if the string code is incorrect, the BIOS stops controlling the target interface.
Specifically, in an embodiment, a computer interface control method further includes the following steps:
step five: after the operating system is entered and the filter driver is started, the registry callback function in the system kernel is called to monitor the registry key of the filter driver.
Step six: if the registry key is changed, the registry key is restored to the initial state through a registry callback function.
Specifically, since the registration of the filter driver is implemented by adding the registry key and the key value, the user can delete the registry key manually in the operating system, so that the driver is not controlled any more after the device such as the USB is inserted, and therefore the self-protection of the filter driver, that is, the registry protection, is performed in this embodiment. By adding a callback function mechanism to the filter driver, registering a registry callback function (calling a kernel function ObRegisterCallbacks) in an ObjectHook mode, monitoring interfaces such as a computer USB and the like, installing an uppertofilters key value and a filter driver service item, and immediately repairing the registry once the registry item is detected to be modified. Since the filtering driver works on the kernel level and does not belong to the same subsystem as the user layer (win32 subsystem) used by external personnel, the external personnel cannot directly remove the registry protection on the user layer, and the registry operation on the user layer is intercepted, thereby realizing self-protection. If an external person wants to intercept the operation of the callback function, the work of writing another driver into the kernel layer to intercept the filter driver is needed, and the operation difficulty is quite large. Therefore, based on the steps, the computer interface control method provided by the invention ensures that removal of the filter driver before and after system start can be solved or intercepted through double protection of WPBT technology and registry protection, thereby ensuring normal operation of the filter driver and improving the safety of the computer management interface.
Specifically, in one embodiment, a method for managing a computer interface via a BIOS and a filter driver includes the steps of:
step seven: when the BIOS manages the target interface, when the external device accessed by the target interface is a storage type device, the BIOS intercepts the communication connection between the external device and the computer.
Step eight: when the filter driver manages the target interface, the communication connection between the external equipment and the computer is allowed, the operation type of the external equipment is monitored, and when the operation type of the external equipment to the computer is write operation, the write operation of the external equipment is intercepted.
Specifically, in this embodiment, when the BIOS manages the target interface, when it is determined that the external device connected to the target interface is a storage-type device, that is, it is determined that the device is at risk of inputting a virus program into the computer through the target interface, the communication connection between the external device and the computer is intercepted, and the security of the computer is ensured. In this case, only devices such as a mouse and a keyboard which have no storage and no output transmission are allowed to be connected. After the operating system is entered, the task of managing the target interface is switched to be executed by the filter driver, the filter driver allows the connection of external equipment including storage equipment, but the external equipment cannot write the computer and can only read the computer, so that virus programs are prevented from entering the computer through the target interface, and the flexibility of managing the target interface is improved on the premise of ensuring the safety of the interface.
In addition, in another embodiment, managing the target interface by the filter driver further comprises the steps of:
step nine: when the device ID of the external device is the trust ID preset by the filter driver, the write operation of the external device is allowed. Specifically, in contrast to BIOS control, the filter driver may receive application layer policies, such as serial number, model number, etc. policy control, satisfying customization requirements. In this embodiment, the device ID of the filter driver adding external device is set as the information ID, and when the device ID of a certain external device is successfully matched with the information ID, the device can be allowed to perform write operation, thereby further improving the flexibility of computer interface management.
Through the steps, the technical scheme provided by the application is that before a computer is started and enters an operating system, a target interface is strongly controlled through a BIOS, the target interface is limited to only use a mouse and a keyboard or only allow external equipment to execute strategies such as reading operation and the like, when the computer enters the operating system and a filter driver is started, the BIOS is informed to interrupt the control authority of the target interface, the filter driver is used for controlling the target interface, so that various control strategy configurations of the target interface are realized, the flexibility of managing the target interface is improved, in order to avoid the registry key of the filter driver being removed from the registry by external personnel, the register program of the filter driver and the filter driver file are embedded in the BIOS, the filter driver register program embedded in the BIOS is automatically operated before the computer is started and enters the operating system every time, the filter driver file is released and the registry key of the filter driver is added into the registry to complete the registration of the registry, therefore, the difficulty of removing the filter driver registry key by external personnel is improved, the external personnel needs to realize the modification of the registration program and the filter driver file of the filter driver embedded in the BIOS on the kernel layer, the operation difficulty is quite high, and the flexibility of managing the computer interface is improved on the premise of ensuring the control safety of the computer interface.
In addition, in an embodiment of the present invention, after entering the operating system, the registry callback function in the system kernel is also called to monitor the filter-driven registry key, and if the registry key is changed, the registry key is restored to the initial state through the registry callback function. Through the operation, even if an external person removes the registry key from the user layer of the operating system, the callback function can be immediately recovered, so that the removal of the external person fails. If an external person wants to close the callback function, the callback function needs to be modified in the kernel layer, and the operation difficulty is quite high, so that the safety of computer interface control is further improved.
As shown in fig. 4, the present embodiment further provides a computer interface control apparatus, including:
the BIOS control module 101 is configured to start a computer, control a target interface through the BIOS, and release a filter driver and register a registry through a filter driver registration program and a filter driver file embedded in the BIOS. For details, refer to the related description of step S101 in the above method embodiment, and no further description is provided here.
And the filter driver control module 102 is configured to notify the BIOS to interrupt the control authority of the target interface and enable the filter driver to control the target interface after the operating system is entered and the filter driver is started. For details, refer to the related description of step S102 in the above method embodiment, and no further description is provided here.
The computer interface control apparatus provided in the embodiment of the present invention is configured to execute the computer interface control method provided in the above embodiment, and the implementation manner and the principle thereof are the same, and details of the implementation manner are described in the above method embodiment and are not described again.
Through the above-mentioned cooperative cooperation of the respective components,
the technical scheme provided by the application is that a target interface is strongly controlled by a BIOS before a computer is started to enter an operating system, the target interface is limited to only use a mouse and a keyboard or only allow external equipment to execute strategies such as reading operation and the like, when the computer enters the operating system and a filter driver is started, the BIOS is informed to interrupt the control authority of the target interface, the filter driver is used for controlling the target interface, thereby realizing the configuration of various control strategies of the target interface, improving the flexibility of managing the target interface, embedding a filter driver registration program and a filter driver file into the BIOS in order to avoid the removal of the filter driver registration list items from a registration list by external personnel, automatically operating the filter driver registration program embedded into the BIOS before the computer is started to enter the operating system every time, releasing the filter driver file and adding the filter driver registration list items into the registration list to complete the registration of the registration list, therefore, the difficulty of removing the filter driver registry key by external personnel is improved, the external personnel needs to realize the modification of the registration program and the filter driver file of the filter driver embedded in the BIOS on the kernel layer, the operation difficulty is quite high, and the flexibility of managing the computer interface is improved on the premise of ensuring the control safety of the computer interface.
In addition, in an embodiment of the present invention, after entering the operating system, the registry callback function in the system kernel is also called to monitor the filter-driven registry key, and if the registry key is changed, the registry key is restored to the initial state through the registry callback function. Through the operation, even if an external person removes the registry key from the user layer of the operating system, the callback function can be immediately recovered, so that the removal of the external person fails. If an external person wants to close the callback function, the callback function needs to be modified in the kernel layer, and the operation difficulty is quite high, so that the safety of computer interface control is further improved.
Fig. 5 shows an electronic device according to an embodiment of the present invention, where the device includes a processor 901 and a memory 902, which may be connected via a bus or in another manner, and fig. 5 illustrates an example of a connection via a bus.
Processor 901 may be a Central Processing Unit (CPU). The Processor 901 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 902, which is a non-transitory computer-readable storage medium, may be used to store non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the methods in the above-described method embodiments. The processor 901 executes various functional applications and data processing of the processor by executing non-transitory software programs, instructions and modules stored in the memory 902, that is, implements the methods in the above-described method embodiments.
The memory 902 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 901, and the like. Further, the memory 902 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 902 may optionally include memory located remotely from the processor 901, which may be connected to the processor 901 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more modules are stored in the memory 902, which when executed by the processor 901 performs the methods in the above-described method embodiments.
The specific details of the electronic device may be understood by referring to the corresponding related descriptions and effects in the above method embodiments, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, and the implemented program can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD) or a Solid State Drive (SSD), etc.; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.

Claims (10)

1. A computer interface control method, the method comprising:
starting a computer, controlling a target interface through a BIOS, and simultaneously releasing a filter driver and registering a registry through a filter driver registration program and a filter driver file embedded in the BIOS;
and after the operating system is entered and the filter driver is started, informing a BIOS of interrupting the control authority of the target interface, and starting the filter driver to control the target interface.
2. The method of claim 1, further comprising:
after an operating system is entered and a filter driver is started, monitoring a registry key of the filter driver by calling a registry callback function in a system kernel;
and if the registry key is changed, restoring the registry key to an initial state through the registry callback function.
3. The method of claim 1, wherein the releasing the filter driver and the registering the registry through the filter driver registry and the filter driver file embedded in the BIOS comprises:
releasing a filter driver registration program embedded in the BIOS to a first preset path through a Windows platform binary table and starting the filter driver registration program;
and releasing the filter driver file embedded in the BIOS to a second preset path through the filter driver registration program, and registering the registration item of the filter driver file in a registry.
4. The method of claim 1, wherein notifying the BIOS to interrupt the control authority of the target interface and enabling the filter driver to control the target interface comprises:
sending an interrupt message to a BIOS through a system management interrupt interface so that the BIOS verifies the interrupt message, and interrupting the control authority of the target interface when the interrupt message passes the verification;
and trying to control the target interface at a preset frequency through the filter driver so as to enable the filter driver to take over the control authority of the target interface when the control authority of the BIOS is interrupted.
5. The method of claim 1, wherein controlling the target interface via the BIOS comprises:
when the external device accessed by the target interface is a storage type device, the communication connection between the external device and the computer is intercepted through the BIOS.
6. The method of claim 5, wherein enabling the filter driver to control the target interface comprises:
and allowing the communication connection between the external equipment and the computer, monitoring the operation type of the external equipment, and intercepting the write operation of the external equipment when the operation type of the external equipment to the computer is write operation.
7. The method of claim 6, wherein the enabling the filter driver controls the target interface, further comprising:
when the device ID of the external device is a trust ID preset by the filter driver, allowing the write operation of the external device.
8. A computer interface control apparatus, the apparatus comprising:
the BIOS control module is used for starting a computer, controlling a target interface through the BIOS and releasing the filter driver and registering a registry through a filter driver registration program and a filter driver file which are embedded in the BIOS;
and the filter driver control module is used for informing the BIOS of interrupting the control authority of the target interface and starting the filter driver to control the target interface after the operating system is entered and the filter driver is started.
9. An electronic device, comprising:
a memory and a processor communicatively coupled to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method of any of claims 1-7.
10. A computer-readable storage medium having stored thereon computer instructions for causing a computer to thereby perform the method of any one of claims 1-7.
CN202111566193.3A 2021-12-20 2021-12-20 Computer interface control method and device and electronic equipment Pending CN114238988A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111566193.3A CN114238988A (en) 2021-12-20 2021-12-20 Computer interface control method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111566193.3A CN114238988A (en) 2021-12-20 2021-12-20 Computer interface control method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN114238988A true CN114238988A (en) 2022-03-25

Family

ID=80759744

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111566193.3A Pending CN114238988A (en) 2021-12-20 2021-12-20 Computer interface control method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN114238988A (en)

Similar Documents

Publication Publication Date Title
US10326841B2 (en) Remote data securement on mobile devices
US7409719B2 (en) Computer security management, such as in a virtual machine or hardened operating system
US20110239306A1 (en) Data leak protection application
US8413253B2 (en) Protecting persistent secondary platform storage against attack from malicious or unauthorized programs
US8402539B1 (en) Systems and methods for detecting malware
US10783041B2 (en) Backup and recovery of data files using hard links
US9245122B1 (en) Anti-malware support for firmware
WO2001026276A1 (en) Method and system for providing data security in a file system monitor with stack positioning
CN105122260A (en) Context based switching to a secure operating system environment
EP3623978B1 (en) Computer having isolated user computing unit
EP3079057B1 (en) Method and device for realizing virtual machine introspection
JP4671418B2 (en) Method for managing secondary storage device in user terminal and user terminal
WO2014210144A1 (en) Systems and methods for directing application updates
US20110047305A1 (en) Apparatus and method for securing data of usb devices
WO2021169106A1 (en) Trusted startup method and apparatus, electronic device and readable storage medium
US10613897B1 (en) Systems and methods for creating program-specific execution environments
US11366903B1 (en) Systems and methods to mitigate stalkerware by rendering it useless
CN114238988A (en) Computer interface control method and device and electronic equipment
CN115344834A (en) Application safe operation method and device, electronic equipment and computer readable medium
US7103783B1 (en) Method and system for providing data security in a file system monitor with stack positioning
US10354081B1 (en) Protection of interprocess communications in a computer
US20220374534A1 (en) File system protection apparatus and method in auxiliary storage device
KR100959277B1 (en) A system for preventing mbr(master boot record) attack of malicious codes using a control list at the kernel level and the computer-readable recording medium having recording the program thereof
Kehe et al. Design and implementation of Mandatory Hardware Confirming Control model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination