CN116756786B - Method and device for controlling use and safety of mobile storage medium - Google Patents
Method and device for controlling use and safety of mobile storage medium Download PDFInfo
- Publication number
- CN116756786B CN116756786B CN202311040533.8A CN202311040533A CN116756786B CN 116756786 B CN116756786 B CN 116756786B CN 202311040533 A CN202311040533 A CN 202311040533A CN 116756786 B CN116756786 B CN 116756786B
- Authority
- CN
- China
- Prior art keywords
- storage medium
- mobile storage
- determining
- control strategy
- hidden area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000011217 control strategy Methods 0.000 claims abstract description 100
- 238000004590 computer program Methods 0.000 claims description 12
- 230000009471 action Effects 0.000 claims description 8
- 239000002245 particle Substances 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009385 viral infection Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and a device for controlling the use and safety of a mobile storage medium, which relate to the technical field of data safety, and the method comprises the following steps: when the mobile storage medium is connected with the computer equipment, acquiring basic information of the mobile storage medium; determining a control strategy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and forbidden use; judging whether a hidden area exists in the mobile storage medium or not when the control strategy is used; if the mobile storage medium has a hidden area, determining a target control strategy according to the basic information and the received user instruction; the target control strategy is used for realizing the safety control of the hidden area. The use and safety control method of the mobile storage medium can realize safety control on the mobile storage medium, prevent data leakage and improve the safety of the mobile storage medium.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and an apparatus for controlling usage and security of a mobile storage medium.
Background
With the continuous development of the existing storage technology, the mobile storage medium brings great convenience for people to store and exchange data, for example, a common U disk has strong compatibility, large storage capacity, reliable performance, plug and play and portability. However, due to these characteristics, the security risks of easy loss, easy virus infection, easy information leakage and the like of the U disk are also caused, so that the security and the data security of the computer system are further affected.
Chinese patent CN103824014a discloses an isolation authentication and monitoring method for USB port devices in a local area network, which is used for performing isolation control and read-write operation on a USB storage device by adding intervention of a hardware control configurator and communicating with a computer terminal. But affects the transmission rate of the USB storage device, adding additional hardware cost, and failing to secure the data acquired by the storage device.
Disclosure of Invention
In order to solve the above problems, embodiments of the present invention provide a method and an apparatus for controlling usage and security of a mobile storage medium, where the method can implement security control on the mobile storage medium, prevent data leakage, and improve security of the mobile storage medium.
In a first aspect, an embodiment of the present invention provides a method for controlling usage and security of a mobile storage medium, including:
when a mobile storage medium is connected with computer equipment, acquiring basic information of the mobile storage medium;
determining a control strategy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and prohibition of use;
judging whether a hidden area exists in the mobile storage medium or not when the control strategy is used;
if the hidden area exists in the mobile storage medium, determining a target control strategy according to the basic information and the received user instruction; the target control strategy is used for realizing safety control of the hidden area.
Optionally, the basic information includes a name, a device type, a vendor identification code, a product identification code, a corresponding drive volume label, and a drive letter of the mobile storage medium.
Optionally, the determining a control policy of the mobile storage medium according to the basic information includes:
judging whether the drive letter is positioned in a limit drive letter catalog of the computer equipment;
if the drive letter is not located in the limited drive letter catalog of the computer equipment, judging whether the product identification code exists in a preset database of the computer equipment;
If the product identification code exists in a preset database of the computer equipment, determining that the control strategy of the mobile storage medium is used;
if the product identification code does not exist in the preset database of the computer equipment, determining a risk score of the mobile storage medium according to the manufacturer identification code and the acquired service condition information of the mobile storage medium, so as to determine the control strategy according to the risk score;
and if the drive is positioned in the limited drive catalog of the computer equipment, determining that the control strategy of the mobile storage medium is forbidden.
Optionally, the determining the risk score of the mobile storage medium according to the vendor identification code and the acquired usage information of the mobile storage medium includes:
determining the total erasing times of the mobile storage medium, the total number of historically connected first computer equipment, the first erasing times of the first computer equipment and the connection time of the first computer equipment when each erasing according to the use condition information;
determining a manufacturer according to the manufacturer identification code, and determining the trust level of the first computer equipment and the computer equipment on the mobile storage medium from a preset trust level table; wherein, the preset trust level table stores trust levels of each computer device to each manufacturer;
Determining the statistical times of the connection time length longer than a preset connection time length in the first erasing times aiming at each erasing of the mobile storage medium in the first computer equipment;
determining the risk score according to the total erasing times, the total number, the first erasing times, the statistical times and the trust level;
the risk score is determined by the following formula:
wherein,Mfor characterizing the risk score;a weight for characterizing a trust level of an ith first computer device to a vendor of the mobile storage medium;nfor characterizing the total number;m i a first number of erasures for characterizing the removable storage media at an ith first computer device;T i for characterizing said statistics of said removable storage medium at an ith first computer device;Nfor characterizing the total number of erasures;N L a theoretical total number of erasures used to characterize the removable storage media.
Optionally, the determining the control policy according to the risk score includes:
the use in the control strategy comprises read-only use and read-write use;
judging whether the risk score is larger than a first preset threshold value or not;
If yes, determining that the control strategy of the mobile storage medium is forbidden;
if not, determining whether the risk score is larger than a second preset threshold, and if so, determining that the control strategy of the mobile storage medium is read-only; otherwise, determining the control strategy of the mobile storage medium to be used for reading and writing; wherein the first preset threshold is greater than the second preset threshold.
Optionally, if the mobile storage medium has a hidden area, determining a target control policy according to the basic information and the received user instruction includes:
if the hidden area exists in the mobile storage medium, cutting the disc of the mobile storage medium; wherein the use in the control strategy comprises read-only use and read-write use;
when the use in the control strategy is read-write, determining the hidden area as a display area, and accessing and erasing the hidden area according to the user instruction;
and when the use in the control strategy is read-only, determining the hidden area as a read-only area, and accessing and reading the hidden area according to the user instruction.
Optionally, the method further comprises:
And acquiring user actions to record the service condition information of the mobile storage medium, so as to trace the information of the mobile storage medium according to the service condition information.
In a second aspect, an embodiment of the present invention further provides a device for controlling usage and security of a mobile storage medium, including:
the acquisition module is used for acquiring basic information of the mobile storage medium when the mobile storage medium is connected with the computer equipment;
the first determining module is used for determining a control strategy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and prohibition of use;
the judging module is used for judging whether the hidden area exists in the mobile storage medium or not when the control strategy is used;
the second determining module is used for determining a target control strategy according to the basic information and the received user instruction if the hidden area exists in the mobile storage medium; the target control strategy is used for realizing safety control of the hidden area.
In a third aspect, an embodiment of the present invention further provides a computing device, including a memory and a processor, where the memory stores a computer program, and the processor implements the method for controlling usage and security of a removable storage medium according to any one of the above when executing the computer program.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium having a computer program stored thereon, which when executed in a computer, causes the computer to perform the method for controlling usage and security of a removable storage medium according to any one of the above.
The embodiment of the invention provides a method and a device for controlling the use and safety of a mobile storage medium, wherein when the mobile storage medium is inserted into computer equipment, the method determines a corresponding control strategy for use or forbidden use by acquiring basic information of the mobile storage medium so as to realize the accurate control of the appointed mobile storage medium; meanwhile, when the control strategy is used and the hidden area exists in the mobile storage medium, the security control strategy for the hidden area is further determined according to the basic information and the received user instruction, and the security control for the security USB flash disk device is realized. Therefore, the method can simultaneously carry out safety control on the display and implicit mobile storage medium, prevent data leakage and further improve the safety of the mobile storage medium.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for controlling the use and security of a removable storage medium according to an embodiment of the present invention;
FIG. 2 is a hardware architecture diagram of a computing device according to one embodiment of the present invention;
fig. 3 is a block diagram of a usage and security control device for a removable storage medium according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
For storable external removable storage media, which are often used to carry important data or working files from one place to another or to bring extraneous data and special files to one place for use, it is very flexible and convenient. However, if the USB external storage device carries a virus or a Trojan horse file, the computer system itself or the local area network is easily attacked. Moreover, after the user brings important data out of the working and learning environment, information leakage is easily caused, and hidden troubles such as information and data security are caused. These problems can certainly pose a serious threat to computer system security and data security.
Accordingly, the present invention provides a flexible and effective method of controlling the use and security of a removable storage medium based on the above-described problems.
The following is a concept of the present invention, and as shown in fig. 1, an embodiment of the present invention provides a method for controlling usage and security of a mobile storage medium, including:
step 100, when a mobile storage medium is connected with a computer device, acquiring basic information of the mobile storage medium;
step 102, determining a control strategy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and prohibition of use;
104, judging whether a hidden area exists in the mobile storage medium when the control strategy is used;
step 106, if the hidden area exists in the mobile storage medium, determining a target control strategy according to the basic information and the received user instruction; the target control strategy is used for realizing safety control of the hidden area.
In the embodiment of the invention, when the mobile storage medium is inserted into the computer equipment, the corresponding control strategy for use or use prohibition is determined by acquiring the basic information of the mobile storage medium, so that the accurate control of the appointed mobile storage medium is realized; meanwhile, when the control strategy is used and the hidden area exists in the mobile storage medium, the security control strategy for the hidden area is further determined according to the basic information and the received user instruction, and the security control for the security USB flash disk device is realized. Therefore, the method can simultaneously carry out safety control on the display and implicit mobile storage medium, prevent data leakage and further improve the safety of the mobile storage medium.
It should be noted that the mobile storage medium includes an external mobile device of explicit storable type and an external mobile device of implicit storable type, where the external mobile device of explicit storable type includes, but is not limited to, a usb disk, a mobile hard disk, and an SD card (Secure Digital Memory Card), and the external mobile device of implicit storable type may be a secure usb disk. The computer device may be a computer, a host computer, or any computer system that can be inserted into a removable storage medium.
The manner in which the individual steps shown in fig. 1 are performed is described below.
In step 100, the basic information includes a name, a device type, a vendor identification code, a product identification code, a corresponding drive volume label, and a drive letter of the removable storage medium. It should be noted that, in the present invention, when the mobile storage medium is inserted into the computer device, the above basic information and the spatial storage size of the mobile storage medium may be acquired through the attribute acquisition module, so that the subsequent user intuitively acquires the relevant basic information about the mobile storage medium.
In step 102, determining a control policy of the mobile storage medium according to the basic information, including:
s1: judging whether the drive letter is positioned in a limit drive letter catalog of the computer equipment; if not, executing S2, otherwise executing step S5;
S2: judging whether the product identification code exists in a preset database of the computer equipment or not; if yes, executing the step S3, otherwise executing the step S4;
s3: determining a control strategy of the mobile storage medium to use;
s4: determining a risk score of the mobile storage medium according to the manufacturer identification code and the acquired service condition information of the mobile storage medium, so as to determine the control strategy according to the risk score;
s5: determining that the control strategy of the mobile storage medium is forbidden.
The prohibition of use does not permit the use of the removable storage medium for the computer device, and the removable storage medium cannot be opened, and the files and data information in the removable storage medium cannot be acquired. The mobile storage medium is in an inaccessible state to the current computer equipment, so that the mobile storage medium can not move, copy, paste, modify, delete and the like the internal files of the equipment and the file content. The use of the removable storage medium for the computer device allows the removable storage medium to be opened and files and data information in the removable storage medium to be obtained.
In the embodiment of the invention, whether the mobile storage medium can be used is determined by the drive in advance, and if the drive is limited by the computer equipment, namely, the drive of the mobile storage medium is positioned in the limited drive catalog of the current computer equipment, the mobile storage medium cannot be used, namely, the control strategy is forbidden. When the drive is not in the limited drive catalog of the computer equipment, preliminarily determining that the current computer equipment allows the mobile storage medium to be used, then further determining whether the product identification code of the mobile storage medium is in a preset database, if so, determining that the current computer equipment trusts the mobile storage medium, and controlling the strategy to be used; if not, the risk score of the vehicle is determined according to the manufacturer identification code and the service condition information, and then a control strategy is determined according to the risk score. Therefore, the invention formulates a finer use and control strategy of the mobile storage medium, not only realizes accurate control, but also further improves the use safety of the mobile storage medium.
In a preferred embodiment, determining the risk score of the removable storage medium according to the vendor identification code and the acquired usage information of the removable storage medium includes:
determining the total erasing times of the mobile storage medium, the total number of historically connected first computer equipment, the first erasing times of the first computer equipment and the connection time of the first computer equipment when each erasing according to the use condition information;
determining a manufacturer according to the manufacturer identification code, and determining the trust level of the first computer equipment and the computer equipment on the mobile storage medium from a preset trust level table; wherein, the preset trust level table stores trust levels of each computer device to each manufacturer;
determining the statistical times of the connection time length longer than a preset connection time length in the first erasing times aiming at each erasing of the mobile storage medium in the first computer equipment;
determining the risk score according to the total erasing times, the total number, the first erasing times, the statistical times and the trust level;
The risk score is determined by the following formula:
wherein,Mfor characterizing the risk score;a weight for characterizing a trust level of an ith first computer device to a vendor of the mobile storage medium;nfor characterizing the total number;m i a first number of erasures for characterizing the removable storage media at an ith first computer device;T i for characterizing said statistics of said removable storage medium at an ith first computer device;Nfor characterizing the total number of erasures;N L a theoretical total number of erasures used to characterize the removable storage media.
It should be noted that, the higher the trust level, the lower the weight value corresponding to the trust level, and specifically, the trust level and the weight value may be set by the administrator of the computer device. The total erasing times determined by the use condition information refers to the total erasing times of the mobile storage medium until the current time, the theoretical total erasing times refers to the erasable times of the mobile storage medium in the normal service life, and for the mobile storage medium with undefined theoretical total erasing times, the service life of the U disk adopting SLC particles can be determined according to that the U disk adopting MLC particles can be erased more than 1 ten thousand times, and the service life of the U disk adopting SLC particles can be further 10 ten thousand times, namely the theoretical total erasing times of the U disk adopting MLC particles is 1 ten thousand times, and the theoretical total erasing times of the U disk adopting SLC particles is 10 ten thousand times.
Because the trust degree of different computer devices on the mobile storage medium is different, a manufacturer is used as one of risk factors, and the use experience of a user is improved. The more computer devices connected with the mobile storage medium, the higher the risk of virus infection compared with the case that only one computer device is connected; meanwhile, if the computer equipment with low trust level to the mobile storage medium is connected for many times, the security risk is further increased, so that the total number of accessed computer equipment and the accumulated erasing times (namely the first erasing times) on each computer equipment are used as one of risk factors, and the control security can be further improved. Meanwhile, after the mobile storage medium is connected to the computer equipment, the computer equipment can supply power to the mobile storage medium, heat can be naturally generated by continuous power supply, the service life of the mobile storage medium can be reduced after the mobile storage medium is inserted for too long, and therefore the statistical times longer than the preset connection duration are used as risk factors.
In the embodiment of the invention, manufacturers, the current total erasing times, the total number of connected different computer devices, the first erasing times of each computer device, the statistics times exceeding the preset connection time and trust level are taken as risk factors, the risks are comprehensively evaluated based on the formula, and the risk score is obtained, so that the method is beneficial to users to accurately and scientifically control the security of the mobile storage medium based on the risk score and improve the security performance of the mobile storage medium.
In a preferred embodiment, said determining said control strategy based on said risk score comprises:
the use in the control strategy comprises read-only use and read-write use;
judging whether the risk score is larger than a first preset threshold value or not;
if yes, determining that the control strategy of the mobile storage medium is forbidden;
if not, determining whether the risk score is larger than a second preset threshold, and if so, determining that the control strategy of the mobile storage medium is read-only; otherwise, determining the control strategy of the mobile storage medium to be used for reading and writing; wherein the first preset threshold is greater than the second preset threshold.
It should be noted that, the read-only usage is: the computer device allows use of a removable storage medium, allows opening of the removable storage medium, and allows access to files and data information in the removable storage medium. However, the current computer device only has the authority of reading access to the mobile storage medium, and can not perform operations such as moving, copying, pasting, modifying, deleting and the like on the file itself and the file content. The read-write use is as follows: the computer equipment can normally use the mobile storage medium, and the current computer equipment can perform conventional operations such as moving, copying, pasting, modifying, deleting and the like on the files themselves and the file contents in the mobile storage medium.
In the embodiment of the invention, the control strategies used by further limitation comprise read-only use and read-write use, so that the control of the mobile storage medium can be further and accurately controlled, and different control strategies are given under different risk levels, thereby improving the safety. Specifically, after obtaining a risk score, determining that the control strategy is prohibited to be used when the risk score is greater than a first preset threshold; when the risk score is greater than a second preset threshold and not greater than a first preset threshold, determining that the control strategy is read-only; and when the risk score is not greater than a second preset threshold value, determining that the control strategy is used for reading and writing, and allowing the mobile storage medium to be subjected to any operation processing.
Because the hidden storable external mobile storage medium comprises a public area and a hidden area (namely an encryption area), the hidden area needs to call the cut disc to realize release, so that the cut disc is visible, a mechanism for protecting data in the process of transmission and use is realized, data leakage is prevented, and the safety of the data stored in the U disc is improved. Therefore, for the external mobile device including the hidden area, the control policy of the hidden area needs to be further considered, so as to further improve the security and the use experience of the user.
In step 106, if the hidden area exists in the mobile storage medium, determining a target control policy according to the basic information and the received user command, including:
if the hidden area exists in the mobile storage medium, cutting the disc of the mobile storage medium; wherein the use in the control strategy comprises read-only use and read-write use;
when the use in the control strategy is read-write, determining the hidden area as a display area, and accessing and erasing the hidden area according to the user instruction;
and when the use in the control strategy is read-only, determining the hidden area as a read-only area, and accessing and reading the hidden area according to the user instruction.
In the embodiment of the invention, after the control strategy of the mobile storage medium is used, the environmental safety of the current computer equipment is determined, and if the mobile storage medium is an external mobile device which can be stored implicitly, the disc is cut directly, and the hidden area is displayed. However, in order to further ensure the security of the data and the files stored in the hidden area, it is necessary to further determine a control policy of the hidden area, when the use in the control policy is read-write, the hidden area is determined as a display area, the corresponding target control policy is read-write, and access and erasure are performed on the hidden area according to the user instruction; when the use in the control strategy is read-only, the hidden area is determined to be the read-only area, the corresponding target control strategy is determined to be read-only, and the hidden area is accessed and read according to a user instruction.
In a preferred embodiment, the method further comprises:
and acquiring user actions to record the service condition information of the mobile storage medium, so as to trace the information of the mobile storage medium according to the service condition information.
In the embodiment of the invention, in order to solve the problem that a certain external mobile storage medium is used at a certain time on a certain computer device, the service condition information of the mobile storage medium can be recorded by acquiring the action record of a user and monitoring the insertion and extraction time of the user, and the service record is generated, so that the equipment is convenient to trace, the mobile storage medium on the computer device is monitored and managed safely and effectively, and the safety of the data of the computer device and the service traceability of the mobile storage medium are ensured.
As shown in fig. 2 and 3, an embodiment of the present invention provides a use and security control device for a removable storage medium. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. In terms of hardware, as shown in fig. 2, a hardware architecture diagram of a mobile storage medium and a computing device where a security control apparatus is located according to an embodiment of the present invention is shown, where in addition to a processor, a memory, a network interface, and a nonvolatile memory shown in fig. 2, the computing device where the apparatus is located may generally include other hardware, such as a forwarding chip responsible for processing a packet, and so on. Taking a software implementation as an example, as shown in fig. 3, as a device in a logic sense, the device is formed by reading a corresponding computer program in a nonvolatile memory into a memory by a CPU of a computing device where the device is located. The use and security control device for a mobile storage medium provided in this embodiment includes:
An obtaining module 300, configured to obtain basic information of a mobile storage medium when the mobile storage medium is connected to a computer device;
a first determining module 302, configured to determine a control policy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and prohibition of use;
a judging module 304, configured to judge whether a hidden area exists in the removable storage medium when the control policy is used;
a second determining module 306, configured to determine a target control policy according to the basic information and the received user instruction if the mobile storage medium has a hidden area; the target control strategy is used for realizing safety control of the hidden area.
In some embodiments, the obtaining module 300 may be configured to perform the step 100, the first determining module 302 may be configured to perform the step 102, the judging module 304 may be configured to perform the step 104, and the second determining module 306 may be configured to perform the step 106.
In some specific embodiments, the base information includes a name of the removable storage media, a device type, a vendor identification code, a product identification code, a corresponding drive volume label, and a drive letter.
In some specific embodiments, the first determining module 302 is configured to perform the following operations:
s1: judging whether the drive letter is positioned in a limit drive letter catalog of the computer equipment; if not, executing S2, otherwise executing step S5;
s2: judging whether the product identification code exists in a preset database of the computer equipment or not; if yes, executing the step S3, otherwise executing the step S4;
s3: determining a control strategy of the mobile storage medium to use;
s4: determining a risk score of the mobile storage medium according to the manufacturer identification code and the acquired service condition information of the mobile storage medium, so as to determine the control strategy according to the risk score;
s41: determining the total erasing times of the mobile storage medium, the total number of historically connected first computer equipment, the first erasing times of the first computer equipment and the connection time of the first computer equipment when each erasing according to the use condition information;
s42: determining a manufacturer according to the manufacturer identification code, and determining the trust level of the first computer equipment and the computer equipment on the mobile storage medium from a preset trust level table; wherein, the preset trust level table stores trust levels of each computer device to each manufacturer;
S43: determining the statistical times of the connection time length longer than a preset connection time length in the first erasing times aiming at each erasing of the mobile storage medium in the first computer equipment;
s44: determining the risk score according to the total erasing times, the total number, the first erasing times, the statistical times and the trust level;
the risk score is determined by the following formula:
wherein,Mfor characterizing the risk score;a weight for characterizing a trust level of an ith first computer device to a vendor of the mobile storage medium;nfor characterizing the total number;m i a first number of erasures for characterizing the removable storage media at an ith first computer device;T i for characterizing said statistics of said removable storage medium at an ith first computer device;Nfor characterizing the total number of erasures;N L a theoretical total number of erasures used to characterize the removable storage media;
s45: the use in the control strategy comprises read-only use and read-write use; judging whether the risk score is larger than a first preset threshold value or not;
if yes, determining that the control strategy of the mobile storage medium is forbidden;
If not, determining whether the risk score is larger than a second preset threshold, and if so, determining that the control strategy of the mobile storage medium is read-only; otherwise, determining the control strategy of the mobile storage medium to be used for reading and writing; wherein the first preset threshold is greater than the second preset threshold
S5: determining that the control strategy of the mobile storage medium is forbidden.
In some specific embodiments, the second determining module 306 is configured to perform the following operations:
if the hidden area exists in the mobile storage medium, cutting the disc of the mobile storage medium; wherein the use in the control strategy comprises read-only use and read-write use;
when the use in the control strategy is read-write, determining the hidden area as a display area, and accessing and erasing the hidden area according to the user instruction;
and when the use in the control strategy is read-only, determining the hidden area as a read-only area, and accessing and reading the hidden area according to the user instruction.
In some specific embodiments, the apparatus further comprises an auditing module for performing the following operations:
And acquiring user actions to record the service condition information of the mobile storage medium, so as to trace the information of the mobile storage medium according to the service condition information.
It should be understood that the structure illustrated in the embodiments of the present invention does not constitute a specific limitation on the use of a removable storage medium and the security control apparatus. In other embodiments of the invention, a removable storage media usage and security control device may include more or fewer components than shown, or may combine certain components, or may split certain components, or may have a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
The embodiment of the invention also provides a computing device, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the use and safety control method of the mobile storage medium in any embodiment of the invention when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores a computer program, and the computer program when executed by a processor causes the processor to execute the method for controlling the use and safety of the mobile storage medium in any embodiment of the invention.
Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of the storage medium for providing the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communication network.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
It is noted that relational terms such as first and second, and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of additional identical elements in a process, method, article or apparatus that comprises the element.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: various media in which program code may be stored, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. A method for controlling use and security of a removable storage medium, comprising:
when a mobile storage medium is connected with computer equipment, acquiring basic information of the mobile storage medium; the basic information comprises the name, equipment type, manufacturer identification code, product identification code, corresponding driver volume label and drive letter of the mobile storage medium;
Determining a control strategy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and prohibition of use;
judging whether a hidden area exists in the mobile storage medium or not when the control strategy is used;
if the hidden area exists in the mobile storage medium, determining a target control strategy according to the basic information and the received user instruction; the target control strategy is used for realizing the safety control of the hidden area;
the determining the control strategy of the mobile storage medium according to the basic information comprises the following steps:
judging whether the drive letter is positioned in a limit drive letter catalog of the computer equipment;
if the drive letter is not located in the limited drive letter catalog of the computer equipment, judging whether the product identification code exists in a preset database of the computer equipment;
if the product identification code exists in a preset database of the computer equipment, determining that the control strategy of the mobile storage medium is used;
if the product identification code does not exist in the preset database of the computer equipment, determining a risk score of the mobile storage medium according to the manufacturer identification code and the acquired service condition information of the mobile storage medium, so as to determine the control strategy according to the risk score;
If the drive is in the limited drive catalog of the computer equipment, determining that the control strategy of the mobile storage medium is forbidden;
and if the hidden area exists in the mobile storage medium, determining a target control strategy according to the basic information and the received user instruction, wherein the target control strategy comprises the following steps:
if the hidden area exists in the mobile storage medium, cutting the disc of the mobile storage medium; wherein the use in the control strategy comprises read-only use and read-write use;
when the use in the control strategy is read-write, determining the hidden area as a display area, and accessing and erasing the hidden area according to the user instruction;
and when the use in the control strategy is read-only, determining the hidden area as a read-only area, and accessing and reading the hidden area according to the user instruction.
2. The method of claim 1, wherein determining the risk score for the removable storage media based on the vendor identification code and the acquired usage information of the removable storage media comprises:
determining the total erasing times of the mobile storage medium, the total number of historically connected first computer equipment, the first erasing times of the first computer equipment and the connection time of the first computer equipment when each erasing according to the use condition information;
Determining a manufacturer according to the manufacturer identification code, and determining the trust level of the first computer equipment and the computer equipment on the mobile storage medium from a preset trust level table; wherein, the preset trust level table stores trust levels of each computer device to each manufacturer;
determining the statistical times of the connection time length longer than a preset connection time length in the first erasing times aiming at each erasing of the mobile storage medium in the first computer equipment;
determining the risk score according to the total erasing times, the total number, the first erasing times, the statistical times and the trust level;
the risk score is determined by the following formula:
wherein,Mfor characterizing the risk score;a weight for characterizing a trust level of an ith first computer device to a vendor of the mobile storage medium;nfor characterizing the total number;m i a first number of erasures for characterizing the removable storage media at an ith first computer device;T i for characterizing said statistics of said removable storage medium at an ith first computer device;Nfor characterizing the total number of erasures; N L A theoretical total number of erasures used to characterize the removable storage media.
3. The method of claim 1, wherein the determining the control strategy from the risk score comprises:
the use in the control strategy comprises read-only use and read-write use;
judging whether the risk score is larger than a first preset threshold value or not;
if yes, determining that the control strategy of the mobile storage medium is forbidden;
if not, determining whether the risk score is larger than a second preset threshold, and if so, determining that the control strategy of the mobile storage medium is read-only; otherwise, determining the control strategy of the mobile storage medium to be used for reading and writing; wherein the first preset threshold is greater than the second preset threshold.
4. A method according to any one of claims 1 to 3, further comprising:
and acquiring user actions to record the service condition information of the mobile storage medium, so as to trace the information of the mobile storage medium according to the service condition information.
5. A use and security control apparatus for a removable storage medium, comprising:
the acquisition module is used for acquiring basic information of the mobile storage medium when the mobile storage medium is connected with the computer equipment; the basic information comprises the name, equipment type, manufacturer identification code, product identification code, corresponding driver volume label and drive letter of the mobile storage medium;
The first determining module is used for determining a control strategy of the mobile storage medium according to the basic information; wherein the control strategy comprises use and prohibition of use;
the judging module is used for judging whether the hidden area exists in the mobile storage medium or not when the control strategy is used;
the second determining module is used for determining a target control strategy according to the basic information and the received user instruction if the hidden area exists in the mobile storage medium; the target control strategy is used for realizing the safety control of the hidden area;
the first determining module is further configured to perform the following operations:
s1: judging whether the drive letter is positioned in a limit drive letter catalog of the computer equipment; if not, executing S2, otherwise executing step S5;
s2: judging whether the product identification code exists in a preset database of the computer equipment or not; if yes, executing the step S3, otherwise executing the step S4;
s3: determining a control strategy of the mobile storage medium to use;
s4: determining a risk score of the mobile storage medium according to the manufacturer identification code and the acquired service condition information of the mobile storage medium, so as to determine the control strategy according to the risk score;
S5: determining that a control strategy of the mobile storage medium is forbidden;
the second determining module is further configured to perform the following operations:
if the hidden area exists in the mobile storage medium, cutting the disc of the mobile storage medium; wherein the use in the control strategy comprises read-only use and read-write use;
when the use in the control strategy is read-write, determining the hidden area as a display area, and accessing and erasing the hidden area according to the user instruction;
and when the use in the control strategy is read-only, determining the hidden area as a read-only area, and accessing and reading the hidden area according to the user instruction.
6. A computing device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the method of any of claims 1-4 when the computer program is executed.
7. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311040533.8A CN116756786B (en) | 2023-08-18 | 2023-08-18 | Method and device for controlling use and safety of mobile storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311040533.8A CN116756786B (en) | 2023-08-18 | 2023-08-18 | Method and device for controlling use and safety of mobile storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116756786A CN116756786A (en) | 2023-09-15 |
| CN116756786B true CN116756786B (en) | 2023-11-07 |
Family
ID=87953678
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311040533.8A Active CN116756786B (en) | 2023-08-18 | 2023-08-18 | Method and device for controlling use and safety of mobile storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116756786B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109254735A (en) * | 2018-10-11 | 2019-01-22 | 北京明朝万达科技股份有限公司 | The access control method and device of movable storage device |
| CN110516428A (en) * | 2019-08-30 | 2019-11-29 | 苏州国芯科技股份有限公司 | A kind of data read-write method of movable storage device, device and storage medium |
| CN111177783A (en) * | 2019-12-31 | 2020-05-19 | 北京明朝万达科技股份有限公司 | Method and device for preventing mobile storage medium from being divulged |
| CN112068890A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Method, system and storage medium for controlling computer external equipment |
| CN114386113A (en) * | 2021-12-23 | 2022-04-22 | 北京北信源软件股份有限公司 | Read-write control method, device and equipment for mobile storage equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10602360B2 (en) * | 2017-04-05 | 2020-03-24 | International Business Machines Corporation | Secure mobile device integration with vehicles |
-
2023
- 2023-08-18 CN CN202311040533.8A patent/CN116756786B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109254735A (en) * | 2018-10-11 | 2019-01-22 | 北京明朝万达科技股份有限公司 | The access control method and device of movable storage device |
| CN110516428A (en) * | 2019-08-30 | 2019-11-29 | 苏州国芯科技股份有限公司 | A kind of data read-write method of movable storage device, device and storage medium |
| CN111177783A (en) * | 2019-12-31 | 2020-05-19 | 北京明朝万达科技股份有限公司 | Method and device for preventing mobile storage medium from being divulged |
| CN112068890A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Method, system and storage medium for controlling computer external equipment |
| CN114386113A (en) * | 2021-12-23 | 2022-04-22 | 北京北信源软件股份有限公司 | Read-write control method, device and equipment for mobile storage equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116756786A (en) | 2023-09-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7606946B2 (en) | Removable device and program startup method | |
| US8024530B2 (en) | Security erase of a delete file and of sectors not currently assigned to a file | |
| JP4828199B2 (en) | System and method for integrating knowledge base of anti-virus software applications | |
| US6907396B1 (en) | Detecting computer viruses or malicious software by patching instructions into an emulator | |
| US7478237B2 (en) | System and method of allowing user mode applications with access to file data | |
| US7124301B1 (en) | Data protection method for a removable storage medium and a storage device using the same | |
| US8281410B1 (en) | Methods and systems for providing resource-access information | |
| CN106716333B (en) | Method for completing secure erase operation | |
| EP3682332B1 (en) | Method and apparatus for erasing or writing flash data | |
| CN109214204B (en) | Data processing method and storage device | |
| US8725780B2 (en) | Methods and systems for rule-based worm enforcement | |
| CN116756786B (en) | Method and device for controlling use and safety of mobile storage medium | |
| US20100287616A1 (en) | Controller capable of preventing spread of computer viruses and storage system and method thereof | |
| CA3155237A1 (en) | Ransomware prevention | |
| US20070277005A1 (en) | Recording Medium, Data Processing Apparatus, and Data Processing Method | |
| JP2007200244A (en) | Information management system and information management method | |
| US7006416B1 (en) | Record medium with mechanism of secrecy protection | |
| US20010044887A1 (en) | Record medium and method of controlling access to record medium | |
| US20030131112A1 (en) | Computer firewall system | |
| US7401195B2 (en) | Portable data storage device and method of accessing data thereof | |
| KR101349807B1 (en) | Security system for mobile storage and method thereof | |
| CN112818346A (en) | Method for trapping Lerso virus by file | |
| WO2013024702A1 (en) | External storage device and method for controlling external storage device | |
| CN112988672B (en) | User data protection method and device | |
| US20110213809A1 (en) | Method, a system and a computer program product for protecting a data-storing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |