CN115328393A - Data storage method and system - Google Patents

Data storage method and system Download PDF

Info

Publication number
CN115328393A
CN115328393A CN202210887362.1A CN202210887362A CN115328393A CN 115328393 A CN115328393 A CN 115328393A CN 202210887362 A CN202210887362 A CN 202210887362A CN 115328393 A CN115328393 A CN 115328393A
Authority
CN
China
Prior art keywords
data
storage
stored
acquiring
risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210887362.1A
Other languages
Chinese (zh)
Inventor
钱海涛
肖遥
邱磊
康坤彬
赵俊杰
董晨丹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Guodian Electric Power Technology Development Co ltd
Original Assignee
Hangzhou Guodian Electric Power Technology Development Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Guodian Electric Power Technology Development Co ltd filed Critical Hangzhou Guodian Electric Power Technology Development Co ltd
Priority to CN202210887362.1A priority Critical patent/CN115328393A/en
Publication of CN115328393A publication Critical patent/CN115328393A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0614Improving the reliability of storage systems
    • G06F3/0619Improving the reliability of storage systems in relation to data integrity, e.g. data losses, bit errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0604Improving or facilitating administration, e.g. storage management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0623Securing storage systems in relation to content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0643Management of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0653Monitoring storage devices or systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the technical field of data processing, in particular to a data storage method and a data storage system, wherein the method comprises the following steps: acquiring data to be stored; acquiring a corresponding storage network environment according to the data type of the data to be stored; analyzing the storage network environment to obtain a storage security value of the storage network environment; judging whether the storage safety value is larger than a preset risk standard or not; if the storage safety value is larger than the preset risk standard, acquiring a target risk identifier; the target risk identification is analyzed, a storage strategy is obtained, and the data to be stored is stored according to the storage strategy.

Description

Data storage method and system
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a data storage method and system.
Background
Storage is to store data onto some media and guarantee effective access by adopting a reasonable, safe and effective manner according to different application environments, and can include two meanings: on the one hand it is a physical medium where data resides temporarily or for a long time; on the other hand, it is a way or act to ensure that data is stored intact and safely.
DAS (direct attached storage) technology is the earliest storage technology, and like the structure of a PC, external data storage devices are directly hung on a bus inside a server, and the data storage devices are a part of the server.
Disclosure of Invention
In order to improve the storage safety, the application provides a data storage method and system.
In a first aspect, the present application provides a data storage method, which adopts the following technical scheme:
a method of data storage comprising the steps of:
acquiring data to be stored;
acquiring a corresponding storage network environment according to the data type of the data to be stored;
analyzing the storage network environment to obtain a storage security value of the storage network environment;
judging whether the storage safety value is larger than a preset risk standard or not;
if the storage safety value is larger than the preset risk standard, acquiring a target risk identifier;
and analyzing the target risk identification, and storing the data to be stored.
By adopting the technical scheme, the storage network environment where each type of data to be stored is located is analyzed according to the type of the data to be stored, the corresponding storage safety value is further obtained, the storage safety value corresponding to the type of the data to be stored is analyzed and judged by combining with the preset risk standard, various target risks which may appear in the storage process of the data to be stored can be obtained, the target risk identification of the target risks is further analyzed, the corresponding storage strategy is obtained, and the data to be stored is stored, so that the storage safety is improved.
Optionally, the analyzing the storage network environment and obtaining the storage security value of the storage network environment includes the following steps:
acquiring a risk record of the storage network environment;
if the storage network environment does not have the risk record, acquiring a preset storage safety value of the storage network environment as the storage safety value;
and if the storage network environment has the risk record, acquiring a risk storage safety value as the storage safety value according to the risk record.
By adopting the technical scheme, the storage network environment of the data to be stored is analyzed according to the risk records, so that the security in the storage process can be preliminarily judged through the acquired storage security value.
Optionally, the target risk identifier includes a power failure identifier, and the analyzing the target risk identifier, obtaining a storage policy, and storing the data to be stored according to the storage policy includes the following steps:
acquiring real-time power supply voltage according to the power failure identifier;
acquiring a voltage difference according to the real-time power supply voltage and a preset power supply standard;
according to the voltage difference, acquiring a voltage compensation storage safety command as the storage strategy;
and storing the data to be stored according to the storage strategy.
By adopting the technical scheme, the voltage difference is used as a storage strategy of the data to be stored, so that the occurrence of the situation that the data to be stored is lost due to the power failure of the data to be stored in the storage process is reduced.
Optionally, the target risk identifier includes a program running exception identifier, and analyzing the target risk identifier, obtaining a storage policy, and storing the data to be stored according to the storage policy further includes the following steps:
acquiring an encrypted storage instruction according to the program operation exception identifier;
acquiring a corresponding encryption mode as the storage strategy according to the encryption storage instruction;
and encrypting the data to be stored through the storage strategy to form encrypted storage data, and storing the encrypted storage data into a storage space.
By adopting the technical scheme, the encryption mode corresponding to the data to be stored is used as the storage strategy of the data to be stored, so that the occurrence of abnormal storage condition of the data to be stored caused by abnormal system operation is reduced.
Optionally, the target risk identifier includes an operation exception identifier, and analyzing the target risk identifier, obtaining a storage policy, and storing the data to be stored according to the storage policy further includes the following steps:
acquiring an operation abnormity record according to the operation abnormity identifier;
judging whether the operation abnormal record accords with an event log or not;
if the operation abnormal record accords with an event log, acquiring a historical storage safety instruction as the storage strategy according to the event log;
and storing the data to be stored according to the storage strategy.
By adopting the technical scheme, the historical storage safety instruction recorded in the event log is used as a storage strategy, so that the storage efficiency of the data to be stored under the influence of similar abnormal operations is improved.
Optionally, the following steps are further included after obtaining the operation exception record according to the operation exception identifier:
judging whether the data to be stored is subjected to deletion operation according to the operation abnormal record;
if the data to be stored is deleted, acquiring the position information of the data to be stored, recovering the data to be stored according to the position information, and setting the priority storage level of the data to be stored;
and generating the storage strategy according to the priority storage level, and storing the data to be stored according to the storage strategy.
By adopting the technical scheme, the priority storage level for deleting the data to be stored by mistake due to abnormal operation is set, so that the condition that the data to be stored is lost due to the same deletion operation is reduced.
Optionally, before acquiring the data to be stored, the method further includes the following steps:
acquiring a data reading instruction;
analyzing the reading position, the reading content and the reading authority of the data reading instruction;
judging whether the reading authority accords with the position authority of the reading position;
and if the reading authority accords with the position authority of the reading position, acquiring storage data corresponding to the reading position and the reading content as the data to be stored.
By adopting the technical scheme, the data to be stored is analyzed and judged according to the reading position, the reading content and the reading permission of the data to be stored, so that the accuracy of acquiring the data to be stored is improved.
Optionally, the method further includes the following steps after the data to be stored is acquired:
acquiring an updating requirement according to the data type, wherein the updating requirement comprises no updating and updating;
if the updating requirement is that updating is needed, whether the data to be stored corresponding to the data type is updated or not in a preset judging period is judged;
if the data to be stored is updated, acquiring the updated data to be stored as the data to be stored;
and if the updating requirement is that updating is not needed, entering the next step.
By adopting the technical scheme, the data to be stored is detected and analyzed according to the updating requirement of the data type, so that the real-time performance of the data to be stored is improved.
Optionally, if the update requirement is that the data needs to be updated, determining whether the data to be stored corresponding to the data type is updated in a preset determination period includes the following steps:
if the updating requirement is the updating requirement, acquiring the updating degree of the data to be stored;
judging whether the updating degree is larger than a preset updating threshold value within the preset judging threshold value period;
if the updating degree is greater than the preset updating threshold, judging that the data to be stored corresponding to the data type is updated;
if the updating degree is smaller than or equal to the updating threshold, judging that the data to be stored corresponding to the data type is not updated;
and the updating degree is determined according to the change degree of the data size of the data to be stored in the preset judging period.
By adopting the technical scheme, whether the data to be stored corresponding to the data type is updated or not is further judged according to the updating degree of the data to be stored in the preset judging period, so that the updating condition of the data to be stored is conveniently judged.
In a second aspect, the present application further provides a data storage system, which adopts the following technical solutions:
a data storage system, comprising:
the acquisition module is used for acquiring data to be stored and acquiring a corresponding storage network environment according to the data type of the data to be stored;
the security analysis module is used for analyzing the storage network environment and acquiring a storage security value of the storage network environment;
the risk identification module is used for judging whether the storage safety value is greater than a preset risk standard or not, and acquiring a target risk identification if the storage safety value is greater than the preset risk standard;
and the storage module is used for analyzing the target risk identifier and storing the data to be stored.
By adopting the technical scheme, the storage network environment where each type of data to be stored acquired by the acquisition module is located is analyzed, so that the security analysis module can acquire the storage security value corresponding to the storage network environment conveniently, the risk identification module is further combined to analyze and judge the storage security value corresponding to the type of the data to be stored according to the preset risk standard, various target risks which may appear in the storage process of the data to be stored can be acquired, the target risk identification of the target risks is further analyzed, the corresponding storage strategy is acquired through the storage module to store the data to be stored, and therefore the storage security is improved.
To sum up, the application comprises the following beneficial technical effects:
according to the type of the data to be stored, the storage network environment where each type of data to be stored is located is analyzed, and then the corresponding storage safety value is obtained, the storage safety value corresponding to the type of the data to be stored is combined with the preset risk standard to be analyzed and judged, so that various target risks which may appear in the storage process of the data to be stored can be obtained, the target risk identification of the target risks is further analyzed, and the corresponding storage strategy is obtained to store the data to be stored, so that the storage safety is improved.
Drawings
Fig. 1 is a schematic flowchart of one embodiment of a data storage method according to the present application.
Fig. 2 is a schematic flow chart of one embodiment of a data storage method according to the present application.
Fig. 3 is a schematic flow chart of one embodiment of a data storage method according to the present application.
Fig. 4 is a schematic flow chart of one embodiment of a data storage method according to the present application.
Fig. 5 is a schematic flow chart of one embodiment of a data storage method according to the present application.
Fig. 6 is a schematic flow chart of one embodiment of a data storage method according to the present application.
Fig. 7 is a schematic flowchart of one embodiment of a data storage method according to the present application.
Fig. 8 is a schematic flow chart of one embodiment of a data storage method according to the present application.
Fig. 9 is a schematic flowchart of one embodiment of a data storage method according to the present application.
FIG. 10 is a block diagram of one embodiment of a data storage system according to the present application.
Description of reference numerals:
1. an acquisition module; 2. a security analysis module; 3. a risk identification module; 4. and a storage module.
Detailed Description
The present application is described in further detail below with reference to figures 1-10.
The embodiment of the application discloses a data storage method, which refers to fig. 1 and comprises the following steps:
s101, acquiring data to be stored;
s102, acquiring a corresponding storage network environment according to the data type of the data to be stored;
s103, analyzing the storage network environment, and acquiring a storage security value of the storage network environment;
s104, judging whether the storage safety value is larger than a preset risk standard or not;
s105, if the storage safety value is larger than a preset risk standard, acquiring a target risk identifier;
and S106, analyzing the target risk identification, acquiring a storage strategy, and storing the data to be stored according to the storage strategy.
Step S101 to step S102 in this embodiment, for convenience of describing the present solution, in the present embodiment, the data to be stored is, for example, network storage data in a network storage process, the storage of the data to be stored relates to network storage, and the network storage is network storage equipment, which includes storage media such as a dedicated data exchange device, a disk array, or a tape library, and dedicated storage software, and provides a unified information access and sharing service of an information system for a user by using an original network or constructing a storage dedicated network. The appearance of network storage meets the requirements of people on large-capacity data storage, limited data sharing, data mining and information full utilization, data reliability, data backup and safety, and simplification and unification of data management. Meanwhile, the network storage has the characteristics of strong expandability and capability of providing the information transmission rate of large data.
The storage network environment refers to a network security environment of data to be stored in a storage process, and the network security is information security on a network and can also be simply understood as confidentiality and authenticity of information on the network. During the data storage process, the safety of the server system is important, and the most basic operation of the system safety is downloading antivirus software, regularly sterilizing, inquiring a computer and the like. Of course, the system security is divided into server and computer security, and the server and the computer security are both computer security, and website files and databases are backed up regularly.
Step S103 in this embodiment, the storage network environment also relates to a network file system, and the storage security system in the network file system can be roughly classified into four types: secure network file systems, cryptographic file systems, survivable storage systems, and storage-based intrusion detection, which provide confidentiality, integrity, and availability of storage systems from four different levels, respectively.
Network file systems based on authentication and access control were the earliest considering security factors, including NFS, AFS, NASD, SFS-RO, etc. In such systems, data security is provided by authentication and access control of the storage server, and most such storage security systems also encrypt data transmitted in the network, but they do not provide end-to-end data security, that is, they do not guarantee the confidentiality and integrity of the data stored on the storage server, but rather assume that the file server and storage security system administrators are trusted.
The aim of encrypted file systems is to provide end-to-end security, performing encryption operations at the client to prevent theft or tampering by data file servers and other unauthorized users, these systems embedding cryptographic operations (encryption/decryption, signature/verification) into the file system. File servers are given minimal trust and because they do not participate in the encryption/decryption process, they never know the readable text. A major problem faced by this type of storage security system is key management. The storage network environment is analyzed based on the system, and then a corresponding storage security value is obtained.
Steps S104 to S105 in this embodiment, the storage involves a plurality of write actions in tandem, including writing data into a database table, writing data files into a host file system, and writing host files into a disk in binary form. These three actions cause the stored data to assume three different modalities for different access subjects: the database table records, data files, and binary data on disk.
From the perspective of risk, the risk of confidentiality of the data store is mainly reflected in the unexpected acquisition of data by the accessing principal, which includes both the impersonation of the identity of the accessing principal and the execution of an unauthorized acquisition operation by the true-identity accessing principal. From the three forms of data stored in the database above, an attacker may access the data in the three forms from the database device itself, the database management portal, the application system portal, and other access points. The preset risk standard is also based on risk value standards specified by three presentation forms of data during database storage, and according to the comparison between the actual storage safety value and the corresponding preset risk standard, if the actual storage safety value is greater than the corresponding preset risk standard, it is indicated that various risks seriously influencing data safety appear in the storage process of the data to be stored, and corresponding target risk identifiers are obtained by marking various target risks.
Step S106, in this embodiment, based on the target risk identifier, a series of storage policies for coping with risks are formed, and the security solution policy for the data storage link relates to the mutual cooperation of multiple technologies and multiple products, and forms a data protection mechanism together, but in short, identity authenticity of a data access subject, non-repudiation of data access related operations, and confidentiality protection of a data entity cannot be kept.
In one implementation of this embodiment, as shown in fig. 2, step S103 includes the following steps:
s201, acquiring a risk record of a storage network environment;
s202, if the network environment risk-free records are stored, acquiring a preset storage safety value of the storage network environment as a storage safety value;
and S203, if the network environment is stored with the risk records, acquiring the risk storage safety value as a storage safety value according to the risk records.
In practical application, the risk record of the storage network environment refers to the risk record which has appeared in the history of the storage system; the preset storage safety value is a safety evaluation value obtained by evaluating the risk in the historical storage process; the risk storage security value refers to a security assessment value that is assessed for new risks that have not occurred in the system.
For example, risk a, theft of a physical medium or logical image of a data store, an attacker or traitory serviceman, is a real risk of security directly against the database hardware devices provided that the database server host can be reached.
Risk B, the relevant internal administrator implements "internal act", in case of traitor or impersonation, the database administrator can access the information of the data file by looking at, exporting, backing up, etc. database management commands or by creating a new database access account, and the operating system administrator can directly copy the data file.
Risk C, data leakage risk taking the application as an entrance, and threats of the application side to the data mainly comprise two types. The first type is that deployment operation and maintenance personnel of the application can generally acquire an access account of the database from application configuration and acquire data through a database access tool; the second type is that an administrator role in the business application abuses a user authorization function, and gives other users access to the user data in violation of authority, so as to obtain the user data.
The risk A and the risk B exist in a system risk record, the preset storage safety values of the risk A and the risk B are the same, the risk C is a new risk type which does not appear in the system, the risk C needs to be evaluated, and then the risk storage safety value is obtained; if the risk A and the risk B occur again in the system, directly accessing the risk records, taking the preset storage safety values of the risk A and the risk B as storage safety values, if the risk A occurs in the system, reevaluating the risk, acquiring the risk storage safety values as the storage safety values of the risk A, analyzing the storage network environment of the data to be stored according to the risk records, and thus preliminarily judging the safety in the storage process through the acquired storage safety values.
In one implementation manner of this embodiment, as shown in fig. 3, the target risk identifier includes a power-down identifier, and step S106 includes the following steps:
s301, acquiring real-time power supply voltage according to the power failure identification;
s302, acquiring a voltage difference according to the real-time power supply voltage and a preset power supply standard;
s303, acquiring a voltage compensation storage safety command as a storage strategy according to the voltage difference;
and S304, storing the data to be stored according to the storage strategy.
In practical application, the power-down identifier is an identifier signal when power-down occurs in the data to be stored in the storage process, the preset power supply standard is a power supply voltage standard required by various types of data in the normal storage process, the voltage difference is a voltage difference value between the actual power supply voltage of the system in the data storage process and the corresponding preset power supply standard, and the voltage compensation storage safety instruction is an operation instruction for adjusting the actual power supply voltage of the system in the power-down state to the corresponding preset power supply standard according to the voltage difference value. The voltage compensation storage safety instruction is also a control instruction based on power failure protection, the power failure protection is a mode that a system can store related data after power failure, data collected or generated in system operation is often required not to be lost when power failure occurs, and the system can recover the original working state after power is reapplied.
A mechanism is adopted for a storage strategy aiming at a power failure identifier, so that the certainty of the system and the running state and the integrity of recorded data can be ensured under the condition that power supply of the system is lost accidentally, after the power supply of the system is recovered, field data can be recovered in time, the application system is prevented from being disordered, and meanwhile, the stored data can provide analysis data for technicians and provide good basis for analyzing products.
For example, in the storage process of data to be stored, the power failure detection module detects that a power supply is in a power failure state, the obtained real-time power supply voltage is 1.1V, the power failure detection module obtains a corresponding preset power supply standard of 2.1V according to the type of data storage, the voltage difference is further obtained to be 1V, the power failure detection module immediately sends the 1V voltage difference to the power supply control module, the power supply control module controls the power supply or a standby power supply to adjust the real-time power supply voltage from 1.1V to 2.1V, and the voltage difference is used as a storage strategy of the data to be stored, so that the occurrence of the loss situation of the data to be stored due to the power failure situation of the data to be stored in the storage process is reduced.
In one implementation manner of this embodiment, as shown in fig. 4, the target risk identifier includes a program running exception identifier, and step S106 further includes the following steps:
s401, acquiring an encrypted storage instruction according to the program operation exception identifier;
s402, acquiring a corresponding encryption mode as a storage strategy according to the encryption storage instruction;
s403, encrypting the data to be stored through the storage strategy to form encrypted storage data, and storing the encrypted storage data into a tape storage space.
In practical application, the program operation exception identifier refers to some exception program operation identifier signals occurring in the normal storage process of data, and such operations may cause the data to be stored to be lost or damaged; the encryption storage instruction refers to a protection instruction which is used for avoiding the influence of high-level threats on data in the storage process, and keeping the data storage compliance, and the protection instruction is taken by taking data encryption as a center. When the program operation abnormal identifier appears, selecting the corresponding encrypted storage instruction according to the type of the data to be stored, and then forming the corresponding encrypted storage data according to the encrypted storage instruction for storage.
For example, when the data to be stored is some sensitive data and may be threatened by leakage due to abnormal program operation in the storage process, a corresponding encryption mode may be selected according to the type of the data to be stored, for example, file-level encryption, which may be implemented on a host, or may be implemented by additionally storing this layer in a network, and it is necessary to identify and associate the related key according to the data file-level directory location; database level encryption, which encrypts data fields as they are stored in a database, is also called column level encryption because it encrypts the data fields at the level of the columns in the database table, placing all sensitive data in one or two columns in the database.
Medium-level encryption, which relates to the encryption of static data on storage equipment, but data is not encrypted in the transmission process, and the data is encrypted only when the data reaches the storage equipment, so that the medium-level encryption can only prevent people from stealing a physical storage medium; the embedded encryption equipment is arranged in the storage area network and is arranged between the storage equipment and the server requesting for encrypting the data, and the special equipment can encrypt the data transmitted to the storage equipment through one path of the equipment, can protect the static data and then decrypt the data returned to the application; and a series of encryption modes aiming at different types of data, such as encryption and the like, are applied, and the encryption mode corresponding to the data to be stored is used as a storage strategy of the data to be stored, so that the occurrence of abnormal storage condition of the data to be stored caused by abnormal system operation is reduced.
In one implementation manner of this embodiment, as shown in fig. 5, the target risk identifier includes an operation anomaly identifier, and step S106 further includes the following steps:
s501, acquiring an operation abnormity record according to the operation abnormity identifier;
s502, judging whether the operation abnormal record accords with an event log;
s503, if the operation abnormal record accords with the event log, acquiring a historical storage safety command as a storage strategy according to the event log;
and S504, storing the data to be stored according to the storage strategy.
In practical application, the operation exception identifier is an identifier signal that a user may cause data to be stored to be lost or damaged due to misoperation, the operation exception record is a record performed by the system according to each abnormal operation of an operator, the event log is a record of error information of hardware, software and the whole system of the computer, and some safety problems are also recorded, and the historical storage safety instruction is a related instruction processed by the system according to historical error information in the event log.
The event log is roughly divided into: the system log tracks various system events, including problems of Windows system components, such as events in the process of tracking system starting, faults of hardware and a controller, loading failure of a certain driver in starting and the like; an application log that tracks events associated with the application, such as application-generated information like failure to load a DLL (dynamic link library) will appear in the log; the security log tracks events such as logging on and off, changing access permissions, and system start and shutdown, and is only closed in a default state of the security log, which is generated after a local security policy is set.
For example, the system generates an operation exception identifier of strange access, records history exception access information in an event log, and also records a history access storage safety instruction for performing safety processing on the exception access information, and performs safety processing on strange access operation in the storage process of the data to be stored according to the history access storage safety instruction as a storage strategy, so that the history storage safety instruction recorded in the event log is used as the storage strategy, and the storage efficiency of the data to be stored under the influence of similar exception operations is improved.
In one implementation manner of this embodiment, as shown in fig. 6, the following steps are further included after step S501:
s601, judging whether the data to be stored is subjected to deletion operation according to the operation abnormal record;
s602, if the data to be stored is deleted, acquiring the position information of the data to be stored, recovering the data to be stored according to the position information, and setting the priority of the data to be stored;
and S603, generating a storage strategy according to the priority storage level, and storing the data to be stored according to the storage strategy.
In practical application, in the process of storing and transmitting the data to be stored, due to the fact that abnormal operation of an operator may cause the situation of mistakenly deleting data, when a data file is mistakenly deleted, the data file is not really clear on a hard disk, the data file is marked with a mark of 'waiting to delete' by a computer, although the file cannot be seen any more, the data file is really stored on the hard disk, and only when new data is written, the part of the file marked with the 'waiting to delete' mark is covered.
For example, if the data to be stored or the relevant important data has been deleted due to an operation error, the deleted data is restored according to the disk partition or the storage location where the deleted file is located, so as to avoid deleting the relevant data due to the same kind of error of an operator, a priority storage level of the data to be stored after restoration is set, the storage priority of the data file is improved, and the priority storage level of the data to be stored which is deleted by the error due to the abnormal operation is set, thereby reducing the occurrence of the situation that the data to be stored is lost due to the same kind of deletion operation.
In one implementation manner of this embodiment, as shown in fig. 7, step S101 further includes the following steps:
s701, acquiring a data reading instruction;
s702, analyzing the reading position, the reading content and the reading permission of the data reading instruction;
s703, judging whether the reading authority accords with the position authority of the reading position;
and S704, if the reading authority accords with the position authority of the reading position, acquiring storage data corresponding to the reading position and the reading content as data to be stored.
In practical application, before the data to be stored is obtained, the reading position, the reading content and the reading permission of the data to be stored are further obtained by the reading instruction of the data to be stored, and the corresponding stored data is further obtained as the data to be stored by judging whether the reading permission of the data to be stored accords with the position permission of the reading position.
For example, the data to be stored a needs to be stored, the data reading instruction is acquired and then analyzed, so that the corresponding reading position, reading content and reading permission are acquired, the reading permission is further judged to be in accordance with the position permission of the reading position, the storage data corresponding to the reading position and the reading content is acquired as the data to be stored a, and the storage data is analyzed and judged according to the reading position, the reading content and the reading permission of the data to be stored, so that the accuracy of acquiring the data to be stored is improved.
In one implementation manner of this embodiment, as shown in fig. 8, the following steps are further included after step S101:
s801, acquiring an updating requirement according to the data type, wherein the updating requirement comprises no updating and updating;
s802, if the updating requirement is that updating is needed, whether the data to be stored corresponding to the data type is updated or not in a preset judging period is judged;
s803, if the data to be stored is updated, acquiring the updated data to be stored as the data to be stored;
and S804, if the updating requirement is that updating is not needed, entering the next step.
In practical application, the preset judgment period is a time period for judging whether the data to be stored has an updating requirement in the storage process, and in the data storage process, some storage requirements are only to store the data to be stored which is updated recently, so that whether the data to be stored has the updating requirement is judged according to the storage requirement of the data type.
For example, if the system has an update requirement on the data to be stored, it is further determined that the data to be stored is updated in the preset determination period, the updated data to be stored is acquired and stored as the data to be stored, and the data to be stored is detected and analyzed according to the update requirement of the data type, so that the real-time performance of the data to be stored is improved.
In one implementation manner of this embodiment, as shown in fig. 9, step S802 further includes the following steps:
s901, if the updating requirement is that updating is needed, acquiring the updating degree of the data to be stored;
s902, judging whether the updating degree is greater than a preset updating threshold value within a preset judging threshold value period;
s903, if the updating degree is larger than a preset updating threshold value, judging that the data to be stored corresponding to the data type is updated;
and S904, if the updating degree is less than or equal to the updating threshold, judging that the data to be stored corresponding to the data type is not updated.
In practical applications, the updating degree is determined according to the degree of change of the data size of the data to be stored in the preset judgment period, and the preset updating threshold refers to a standard value of the data size of the data to be stored, which is updated in the preset judgment threshold period.
For example, if the data size of the S data to be stored in the preset determination threshold period is changed to 109 KB/sec, and the corresponding preset update threshold is 100 KB/sec, it can be determined that the data to be stored corresponding to the data type of S is updated, and further judging whether the data to be stored corresponding to the data type is updated or not according to the updating degree of the data to be stored in the preset judging period, so that the updating condition of the data to be stored is judged conveniently.
The embodiment of the application discloses a data storage system, and referring to fig. 10, the data storage system comprises an acquisition module 1, a security analysis module 2, a risk identification module 3 and a storage module 4, wherein the acquisition module 1 is used for acquiring data to be stored and acquiring a corresponding storage network environment according to the data type of the data to be stored; the security analysis module 2 is used for analyzing the storage network environment and acquiring a storage security value of the storage network environment; the risk identification module 3 is used for judging whether the storage safety value is greater than a preset risk standard or not, and acquiring a target risk identification if the storage safety value is greater than the preset risk standard; the storage module 4 is used for analyzing the target risk identifier and storing the data to be stored.
The storage network environment where each type of data to be stored acquired by the analysis acquisition module 1 is located is analyzed, so that the security analysis module 2 can acquire the storage security value corresponding to the storage network environment conveniently, the risk identification module 3 is further combined to analyze and judge the storage security value corresponding to the type of the data to be stored according to the preset risk standard, various target risks which may occur in the storage process of the data to be stored can be acquired, the target risk identification of the target risks is further analyzed, and the corresponding storage strategy is acquired through the storage module 4 to store the data to be stored, so that the storage security is improved.
The above are preferred embodiments of the present application, and the scope of protection of the present application is not limited thereto, so: equivalent changes in structure, shape and principle of the present application shall be covered by the protection scope of the present application.

Claims (10)

1. A method of storing data, comprising the steps of:
acquiring data to be stored;
acquiring a corresponding storage network environment according to the data type of the data to be stored;
analyzing the storage network environment to obtain a storage security value of the storage network environment;
judging whether the storage safety value is larger than a preset risk standard or not;
if the storage safety value is larger than the preset risk standard, acquiring a target risk identifier;
and analyzing the target risk identification, acquiring a storage strategy, and storing the data to be stored according to the storage strategy.
2. A method for storing data according to claim 1, wherein said analyzing said storage network environment to obtain a storage security value of said storage network environment comprises the steps of:
acquiring a risk record of the storage network environment;
if the storage network environment does not have the risk record, acquiring a preset storage safety value of the storage network environment as the storage safety value;
and if the storage network environment has the risk record, acquiring a risk storage safety value as the storage safety value according to the risk record.
3. The data storage method according to claim 1, wherein the target risk identifier comprises a power-down identifier, and the analyzing the target risk identifier, obtaining a storage policy, and storing the data to be stored according to the storage policy comprises the following steps:
acquiring real-time power supply voltage according to the power failure identification;
acquiring a voltage difference according to the real-time power supply voltage and a preset power supply standard;
according to the voltage difference, acquiring a voltage compensation storage safety command as the storage strategy;
and storing the data to be stored according to the storage strategy.
4. The data storage method according to claim 1, wherein the target risk identifier includes a program running exception identifier, the analyzing the target risk identifier, obtaining a storage policy, and storing the data to be stored according to the storage policy further includes:
acquiring an encrypted storage instruction according to the program operation exception identifier;
acquiring a corresponding encryption mode as the storage strategy according to the encryption storage instruction;
and encrypting the data to be stored through the storage strategy to form encrypted storage data, and storing the encrypted storage data into a storage space.
5. The data storage method according to claim 1, wherein the target risk identifier includes an operation anomaly identifier, and the analyzing the target risk identifier, obtaining a storage policy, and storing the data to be stored according to the storage policy further includes the following steps:
acquiring an operation abnormity record according to the operation abnormity identifier;
judging whether the operation abnormal record conforms to an event log;
if the operation abnormal record accords with an event log, acquiring a historical storage safety command as the storage strategy according to the event log;
and storing the data to be stored according to the storage strategy.
6. The data storage method according to claim 5, wherein the step of obtaining the operation exception record according to the operation exception identifier further comprises the following steps:
judging whether the data to be stored is subjected to deletion operation according to the operation abnormal record;
if the data to be stored is deleted, acquiring the position information of the data to be stored, recovering the data to be stored according to the position information, and setting the priority storage level of the data to be stored;
and generating the storage strategy according to the priority storage level, and storing the data to be stored according to the storage strategy.
7. The data storage method according to claim 1, wherein before said obtaining the data to be stored, the method further comprises the following steps:
acquiring a data reading instruction;
analyzing the reading position, the reading content and the reading authority of the data reading instruction;
judging whether the reading authority accords with the position authority of the reading position;
and if the reading authority accords with the position authority of the reading position, acquiring storage data corresponding to the reading position and the reading content as the data to be stored.
8. The data storage method according to claim 1, further comprising the following steps after the data to be stored is obtained:
acquiring an updating requirement according to the data type, wherein the updating requirement comprises no updating and updating;
if the updating requirement is that updating is needed, whether the data to be stored corresponding to the data type is updated or not in a preset judging period is judged;
if the data to be stored is updated, acquiring the updated data to be stored as the data to be stored;
and if the updating requirement is that updating is not needed, entering the next step.
9. The data storage method according to claim 8, wherein if the update request is that the data needs to be updated, determining whether the data to be stored corresponding to the data type is updated in a preset determination period comprises the following steps:
if the updating requirement is the updating requirement, acquiring the updating degree of the data to be stored;
judging whether the updating degree is larger than a preset updating threshold value or not in the preset judging threshold value period;
if the updating degree is larger than the preset updating threshold, judging that the data to be stored corresponding to the data type is updated;
if the updating degree is smaller than or equal to the updating threshold, judging that the data to be stored corresponding to the data type is not updated;
the updating degree is determined according to the change degree of the data size of the data to be stored in the preset judging period.
10. A data storage system, comprising:
the device comprises an acquisition module (1) and a storage module, wherein the acquisition module is used for acquiring data to be stored and acquiring a corresponding storage network environment according to the data type of the data to be stored;
the security analysis module (2) is used for analyzing the storage network environment and acquiring a storage security value of the storage network environment;
a risk identification module (3) for judging whether the storage safety value is greater than a preset risk standard, and if the storage safety value is greater than the preset risk standard, acquiring a target risk identification;
and the storage module (4) is used for analyzing the target risk identifier and storing the data to be stored.
CN202210887362.1A 2022-07-26 2022-07-26 Data storage method and system Pending CN115328393A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210887362.1A CN115328393A (en) 2022-07-26 2022-07-26 Data storage method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210887362.1A CN115328393A (en) 2022-07-26 2022-07-26 Data storage method and system

Publications (1)

Publication Number Publication Date
CN115328393A true CN115328393A (en) 2022-11-11

Family

ID=83919041

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210887362.1A Pending CN115328393A (en) 2022-07-26 2022-07-26 Data storage method and system

Country Status (1)

Country Link
CN (1) CN115328393A (en)

Similar Documents

Publication Publication Date Title
US7793110B2 (en) Posture-based data protection
US8732129B2 (en) Storage system for managing a log of access
US8135135B2 (en) Secure data protection during disasters
US8245042B2 (en) Shielding a sensitive file
CN101076969B (en) Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof
CN110889130B (en) Database-based fine-grained data encryption method, system and device
KR101828600B1 (en) Context-aware ransomware detection
JP7448593B2 (en) Improved data control and access methods and systems
US20220269807A1 (en) Detecting unauthorized encryptions in data storage systems
CN115329389B (en) File protection system and method based on data sandbox
JP5334739B2 (en) Log monitoring program, log monitoring system
JP4820620B2 (en) Data distribution management system
CN114282234A (en) Data protection method, device, equipment and storage medium
CN111539042B (en) Safe operation method based on trusted storage of core data files
CN116595573B (en) Data security reinforcement method and device for traffic management information system
CN116756774A (en) Secure storage control method and device for user data
KR100879212B1 (en) Method of making duplication file backup
CN115328393A (en) Data storage method and system
CN113468607B (en) Method for generating and using encrypted tamper-proof file
CN117725630B (en) Security protection method, apparatus, storage medium and computer program product
JPH10340232A (en) File copy preventing device, and file reader
CN112241516B (en) Source code protection method and storage medium for project development process
KR20210112559A (en) Cloud security system for having self protective properties
CN115883162A (en) File encryption management system based on hardware encryption storage equipment and control method
CN115329342A (en) TEE-based function testing method and device for private computing platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination