CN115048343A - File isolation method based on process granularity under Windows - Google Patents
File isolation method based on process granularity under Windows Download PDFInfo
- Publication number
- CN115048343A CN115048343A CN202210758799.5A CN202210758799A CN115048343A CN 115048343 A CN115048343 A CN 115048343A CN 202210758799 A CN202210758799 A CN 202210758799A CN 115048343 A CN115048343 A CN 115048343A
- Authority
- CN
- China
- Prior art keywords
- file
- control program
- path
- client process
- driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 114
- 238000002955 isolation Methods 0.000 title claims abstract description 15
- 238000004140 cleaning Methods 0.000 claims abstract description 7
- 238000012950 reanalysis Methods 0.000 claims abstract description 7
- 238000012544 monitoring process Methods 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 16
- 238000001914 filtration Methods 0.000 claims description 4
- 238000011084 recovery Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/16—File or folder operations, e.g. details of user interfaces specifically adapted to file systems
- G06F16/162—Delete operations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/17—Details of further file system functions
- G06F16/1734—Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/542—Event management; Broadcasting; Multicasting; Notifications
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Human Computer Interaction (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Mathematical Physics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a process granularity-based file isolation method under Windows, which comprises the steps of generating a new file path according to a redirect file path name generation rule, wherein the newly generated file path is under a redirect folder specified by a control program; detecting whether a file exists under the path of the new file, and if so, re-analyzing and redirecting the file to the file through the path name; if the file operation does not exist, whether the file operation is a read related operation or a write related operation is detected, and if the file operation is the read related operation, the file operation is directly released; if the operation is write-related operation, the original file is firstly copied to a newly generated file path, and then the operation of the file is redirected to the file through path reanalysis. The invention is based on the file redirection of the process granularity, has flexible control, can carry out file backup and cleaning based on the user process, and does not need to restart the machine; the resource utilization rate is improved, and multi-user processes can run on the same machine.
Description
Technical Field
The invention relates to the technical field of cloud services, in particular to a process granularity-based file isolation method under Windows.
Background
Resources on the cloud are used by multiple users, and when the users use the resources, the isolation protection of user file data is needed; after the user releases the resources, the data of the user needs to be backed up and cleaned. The prior art has the following defects:
1. the file data of the user process is not isolated, and the data is visible to the whole system;
2. it can restore data and files to some original state, but the restoration is for the whole system, the control granularity is not according to the client process;
3. the system needs to be restarted to recover.
Accordingly, the prior art is deficient and needs improvement.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: a file isolation method based on process granularity under Windows is provided to solve the problems mentioned in the background technology.
The technical scheme of the invention is as follows: the file isolation method based on the process granularity under Windows is provided and is based on three modules, namely a control program, a communication interface and a driving program; the driver is used for calling back the client process and monitoring the creation and exit of the client process; the communication interface is used for communication between the control program and the driving program; the control program is used for creating event notification and relevant configuration information and sending monitored process information and relevant configuration information to the driver; comprises the following steps.
S1: starting a driver: creating a communication interface; registering a client process callback, and monitoring the creation and exit of the client process; filtering the registered files, and monitoring the operation of the files; and captures the operation of the file.
S2: starting a control program: the control program realizes communication with the driving program through a communication interface; and transmitting the monitored client process information, the path information and the related configuration information to a driver, and converting the client process information, the path information and the related configuration information into equipment path information after the driver receives the client process information, the path information and the related configuration information.
S3: the control program starts the client process.
S4: the driver judges whether the client process is required to be monitored according to the information of the client process sent by the control program; and if the client process is not the client process needing monitoring, not adding the monitoring list.
S5: the driver listens for operations on the file in the client process that is added to the watch list.
If the operation of the file is: the File operation is initiated from a kernel mode, is not opened/created, is a Page File File opened, is a volume device opened, is a folder as an object of the File operation, is opened through a File ID, is a folder opened, is not initiated by a monitored process, is directed to a system File, and is directly released when the object of the File operation is located under a redirection directory.
If the operation of the file is not the above operation, firstly, generating a new file path according to a redirection file path name generation rule, wherein the newly generated file path is under a redirection folder specified by a control program; detecting whether a file exists under the path of the new file, and if so, re-analyzing and redirecting the file to the file through the path name; if the file operation does not exist, whether the file operation is a read related operation or a write related operation is detected, and if the file operation is the read related operation, the file operation is directly released; if the operation is write-related operation, the original file is firstly copied to a newly generated file path, and then the operation of the file is redirected to the file through path reanalysis.
If the client process still has the operation of the file, the step is repeated.
S6: the client process exits and the control program is responsible for user data cleaning and backup.
For the write-related operation, the original file is copied to the newly generated file path, and then the operation of the file is redirected to the file through path reparse. The file is backed up, so that the file can be effectively isolated and cleaned after the file is finished, and a machine does not need to be restarted; the resource utilization rate is improved, and multiple user processes can run on the same machine; the granularity is protected from being refined, each user has a set of file data of the user without mutual interference, and the independence and the privacy of the file data of the user are protected; the source file is not modified, and file backup, cleaning and recovery are facilitated.
In the Windows kernel development, all requests are sent to devices, and the devices adopt a layered structure to form a device stack. When a request is sent, the device at the uppermost layer processes the request, and the processing of the request can be completed directly according to specific situations, or the request can be forwarded to the device at the next layer, and the device at the lower layer processes the request. This gives the devices in the middle tier an opportunity to process or modify the request at one time. Opening, reading and writing of the file are finally converted into a request and sent to the device stack for processing. The scheme is a file filtering request and also exists in a certain layer in the equipment stack, so that the request can be intercepted and modified, the purpose of the scheme is achieved, and the technical problem to be solved by the scheme is solved.
In step S2, the method further includes: the control program creates a notification event and sends the notification event to the driver program to receive the notification reported by the driver program; in step S4, the method further includes: if the control program creates a notification event, the driver feeds back to the control program information of whether the client process has added the watch list.
In step S5, if the operation of the file is a write-related operation, the method further includes: and performing corresponding operation according to the configuration information of the control program: if the control program requires to notify the event, the control program is notified, the control program waits for the feedback result of the control program, and then the file is redirected according to the feedback result; if the control program does not require the notification of the event, the operation is carried out according to the existence of the file; if the new file path generated according to the rule exists under the redirection directory, file redirection is carried out; if the file does not exist, the original file is copied to a newly generated file path, and then the operation of the file is redirected to the file through path reanalysis.
In step S6, when the client process exits, the driver clears the memory data and resources associated with the client process.
In step S6, the method further includes: if the control process creates a notification event, the driver notifies the control program that the client process is exited.
By adopting the scheme, the invention provides the process granularity-based file isolation method under Windows, the file redirection based on the process granularity is realized, the control is flexible, the file backup and cleaning can be realized based on the user process, and the machine does not need to be restarted; the resource utilization rate is improved, and multiple user processes can run on the same machine; the granularity is protected from being refined, each user has a set of file data of the user without mutual interference, and the independence and the privacy of the file data of the user are protected; the source file is not modified, and file recovery is facilitated.
Drawings
FIG. 1 is a flowchart of a method according to an embodiment of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and the specific embodiments.
Referring to fig. 1, the embodiment provides a file isolation method based on process granularity under Windows, which is based on three modules, namely a control program, a communication interface and a driver; the driver is used for calling back the client process and monitoring the creation and exit of the client process; the communication interface is used for communication between the control program and the driving program; the control program is used for creating event notification and relevant configuration information and sending monitored process information and relevant configuration information to the driver; comprises the following steps.
S1: starting a driver: creating a communication interface; registering a client process callback, and monitoring the creation and exit of the client process; filtering the registered files, and monitoring the operation of the files; and captures the operation of the file.
S2: starting a control program: the control program realizes communication with the driving program through a communication interface; and transmitting the monitored client process information, the path information and the related configuration information to a driver, and converting the client process information, the path information and the related configuration information into equipment path information after the driver receives the client process information, the path information and the related configuration information.
S3: the control program starts the client process.
S4: the driver judges whether the client process is required to be monitored according to the information of the client process sent by the control program; and if the client process is not the client process needing monitoring, not adding the monitoring list.
S5: the driver listens for operations on the file in the client process that is added to the watch list.
If the operation of the file is: the File operation is initiated from a kernel mode, is not opened/created, is a Page File File opened, is a volume device opened, is a folder as an object of the File operation, is opened through a File ID, is a folder opened, is not initiated by a monitored process, is directed to a system File, and is directly released when the object of the File operation is located under a redirection directory.
If the operation of the file is not the above operation, firstly, generating a new file path according to a redirection file path name generation rule, wherein the newly generated file path is under a redirection folder specified by a control program; detecting whether a file exists under the path of the new file, and if so, re-analyzing and redirecting the file to the file through the path name; if the file operation does not exist, whether the file operation is a read related operation or a write related operation is detected, and if the file operation is the read related operation, the file operation is directly released; if the operation is write-related operation, the original file is firstly copied to a newly generated file path, and then the operation of the file is redirected to the file through path reanalysis.
If the client process still has the operation of the file, the step is repeated.
S6: the client process exits and the control program is responsible for user data cleaning and backup.
In step S2, the method further includes: the control program creates a notification event and sends the notification event to the driver program to receive the notification reported by the driver program; in step S4, the method further includes: if the control program creates a notification event, the driver feeds back to the control program information of whether the client process has added the watch list.
In step S5, if the operation of the file is a write-related operation, the method further includes: and performing corresponding operation according to the configuration information of the control program: if the control program requires to notify the event, the control program is notified, the control program waits for the feedback result of the control program, and then the file is redirected according to the feedback result; if the control program does not require the notification of the event, the operation is carried out according to the existence of the file; if the new file path generated according to the rule exists under the redirection directory, file redirection is carried out; if the file does not exist, the original file is copied to a newly generated file path, and then the operation of the file is redirected to the file through path reanalysis.
In step S6, when the client process exits, the driver clears the memory data and resources associated with the client process.
In step S6, the method further includes: if the control process creates a notification event, the driver notifies the control program that the client process is exited.
In summary, the invention provides a process granularity-based file isolation method under Windows, which is based on process granularity-based file redirection, flexible in control, and capable of performing file backup and cleaning based on a user process without restarting a machine; the resource utilization rate is improved, and multiple user processes can run on the same machine; the granularity is protected from being refined, each user has a set of file data of the user without mutual interference, and the independence and the privacy of the file data of the user are protected; the source file is not modified, and file recovery is facilitated.
The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (5)
1. A file isolation method based on process granularity under Windows is characterized in that the method is based on three modules of a control program, a communication interface and a driving program; the method comprises the following steps:
s1: starting a driver: creating a communication interface; registering a client process callback, and monitoring the creation and exit of the client process; filtering the registered files, and monitoring the operation of the files; capturing the operation of the file;
s2: starting a control program: the control program realizes communication with the driving program through a communication interface; the method comprises the steps that monitored client process information, path information and related configuration information are issued to a driver, and the driver receives the client process information, the path information and the related configuration information and converts the client process information, the path information and the related configuration information into equipment path information;
s3: the control program starts a client process;
s4: the driver judges whether the client process is required to be monitored according to the information of the client process sent by the control program; if the client process is the client process needing monitoring, adding the monitoring list, and if the client process is not the client process needing monitoring, not adding the monitoring list;
s5: the driver monitors the operation on the file in the client process added into the monitoring list;
if the operation of the file is: the File operation is initiated from a kernel mode, is not opened/created, is opened as a Page File, is opened as a volume device, is opened as a File operation object, is opened as a folder through a File ID, is opened as a folder, is not initiated by a monitored process, is directed to a system File, and is directly released if the File operation object is located under a redirection directory;
if the operation of the file is not the above operation, firstly, generating a new file path according to a redirection file path name generation rule, wherein the newly generated file path is under a redirection folder specified by a control program; detecting whether a file exists under the path of the new file, and if so, re-analyzing and redirecting the file to the file through the path name; if the file operation does not exist, whether the file operation is a read related operation or a write related operation is detected, and if the file operation is the read related operation, the file operation is directly released; if the operation is write-related operation, copying the original file to a newly generated file path, and then redirecting the operation of the file to the file through path reanalysis;
if the client process still has the file operation, repeating the step;
s6: the client process exits and the control program is responsible for user data cleaning and backup.
2. The method for file isolation under Windows based on process granularity as claimed in claim 1, wherein in step S2, the method further comprises: the control program creates a notification event and sends the notification event to the driver program to receive the notification reported by the driver program; in step S4, the method further includes: if the control program creates a notification event, the driver feeds back to the control program information of whether the client process has added the watch list.
3. The method for file isolation under Windows based on process granularity as claimed in claim 2, wherein in step S5, if the operation of the file is a write-related operation, the method further comprises: and performing corresponding operation according to the configuration information of the control program:
if the control program requires to notify the event, the control program is notified, the control program waits for the feedback result of the control program, and then the file is redirected according to the feedback result;
if the control program does not require the notification of the event, the operation is carried out according to the existence of the file; if the new file path generated according to the rule exists under the redirection directory, file redirection is carried out; if the file does not exist, the original file is copied to a newly generated file path, and then the operation of the file is redirected to the file through path reanalysis.
4. The method for file isolation under Windows based on process granularity as claimed in claim 1, wherein in step S6, when the client process exits, the driver clears the memory data and resources related to the client process.
5. The method for file isolation under Windows based on process granularity as claimed in claim 2, wherein in step S6, the method further comprises: if the control process creates a notification event, the driver notifies the control program that the client process is exited.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210758799.5A CN115048343B (en) | 2022-06-30 | 2022-06-30 | File isolation method based on process granularity under Windows |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210758799.5A CN115048343B (en) | 2022-06-30 | 2022-06-30 | File isolation method based on process granularity under Windows |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115048343A true CN115048343A (en) | 2022-09-13 |
| CN115048343B CN115048343B (en) | 2024-04-16 |
Family
ID=83166111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210758799.5A Active CN115048343B (en) | 2022-06-30 | 2022-06-30 | File isolation method based on process granularity under Windows |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115048343B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013036604A1 (en) * | 2011-09-06 | 2013-03-14 | Mastercard International Incorporated | Apparatus, method, and computer program product for data cleansing and/or biller scrubbing |
| CN103646087A (en) * | 2013-12-13 | 2014-03-19 | 北京奇虎科技有限公司 | Junk file data cleaning method and device |
| CN104021159A (en) * | 2014-05-26 | 2014-09-03 | 北京金山安全软件有限公司 | Client file cleaning method and device |
| CN114443580A (en) * | 2022-01-28 | 2022-05-06 | 网易(杭州)网络有限公司 | Data cleaning method, device, medium and computing equipment |
-
2022
- 2022-06-30 CN CN202210758799.5A patent/CN115048343B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013036604A1 (en) * | 2011-09-06 | 2013-03-14 | Mastercard International Incorporated | Apparatus, method, and computer program product for data cleansing and/or biller scrubbing |
| CN103646087A (en) * | 2013-12-13 | 2014-03-19 | 北京奇虎科技有限公司 | Junk file data cleaning method and device |
| CN104021159A (en) * | 2014-05-26 | 2014-09-03 | 北京金山安全软件有限公司 | Client file cleaning method and device |
| CN114443580A (en) * | 2022-01-28 | 2022-05-06 | 网易(杭州)网络有限公司 | Data cleaning method, device, medium and computing equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115048343B (en) | 2024-04-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11829263B2 (en) | In-place cloud instance restore | |
| US11016935B2 (en) | Centralized multi-cloud workload protection with platform agnostic centralized file browse and file retrieval time machine | |
| CN103197990B (en) | Automated priority restores and relevant apparatus and method | |
| WO2020248507A1 (en) | Container cloud-based system resource monitoring method and related device | |
| CN108712501B (en) | Information sending method and device, computing equipment and storage medium | |
| US10402377B1 (en) | Data recovery in a distributed computing environment | |
| US10216601B2 (en) | Agent dynamic service | |
| WO2024120227A1 (en) | Container data protection system, method and apparatus, and device and readable storage medium | |
| CN105446831A (en) | Server-Free backup method in conjunction with SAN | |
| CN111104368A (en) | Method and system for realizing storage capacity expansion of container | |
| WO2021184992A1 (en) | Mirror image file uploading method, related device and computer storage medium | |
| CN101937378B (en) | Method for carrying out back-up protection on data of storage equipment and computer system | |
| US10789138B2 (en) | SMB service fault processing method and storage device | |
| US10506392B1 (en) | Stream-processing of telecommunication diameter event records | |
| JP4634058B2 (en) | Real-time remote backup system and backup method thereof | |
| CN110972497A (en) | Disaster recovery method and device for virtualization platform | |
| CN114356650A (en) | Data backup method, device, equipment, system and storage medium | |
| WO2021254214A1 (en) | Migration method and apparatus for android application program | |
| CN112035062B (en) | Migration method of local storage of cloud computing, computer equipment and storage medium | |
| CN115048343B (en) | File isolation method based on process granularity under Windows | |
| CN111427704A (en) | Remote monitoring method, device and equipment for configuration instruction and storage medium | |
| US9116905B1 (en) | System and method for cataloging data | |
| CN106161061B (en) | Service configuration rollback method and network equipment | |
| CN114661420A (en) | Application protection method, device and system based on Kubernetes container platform | |
| CN114281600A (en) | Disaster recovery backup and recovery method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |