CN115879106A - Method and device for managing and controlling mobile storage equipment - Google Patents

Method and device for managing and controlling mobile storage equipment Download PDF

Info

Publication number
CN115879106A
CN115879106A CN202111143261.5A CN202111143261A CN115879106A CN 115879106 A CN115879106 A CN 115879106A CN 202111143261 A CN202111143261 A CN 202111143261A CN 115879106 A CN115879106 A CN 115879106A
Authority
CN
China
Prior art keywords
mobile storage
storage device
information
file
white list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111143261.5A
Other languages
Chinese (zh)
Inventor
万朔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Ltd China
Original Assignee
Siemens Ltd China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ltd China filed Critical Siemens Ltd China
Priority to CN202111143261.5A priority Critical patent/CN115879106A/en
Priority to PCT/CN2022/115628 priority patent/WO2023051131A1/en
Publication of CN115879106A publication Critical patent/CN115879106A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a method and a device for managing and controlling a mobile storage device, which can ensure that the mobile storage device entering an industrial control system is a safe mobile storage device, and improve the safety of information and property of the industrial control system. The method comprises the following steps: when a mobile storage device interceptor detects that a mobile storage device is inserted into client equipment, acquiring information of the mobile storage device, wherein the information of the mobile storage device comprises identification information of the mobile storage device and first file information of the mobile storage device, and the first file information is used for recording attribute information of a current file of the mobile storage device; and the mobile storage equipment interceptor manages and controls the mobile storage equipment according to the information of the mobile storage equipment and a white list, wherein the white list comprises identification information of the safe mobile storage equipment which passes the safety scanning and second file information of the safe mobile storage equipment, and the second file information is used for recording attribute information of a file when the safe mobile storage equipment passes the safety scanning.

Description

Method and device for managing and controlling mobile storage equipment
Technical Field
The present application relates to the technical field of data information security protection, and more particularly, to a method and an apparatus for managing and controlling a mobile storage device.
Background
The network in which the industrial control system is located belongs to an internal network, and is generally physically or logically isolated from the internet. Viruses or malicious software can be "ferred" to an internal network and spread through a mobile storage device, such as a U disk, a mobile hard disk and the like, which brings great challenges to information security management control of an industrial control system. At present, antivirus software is deployed on a host in part of factories, but the effectiveness and timeliness of virus treatment cannot be guaranteed because timely update of the antivirus software cannot be guaranteed. There are also some factories that allow limited mobile storage devices to be used internally, but there is no guarantee that these mobile storage devices are not infected by viruses or malware. In addition, even if the mobile storage device is periodically checked and killed, the mobile storage device cannot be guaranteed not to be infected in the using process, and further the mobile storage device cannot be guaranteed to be in a safe state before being accessed to the industrial control network every time.
Therefore, a management and control method for ensuring that the mobile storage device in the factory device is accessed as a safe mobile storage device is needed, so as to improve the safety of the information and property of the industrial control system.
Disclosure of Invention
The embodiment of the application provides a method and a device for managing and controlling a mobile storage device, which can ensure that the mobile storage device accessing factory equipment is a safe mobile storage device, thereby improving the safety of information and property of an industrial control system.
In a first aspect, a method for managing and controlling a mobile storage device is provided, including: when a mobile storage device interceptor detects that a mobile storage device is inserted into client equipment, acquiring information of the mobile storage device, wherein the information of the mobile storage device comprises identification information of the mobile storage device and first file information of the mobile storage device, and the first file information is used for recording attribute information of a current file of the mobile storage device; the mobile storage equipment interceptor manages and controls the mobile storage equipment according to the information of the mobile storage equipment and a white list, wherein the white list comprises identification information of the safe mobile storage equipment which passes security scanning and second file information of the safe mobile storage equipment; the second file information is used for recording the attribute information of the file when the secure mobile storage device passes the security scanning.
In the embodiment of the present application, the mobile storage device may be, for example, a usb disk, a removable hard disk, or other removable devices with a storage function, which is not limited in the present application.
According to the technical scheme, when the mobile storage device is inserted into the client device, the mobile storage device interceptor can judge whether the mobile storage device is infected by virus or malicious software according to the comparison between the identification information of the mobile storage device and the attribute information of the current file and the identification information of the mobile storage device in a white list and the attribute information of the file when the mobile storage device passes the security scanning, so that the mobile storage device accessing the factory equipment is ensured to be the secure mobile storage device, and the security of information and property of an industrial control system can be improved.
In some possible implementations, the controlling, by the mobile storage device interceptor, the mobile storage device according to the information of the mobile storage device and the white list includes: when the identification information of the mobile storage equipment is not in the white list, the mobile storage equipment interceptor refuses the access of the mobile storage equipment to the client equipment; or when the identification information of the mobile storage device is in the white list, the mobile storage device interceptor judges whether the first file information is consistent with the second file information corresponding to the identification information of the mobile storage device; if the first file information is consistent with the second file information corresponding to the identification information of the mobile storage device, the mobile storage device interceptor allows the mobile storage device to access the client device; or if the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, the mobile storage device interceptor refuses the access of the mobile storage device to the client device.
For example, the first file information may include, for example, creation or update time, total number of files, and total file size of each file in the mobile storage device when the mobile storage device is inserted into the client device; the second file information may include a scanning time, a total number of files, and a total file size of each file when the secure mobile storage device passes the secure scanning, and the specific content of the file information is not limited in the present application.
It should be noted that, when the first file information is compared with the second file information, only the file attribute information of the same category is compared, for example, the total number of files in the first file information is compared with the total number of files in the second file information, or the creation or update time of each file in the first file information is compared with the scanning time of each file in the second file information, or both the time information and the total number information are compared, so as to determine whether the first file information is consistent with the second file information.
According to the implementation mode, whether the mobile storage device is in a white list or not is judged by using the identification information of the mobile storage device, when the mobile storage device is in the white list, the security of the mobile storage device is verified for the second time by comparing the current file information of the mobile storage device with the file information obtained by security scanning, so that the security of the mobile storage device accessing the client device is further ensured, and the condition that the mobile storage device is overdue in scanning is avoided.
In some possible implementation manners, if the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, the method further includes: the mobile storage device interceptor sends first indication information to a mobile storage device manager, wherein the first indication information comprises identification information of the mobile storage device, and the first indication information is used for indicating the mobile storage device manager to delete information of the mobile storage device from the white list.
Through the implementation mode, when the current file information of the mobile storage device is inconsistent with the file information of the mobile storage device after security scanning, the information of the mobile storage device in the white list is invalid by deleting the information of the mobile storage device from the white list, and when the mobile storage device is inserted into the client device again, the mobile storage device interceptor directly rejects the access of the mobile storage device.
In a second aspect, a method for managing and controlling a mobile storage device is provided, where the method includes: the anti-virus scanner performs security scanning on the mobile storage device; after the mobile storage device passes the security scanning, sending the information of the mobile storage device to a mobile storage device manager, wherein the information of the mobile storage device comprises identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes the security scanning, and the information of the mobile storage device is used for adding the information of the mobile storage device into a white list.
According to the technical scheme, the mobile storage device is safely scanned through the antivirus scanner, and the information of the mobile storage device which passes the safety scanning is automatically sent to the mobile storage device manager, so that the mobile storage device can be automatically authorized, and the cost of manual authorization is saved.
In some possible implementations, the virus scanner performing the security scan on the mobile storage device includes: scanning the mobile storage device with an antivirus engine; when the mobile storage device is not infected with viruses or the viruses infected by the mobile storage device are killed by the antivirus engine, determining that the mobile storage device passes a security scan; when the virus infected by the mobile storage device is not killed by the antivirus engine, determining that the mobile storage device fails the security scan.
Through the implementation mode, the antivirus scanner is independent equipment or assembly compared with client equipment, and is isolated from a network used by the client equipment in a factory, so that a virus library can be updated at any time, and the condition that some new viruses enter an industrial control system due to the fact that the antivirus scanner cannot be updated in time when the antivirus scanner and the client are integrated is avoided.
Optionally, the file information includes a scanning time, a total number of files, and a total file size of each file in the mobile storage device, which is not limited in this application.
In a third aspect, a method for managing and controlling a mobile storage device is provided, where the method includes: the method comprises the steps that a mobile storage device manager receives information of the mobile storage device sent by an antivirus scanner, wherein the information of the mobile storage device comprises identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes security scanning; the mobile storage device manager adds the information of the mobile storage device to a white list; and the mobile storage device manager sends the white list to client equipment.
According to the technical scheme, the mobile storage device manager can automatically create the white list for the mobile storage device which passes through the safety scanning, manual maintenance is not needed, and the cost and the workload of manual management are reduced.
In some possible implementations, the method further includes: the mobile storage device manager receives first indication information sent by a mobile storage device interceptor, wherein the first indication information comprises identification information of a mobile storage device, and the first indication information is used for indicating the mobile storage device manager to delete information of the mobile storage device from the white list; and the mobile storage device manager deletes the information of the mobile storage device from the white list according to the first indication information.
Through the implementation mode, when the current file information of the mobile storage device is inconsistent with the file information of the mobile storage device after security scanning, the information of the mobile storage device in the white list is invalid by deleting the information of the mobile storage device from the white list, and when the mobile storage device is inserted into the client device again, the mobile storage device interceptor directly rejects the access of the mobile storage device.
In a fourth aspect, a mobile storage device interceptor is provided that includes means for performing the method of the first aspect or implementations thereof.
In a fifth aspect, there is provided an antivirus scanner comprising means for performing the method of the second aspect or its implementations.
In a sixth aspect, a mobile storage device manager is provided, which includes means for performing the method of the third aspect or its implementations.
In a seventh aspect, an apparatus for managing and controlling a mobile storage device is provided, including: a memory for storing a program; and the processor is used for executing the program stored in the memory, and when the program stored in the memory is executed, the processor is used for executing the method for managing the mobile storage device.
In an eighth aspect, a computer-readable storage medium is provided, which stores program code for device execution, where the program code includes instructions for executing steps in the above-described method for mobile storage device management and control.
In a ninth aspect, the present application also provides a computer program product comprising a computer program stored on a computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, cause the computer to perform the above-mentioned method of managing a mobile storage device.
Drawings
Fig. 1 is a schematic flowchart of a method for managing a mobile storage device according to an embodiment of the present application.
Fig. 2 is a schematic flow chart of another method for managing a mobile storage device according to an embodiment of the present application.
Fig. 3 is a schematic flow chart of a method for managing a mobile storage device according to an embodiment of the present application.
Fig. 4 is a schematic structural diagram of a mobile storage device interceptor according to an embodiment of the present application.
Fig. 5 is a schematic structural diagram of an antivirus scanner according to an embodiment of the present application.
Fig. 6 is a schematic structural diagram of a mobile storage device manager according to an embodiment of the present application.
Fig. 7 is a schematic structural diagram of a mobile storage device management and control apparatus according to an embodiment of the present application.
List of reference numerals:
110. 120, 210, 220, 310, 320, 330: the method comprises the following steps of;
400, a mobile storage device interceptor;
410, an acquisition unit;
420, a processing unit;
430, a transmitting unit;
500, an antivirus scanner;
510, a processing unit;
520, a transmitting unit;
600, a mobile storage device manager;
610, a receiving unit;
620, a processing unit;
630, a transmitting unit;
700, a device;
701, a memory;
702, a processor;
703, a communication interface;
704, a bus.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings. It should be understood that the specific examples in this specification are provided solely to assist those skilled in the art in better understanding the embodiments of the present application and are not intended to limit the scope of the embodiments of the present application.
It should be understood that, in the various embodiments of the present application, the size of the serial number of each process does not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
It should also be understood that the various embodiments described in this specification can be implemented individually or in combination, and are not limited to the examples in this application.
Unless otherwise defined, all technical and scientific terms used in the examples of this application have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used in the present application is for the purpose of describing particular embodiments only and is not intended to limit the scope of the present application.
Fig. 1 shows a schematic flow chart of a method 100 for managing a mobile storage device according to an embodiment of the present application. The method may be performed by a mobile storage device interceptor. The method 100 may include at least some of the following.
And 110, when the mobile storage device interceptor detects that the mobile storage device is inserted into the client device, obtaining information of the mobile storage device, wherein the information of the mobile storage device comprises identification information of the mobile storage device and first file information of the mobile storage device, and the first file information is used for recording attribute information of a current file of the mobile storage device.
In this embodiment, the client device may be an engineer station or an operator station in an engineering control system, for example, a computer device having a Human Machine Interface (HMI) and the like.
In this embodiment, the mobile storage device interceptor is software installed on the client device.
Specifically, when the mobile storage device is inserted into the client device, the mobile storage device interceptor may read information of the mobile storage device to determine whether to allow the mobile storage device to access the client device, where accessing the client device includes operations of acquiring data on the client device or writing data of the mobile storage device into the client device. The mobile storage device interceptor is installed on the client device.
In an embodiment of the present application, the information of the mobile storage device includes identification information of the mobile storage device and first file information of the mobile storage device. The identification information of the mobile storage device may be an Identification (ID) of the mobile storage device, that is, a serial number of the mobile storage device. The first file information of the mobile storage device may include attribute information of a current file of the mobile storage device, where the attribute information of the file may be, for example, creation or update time of each file, total number of files, size of the total file, and the like, and the specific content of the file information is not limited in this application.
In one implementation, the information of the mobile storage device may further include information of a vendor, a label, a volume, and the like of the mobile storage device.
And 120, the mobile storage device interceptor manages and controls the mobile storage device according to the information of the mobile storage device and a white list, wherein the white list comprises identification information of the secure mobile storage device passing the security scan and second file information of the secure mobile storage device, and the second file information is used for recording attribute information of a file when the secure mobile storage device passes the security scan.
In this embodiment, the white list refers to that the mobile storage device in the white list has been subjected to security scanning, and the mobile storage device is a secure mobile storage device after the security scanning. Wherein the secure mobile storage device means that no virus or malware exists in the mobile storage device.
In one implementation, when the identification information of the mobile storage device is not in the white list, the mobile storage device interceptor denies the mobile storage device access to the client device. That is, when the identification information of the mobile storage device is not in the white list, the mobile storage device cannot confirm whether the mobile storage device is infected by virus or malware without security scanning, and therefore the mobile storage device interceptor denies the mobile storage device to access the client device.
By the implementation mode, before the mobile storage device accesses the client, whether the mobile storage device is in a white list or not is judged through the mobile storage device interceptor, and when the mobile storage device is not in the white list, namely whether the mobile storage device is infected with viruses or malicious software or not is uncertain, the access of the mobile storage device is refused, so that the mobile storage device which is not scanned safely cannot access a factory network.
In one implementation manner, when the identification information of the mobile storage device is in the white list, the mobile storage device interceptor determines whether the first file information is consistent with the second file information corresponding to the identification information of the mobile storage device. The second file information may include attribute information of the file when the mobile storage device passes the security scan, and the attribute information of the file may be, for example, scan time for each file passing the security scan, total number of files, size of total file, and the like.
It should be noted that, when the interceptor of the mobile storage device determines whether the first file information is consistent with the second file information, the interceptor only compares file attribute information of the same category in the first file information and the second file information, so as to determine whether the first file information is consistent with the second file information. For example, the total number of files in the first file information is compared with the total number of files in the second file information, or the creation or update time of each file in the first file information is compared with the scan time of each file in the second file information, or the total file size in the first file information is compared with the total file size in the second file information.
It should be appreciated that even if the mobile storage device has been subjected to the security scan, there is no guarantee that the mobile storage device will not be infected before the client device is inserted, and therefore it is desirable to compare the current file information of the mobile storage device with the file information of the mobile storage device when the mobile storage device has been subjected to the security scan for consistency.
It should be understood that the second file information corresponding to the identification information of the mobile storage device refers to file information of the mobile storage device recorded in a white list when the mobile storage device is in the white list, that is, file information of the mobile storage device when the mobile storage device is subjected to security scanning.
Possibly, the first file information is consistent with second file information corresponding to the identification information of the mobile storage device, and the mobile storage device interceptor allows the mobile storage device to access the client device. That is, the mobile storage device is not tampered or invaded by files during the period of time before the mobile storage device is inserted into the client device after the security scanning, and is still a secure mobile storage device, and the access of the mobile storage device to the client device is allowed.
In one implementation, allowing access to the client device by the mobile storage device may be activating the mobile storage device and connecting to the operating system of the client device.
Possibly, the first file information is inconsistent with second file information corresponding to the identification information of the mobile storage device, and the mobile storage device interceptor refuses the access of the mobile storage device to the client device. That is, the time period before the mobile storage device is inserted into the client device after the security scan, the file in the mobile storage device may be tampered or virus-invaded, and it is not possible to determine whether the mobile storage device is secure, so that the access of the mobile storage device to the client device is denied.
Through the scheme, even if the mobile storage device is in a white list, before the mobile storage device accesses the client, secondary verification is carried out, whether the current file information of the mobile storage device is consistent with the file information of the mobile storage device after security scanning is judged, whether the mobile storage device is safe is determined again, and when the mobile storage device is not safe, the mobile storage device cannot enter a factory network.
In one implementation manner, when the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, the mobile storage device interceptor sends first indication information to the mobile storage device manager, and instructs the mobile storage device manager to delete the information of the mobile storage device from the white list.
Through the implementation mode, when the current file information of the mobile storage device is inconsistent with the file information of the mobile storage device after security scanning, the information of the mobile storage device is deleted from the white list, so that the security identity of the mobile storage device is invalid, and when the mobile storage device is inserted into the client device again, the mobile storage device interceptor rejects the access of the mobile storage device. .
In one implementation, before the mobile storage device interceptor obtains the information of the mobile storage device, the mobile storage device interceptor is first installed on the client and is guaranteed to be in an open state in step 110.
In one implementation, the white list is sent to the client device by the mobile storage device manager, and the client device may save the received white list to a local white list for use by the mobile storage device interceptor.
Fig. 2 shows a schematic flow chart of another method 200 for managing a mobile storage device according to an embodiment of the present application. Method 200 may be performed by an antivirus scanner. The method 200 may include at least some of the following.
The antivirus scanner performs a security scan of the mobile storage device 210.
In an embodiment of the present application, the antivirus scanner is a component or device integrating a plurality of antivirus engines, and when a mobile storage device is plugged into the component or device, the antivirus engines can automatically perform security scanning on the mobile storage device.
In one implementation, an antivirus scanner cross-scans a mobile storage device using the antivirus engines, and determines that the mobile storage device passes a security scan when the mobile storage device is not infected with a virus or a virus infected by the mobile storage device is killed by the antivirus engines; when the virus infected by the mobile storage device is not killed by the antivirus engine, determining that the mobile storage device fails the security scan.
In one implementation, when a virus infected by the mobile storage device is not killed by the antivirus engine, meaning that the virus may need to be cleaned manually, a specific signal, such as a red light, may be sent to the administrator so that the administrator can clean it in time.
In one implementation, the antivirus scanner is connected to the internet, updates the virus feature library in real time, and generates a corresponding antivirus engine, so as to clean the virus of the mobile storage device timely and effectively.
220, after the mobile storage device passes the security scan, the antivirus scanner sends the information of the mobile storage device to the mobile storage device manager, where the information of the mobile storage device includes the identification information of the mobile storage device and the file information of the mobile storage device when the mobile storage device passes the security scan.
The information of the mobile storage device is used for adding the information of the mobile storage device into a white list.
It should be noted that the file information of the mobile storage device passing through the security scan is the same as the second file information described in step 120, and for brevity, details are not repeated here.
In the step 220, after the antivirus scanner completes the security scan on the mobile storage device, only the information of the mobile storage device passing the security scan is sent to the mobile storage device manager, so that the mobile storage device manager directly adds the information of the mobile storage device to the white list. In another implementation manner, the antivirus scanner may further send the scanning result and the information of the mobile storage device to the mobile storage device manager, and the mobile storage device manager determines whether to add the information of the mobile storage device to the white list according to the scanning result.
It should be understood that the antivirus scanner of the embodiments of the present application may also be referred to as an antivirus scanner, and the name of the device or component is not limited by the present application.
Because the antivirus scanner is an independent device or component compared with the client device and is isolated from the network used by the client device in the factory, the virus library can be updated at any time through the implementation mode, and the condition that some new viruses enter the industrial control system because the antivirus scanner and the client cannot be updated in time when being integrated is avoided.
Fig. 3 shows a schematic flow chart of another method 300 for managing a mobile storage device according to an embodiment of the present application. The method 300 may be performed by a mobile storage device manager. The method 300 may include at least some of the following.
And 310, the mobile storage device manager receives the information of the mobile storage device sent by the antivirus scanner, wherein the information of the mobile storage device comprises the identification information of the mobile storage device and the file information of the mobile storage device when the mobile storage device passes the security scan.
In the embodiment of the present application, the mobile storage device manager is a program running on a server, and is used for managing a white list, for example, adding, deleting or updating the white list may be performed.
In one implementation, the mobile storage device manager may also manage a mobile storage device interceptor in the client device, such as by starting, stopping, or uninstalling the mobile storage device interceptor. It should be understood that the removable storage device manager according to the embodiment of the present application may also be referred to as a removable storage device management platform, and the name of the program is not limited in the present application.
It should be understood that the information of the mobile storage device is the same as the information of the mobile storage device described in step 220, and is not described herein again for brevity.
And 320, adding the information of the mobile storage device into a white list by the mobile storage device manager.
In this embodiment, when the mobile storage device manager receives the information of the mobile storage device sent by the antivirus scanner, the mobile storage device manager may register the mobile storage device and store the information of the mobile storage device in a white list.
The mobile storage device manager sends 330 the whitelist to the client device.
In one implementation, the mobile storage device manager may periodically synchronize updates to the local whitelist of the client device.
In one implementation, the client device may download the white list from the mobile storage device manager periodically or aperiodically, so as to realize active acquisition of the white list.
In one implementation manner, when the mobile storage device manager receives the first indication information sent by the mobile storage device interceptor, the information of the mobile storage device is deleted from the white list, so that the security identity of the mobile storage device is disabled.
Through the scheme, the mobile storage device manager can automatically create the white list for the mobile storage device which passes through the safety scanning, manual maintenance is not needed, and the cost and the workload of manual management are reduced.
In an alternative embodiment, a factory administrator may manually add information of one or more mobile storage devices to the white list in the mobile storage device manager, that is, when the factory administrator approves the security of the one or more mobile storage devices and authorizes the one or more mobile storage devices to be secure mobile storage devices.
Fig. 4 illustrates a schematic block diagram of a mobile storage device interceptor 400 of an embodiment of the present application. The mobile storage device interceptor 400 may be software installed on the client device. The mobile storage device interceptor 400 may perform the method 100 for managing and controlling a mobile storage device according to the embodiment of the present application, and the mobile storage device interceptor 400 may be a mobile storage device interceptor in the foregoing method.
As shown in fig. 4, the mobile storage device interceptor 400 includes:
an obtaining unit 410, configured to obtain information of a mobile storage device when it is detected that the mobile storage device is inserted into a client device, where the information of the mobile storage device includes identification information of the mobile storage device and first file information of the mobile storage device, and the first file information is used to record attribute information of a current file of the mobile storage device;
the processing unit 420 is configured to manage and control the mobile storage device according to information of the mobile storage device and a white list, where the white list includes identification information of a secure mobile storage device that passes security scanning and second file information of the secure mobile storage device, and the second file information is used to record attribute information of a file when the secure mobile storage device passes security scanning.
Optionally, in an embodiment of the present application, when the identification information of the mobile storage device is not in the white list, access of the mobile storage device to the client device is denied; or when the identification information of the mobile storage device is in the white list, judging whether the first file information is consistent with the second file information corresponding to the identification information of the mobile storage device; if the first file information is consistent with the second file information corresponding to the identification information of the mobile storage device, allowing the mobile storage device to access the client device; or if the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, denying the mobile storage device to access the client device.
Optionally, in an embodiment of the present application, the mobile storage device interceptor further includes a sending unit 430; the sending unit 430 is configured to send first indication information to a mobile storage device manager if the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, where the first indication information is used to indicate the mobile storage device manager to delete information of the mobile storage device from the white list.
FIG. 5 shows a schematic block diagram of an antivirus scanner 500 of an embodiment of the present application. The antivirus scanner 500 may perform the method 200 for managing a mobile storage device according to the embodiment of the present application, and the antivirus scanner 500 may be an antivirus scanner of the aforementioned methods.
As shown in fig. 5, the antivirus scanner 500 includes:
a processing unit 510, configured to perform security scanning on the mobile storage device;
a sending unit 520, configured to send information of the mobile storage device to a mobile storage device manager after the mobile storage device passes security scanning, where the information of the mobile storage device includes identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes security scanning, and the information of the mobile storage device is used to add the mobile storage device to a white list.
Optionally, in an embodiment of the present application, the processing unit 510 is specifically configured to scan the mobile storage device by using a antivirus engine; when the mobile storage device is not infected with viruses or the viruses infected by the mobile storage device are killed by the antivirus engine, determining that the mobile storage device passes a security scan; when the virus infected by the mobile storage device is not killed by the antivirus engine, determining that the mobile storage device fails the security scan.
Fig. 6 shows a schematic block diagram of a mobile storage device manager 600 according to an embodiment of the present application. The mobile storage device manager 600 may be a component installed in a server. The mobile storage device manager 600 may execute the method 300 for managing a mobile storage device according to the embodiment of the present application, and the mobile storage device manager 600 may be a mobile storage device manager in the foregoing method.
As shown in fig. 6, the mobile storage device manager 600 includes:
a receiving unit 610, configured to receive information of a mobile storage device sent by an antivirus scanner, where the information of the mobile storage device includes identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes security scanning;
a processing unit 620, configured to add information of the mobile storage device to a white list;
a sending unit 630, configured to send the white list to the client device.
In this embodiment of the present application, the antivirus scanner and the removable storage device manager may be integrated on the same device, or may be separate devices or components, which is not limited in this application.
Fig. 7 is a schematic diagram of a hardware structure of a mobile storage device management and control apparatus according to an embodiment of the present application. The apparatus 700 for device type identification shown in fig. 7 includes a memory 701, a processor 702, a communication interface 703, and a bus 704. The memory 701, the processor 702, and the communication interface 703 are communicatively connected to each other by a bus 704.
The memory 701 may be a read-only memory (ROM), a static storage device, and a Random Access Memory (RAM). The memory 701 may store a program, and when the program stored in the memory 701 is executed by the processor 702, the processor 702 and the communication interface 703 are used to execute the steps of the method for managing a mobile storage device according to the embodiment of the present application.
The processor 702 may be a general-purpose Central Processing Unit (CPU), a microprocessor, an Application Specific Integrated Circuit (ASIC), a Graphics Processing Unit (GPU), or one or more integrated circuits, and is configured to execute related programs to implement functions required to be executed by units in the device type identification apparatus according to the embodiment of the present application, or to execute the method for managing and controlling the mobile storage device according to the embodiment of the present application.
The processor 702 may also be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method for managing and controlling a mobile storage device according to the embodiment of the present application may be implemented by an integrated logic circuit of hardware in the processor 702 or an instruction in the form of software.
The processor 702 may also be a general purpose processor, a Digital Signal Processor (DSP), an ASIC, an FPGA (field programmable gate array) or other programmable logic device, discrete gate or transistor logic device, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software modules in a processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in the memory 701, and the processor 702 reads information in the memory 701, and completes, in combination with hardware of the processor, functions that need to be executed by units included in the apparatus for device type identification according to the embodiment of the present application, or executes the method for managing a mobile storage device according to the embodiment of the present application.
The communication interface 703 enables communication between the apparatus 700 and other devices or communication networks using transceiver means such as, but not limited to, transceivers. For example, traffic data for an unknown device may be obtained via communications interface 703.
Bus 704 may include a path that conveys information between various components of device 700, such as memory 701, processor 702, and communication interface 703.
It should be noted that although the apparatus 700 described above shows only a memory, a processor, and a communication interface, in a specific implementation, those skilled in the art will appreciate that the apparatus 700 may also include other devices necessary for normal operation. Also, those skilled in the art will appreciate that the apparatus 700 may also include hardware components for performing other additional functions, according to particular needs. Furthermore, those skilled in the art will appreciate that apparatus 700 may also include only those components necessary to implement embodiments of the present application, and need not include all of the components shown in FIG. 7.
The embodiment of the present application further provides a computer-readable storage medium, which stores program codes for device execution, where the program codes include instructions for executing steps in the above method for managing and controlling a mobile storage device.
The embodiment of the present application further provides a computer program product, where the computer program product includes a computer program stored on a computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer is caused to execute the method for managing and controlling a mobile storage device.
The computer-readable storage medium described above may be a transitory computer-readable storage medium or a non-transitory computer-readable storage medium.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The words used in this application are words of description only and not of limitation of the claims. As used in the description of the embodiments and the claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Similarly, the term "and/or" as used in this application is meant to encompass any and all possible combinations of one or more of the associated listed. In addition, the terms "comprises" and/or "comprising," when used in this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The various aspects, implementations, or features of the described embodiments can be used alone or in any combination. Aspects of the described embodiments may be implemented by software, hardware, or a combination of software and hardware. The described embodiments may also be embodied by a computer-readable medium having computer-readable code stored thereon, the computer-readable code comprising instructions executable by at least one computing device. The computer readable medium can be associated with any data storage device that can store data which can be read by a computer system. Exemplary computer readable media can include read-only memory, random-access memory, compact-disk read-only memory (CD-ROM), hard Disk Drive (HDD), digital Video Disk (DVD), magnetic tape, and optical data storage devices. The computer readable medium can also be distributed over network coupled computer systems so that the computer readable code is stored and executed in a distributed fashion.
The above description of the technology may refer to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration embodiments in which the described embodiments may be practiced. These embodiments, while described in sufficient detail to enable those skilled in the art to practice them, are non-limiting; other embodiments may be utilized and changes may be made without departing from the scope of the described embodiments. For example, the order of operations described in a flowchart is non-limiting, and thus the order of two or more operations illustrated in and described in accordance with the flowchart may be altered in accordance with several embodiments. As another example, in several embodiments, one or more operations illustrated in and described with respect to the flowcharts are optional or may be eliminated. In addition, certain steps or functions may be added to the disclosed embodiments, or a sequence of two or more steps may be substituted. All such variations are considered to be encompassed by the disclosed embodiments and the claims.
Furthermore, terminology is used in the above description of the technology to provide a thorough understanding of the described embodiments. However, no unnecessary detail is required to implement the described embodiments. Accordingly, the foregoing description of the embodiments has been presented for purposes of illustration and description. The embodiments presented in the foregoing description and the examples disclosed in accordance with these embodiments are provided solely to add context and aid in the understanding of the described embodiments. The above description is not intended to be exhaustive or to limit the described embodiments to the precise form disclosed. Many modifications, alternative uses, and variations are possible in light of the above teaching. In some instances, well known process steps have not been described in detail in order to avoid unnecessarily obscuring the described embodiments.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (12)

1. A method (100) of mobile storage device governance, the method comprising:
when a mobile storage device interceptor detects that a mobile storage device is inserted into a client device, acquiring (110) information of the mobile storage device, wherein the information of the mobile storage device comprises identification information of the mobile storage device and first file information of the mobile storage device, and the first file information is used for recording attribute information of a current file of the mobile storage device;
and the mobile storage equipment interceptor manages and controls (120) the mobile storage equipment according to the information of the mobile storage equipment and a white list, wherein the white list comprises identification information of the safe mobile storage equipment which passes the safety scanning and second file information of the safe mobile storage equipment, and the second file information is used for recording attribute information of a file when the safe mobile storage equipment passes the safety scanning.
2. The method (100) of claim 1, wherein the mobile storage device interceptor governing (120) the mobile storage device according to the information of the mobile storage device and a white list comprises:
when the identification information of the mobile storage equipment is not in the white list, the mobile storage equipment interceptor refuses the access of the mobile storage equipment to the client equipment; or
When the identification information of the mobile storage equipment is in the white list, the mobile storage equipment interceptor judges whether the first file information is consistent with the second file information corresponding to the identification information of the mobile storage equipment;
if the first file information is consistent with the second file information corresponding to the identification information of the mobile storage device, the mobile storage device interceptor allows the mobile storage device to access the client device; or if the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, the mobile storage device interceptor refuses the access of the mobile storage device to the client device.
3. The method (100) of claim 2, wherein if the first file information is inconsistent with the second file information corresponding to the identification information of the mobile storage device, the method further comprises:
the mobile storage device interceptor sends first indication information to a mobile storage device manager, wherein the first indication information comprises identification information of the mobile storage device, and the first indication information is used for indicating the mobile storage device manager to delete information of the mobile storage device from the white list.
4. A method (200) of mobile storage device governance, the method comprising:
the anti-virus scanner performs security scanning on the mobile storage device (210);
after the mobile storage device passes the security scanning, sending (220) information of the mobile storage device to a mobile storage device manager, wherein the information of the mobile storage device comprises identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes the security scanning, and the information of the mobile storage device is used for adding the information of the mobile storage device into a white list.
5. The method (200) of claim 4, wherein the virus scanner securely scanning (210) the mobile storage device comprises:
scanning the mobile storage device with an antivirus engine;
when the mobile storage device is not infected with viruses or the viruses infected by the mobile storage device are killed by the antivirus engine, determining that the mobile storage device passes a security scan;
when the virus infected by the mobile storage device is not killed by the antivirus engine, determining that the mobile storage device fails the security scan.
6. A method (300) of mobile storage device governance, the method comprising:
the method comprises the steps that a mobile storage device manager receives (310) information of the mobile storage device sent by an antivirus scanner, wherein the information of the mobile storage device comprises identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes security scanning;
adding (320) the information of the mobile storage device to a white list by the mobile storage device manager;
the mobile storage device manager sends (330) the whitelist to a client device.
7. The method (300) of claim 6, further comprising:
the mobile storage device manager receives first indication information sent by a mobile storage device interceptor, wherein the first indication information comprises identification information of a mobile storage device, and the first indication information is used for indicating the mobile storage device manager to delete information of the mobile storage device from the white list;
and the mobile storage device manager deletes the information of the mobile storage device from the white list according to the first indication information.
8. A mobile storage device interceptor (400), comprising:
an obtaining unit (410) configured to, when it is detected that a mobile storage device is inserted into a client device, obtain information of the mobile storage device, where the information of the mobile storage device includes identification information of the mobile storage device and first file information of the mobile storage device, and the first file information is used to record attribute information of a current file of the mobile storage device;
the processing unit (420) is configured to manage and control the mobile storage device according to information of the mobile storage device and a white list, where the white list includes identification information of a secure mobile storage device that passes security scanning and second file information of the secure mobile storage device, and the second file information is used to record attribute information of a file when the secure mobile storage device passes security scanning.
9. An antivirus scanner (500), comprising:
a processing unit (510) for performing a security scan on the mobile storage device;
a sending unit (520), configured to send information of the mobile storage device to a mobile storage device manager after the mobile storage device passes security scanning, where the information of the mobile storage device includes identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes security scanning, and the information of the mobile storage device is used to add the mobile storage device to a white list.
10. A mobile storage device manager (600), comprising:
a receiving unit (610) configured to receive information of a mobile storage device sent by an antivirus scanner, where the information of the mobile storage device includes identification information of the mobile storage device and file information of the mobile storage device when the mobile storage device passes security scanning;
a processing unit (620) for adding the information of the mobile storage device to a white list;
a sending unit (630) for sending the white list to a client device.
11. A mobile storage device management and control apparatus (700), comprising:
a memory (701) for storing a program;
a processor (702) for executing the memory-stored program, the processor being configured to perform the method of mobile storage device governance according to any one of claims 1 to 7 when the memory-stored program is executed.
12. A computer readable storage medium storing program code for device execution, the program code comprising instructions for performing the steps in the method of mobile storage device governance according to any one of claims 1 to 7.
CN202111143261.5A 2021-09-28 2021-09-28 Method and device for managing and controlling mobile storage equipment Pending CN115879106A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111143261.5A CN115879106A (en) 2021-09-28 2021-09-28 Method and device for managing and controlling mobile storage equipment
PCT/CN2022/115628 WO2023051131A1 (en) 2021-09-28 2022-08-29 Method and apparatus for managing and controlling mobile storage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111143261.5A CN115879106A (en) 2021-09-28 2021-09-28 Method and device for managing and controlling mobile storage equipment

Publications (1)

Publication Number Publication Date
CN115879106A true CN115879106A (en) 2023-03-31

Family

ID=85763502

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111143261.5A Pending CN115879106A (en) 2021-09-28 2021-09-28 Method and device for managing and controlling mobile storage equipment

Country Status (2)

Country Link
CN (1) CN115879106A (en)
WO (1) WO2023051131A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8578064B2 (en) * 2008-08-12 2013-11-05 Moka5, Inc. Interception and management of I/O operations on portable storage devices
CN107483434A (en) * 2017-08-10 2017-12-15 郑州云海信息技术有限公司 The management system and method for a kind of movable storage device
CN108875373B (en) * 2017-12-29 2021-04-20 北京安天网络安全技术有限公司 Mobile storage medium file control method, device and system and electronic equipment
CN109033868A (en) * 2018-06-29 2018-12-18 北京奇虎科技有限公司 A kind of management method and device of movable storage device file

Also Published As

Publication number Publication date
WO2023051131A1 (en) 2023-04-06

Similar Documents

Publication Publication Date Title
US11036836B2 (en) Systems and methods for providing real time security and access monitoring of a removable media device
US9177145B2 (en) Modified file tracking on virtual machines
RU2680736C1 (en) Malware files in network traffic detection server and method
US10354068B2 (en) Anonymized application scanning for mobile devices
US20190104140A1 (en) System and method of cloud detection, investigation and elimination of targeted attacks
WO2019158915A1 (en) Managing virtual machine security resources
EP3115920A1 (en) System and method of controlling opening of files by vulnerable applications
US20090241194A1 (en) Virtual machine configuration sharing between host and virtual machines and between virtual machines
WO2015096695A1 (en) Installation control method, system and device for application program
KR100997802B1 (en) Apparatus and method for security managing of information terminal
US9917862B2 (en) Integrated application scanning and mobile enterprise computing management system
US20170289179A1 (en) Sandboxing protection for endpoints
JP2009151751A (en) Method and system for creating and updating approved-file and trusted-domain database
CN105122260A (en) Context based switching to a secure operating system environment
US9436824B1 (en) System and method for performing antivirus scans of files
US8898806B1 (en) Systems and methods for protecting services
CN110348180B (en) Application program starting control method and device
CN115879106A (en) Method and device for managing and controlling mobile storage equipment
CN111917736B (en) Network security management method, computing device and readable storage medium
CN114244631A (en) Computer network security protection method and system
CN114861160A (en) Method, device, equipment and storage medium for improving non-administrator account authority
CN115080966B (en) Dynamic white list driving method and system
CN108183920A (en) A kind of industrial control system malicious code defending system and its defence method
CN114491542B (en) Virus checking and killing method, electronic equipment and peripheral ferry device
CN114520745B (en) Method and system for controlling read-write permission to realize data safety ferry and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination