CN1266619C - Computer safety system and its realizing method - Google Patents
Computer safety system and its realizing method Download PDFInfo
- Publication number
- CN1266619C CN1266619C CN 03156149 CN03156149A CN1266619C CN 1266619 C CN1266619 C CN 1266619C CN 03156149 CN03156149 CN 03156149 CN 03156149 A CN03156149 A CN 03156149A CN 1266619 C CN1266619 C CN 1266619C
- Authority
- CN
- China
- Prior art keywords
- hard disk
- disk drive
- protecting region
- driver
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a computer safety system and an achieving method thereof. The computer safety system comprises a hard disc driver, a virtual magnetic disc driver and a logical driver, wherein the hard disc driver establishes a host computer protection zone by setting the accessing address of a physical hard disc, the hard disc driver can open, access and close the host computer protection zone, and the hard disc driver can also control accessing authority; the virtual magnetic disc driver accesses the host computer protection zone by the hard disk driver and simulates the magnetic disc driver of the host computer protection zone in the kernel of an operation system, and the virtual magnetic disc driver generates a virtual magnetic disc object; the logic driver is correspondingly generated by the virtual magnetic disc object and is used for the operation of users. The host computer protection zone is simulated into a magnetic disc area by the cooperation of each part of the computer safety system, and the host computer protection zone can be directly accessed by opening the logical driver. The achieving method of the computer safety system correspondingly comprises the following steps: the hard disc driver is created; the virtual magnetic disc driver is created; the logic driver is generated; the host computer protection zone is simulated into the magnetic disc area, and the host computer protection zone can be directly accessed by opening the logic driver.
Description
Technical field
The present invention relates to computer security, especially refer to a kind of system and its implementation and access method of utilizing host protecting region to realize computer security.
Background technology
Some problems often appear in commercial user: because computing machine is the unit buying, the managerial personnel of unit are usually when giving in-company user of service with computing machine, version proof and operating system installation CD, the driving CD etc. of operating system are collected unified keeping, even issue final user of service, owing to the flowing of personnel, relevant operating system installation CD, drive CD etc. and lose.When running into system in case of system halt or operating system update in user's use afterwards, need these to install when driving and can not find associated drives, then can go wrong.Perhaps the user who has can pass through the up-to-date driver of network download, wastes time, delays manpower; And the certain user can't surf the Net based on the reason of installing, and also just corresponding driving can not be installed, and guarantees the normal operation of computing machine, the CD of these drivings simultaneously can not be revised, after new hardware driving occurring, the user needs to preserve separately up-to-date driver, very trouble.
Software CTO
At present the user purchases the own software that needs simultaneously when buying PC hardware when buying PC, and different users need the software difference.No matter whether software preloading has in hardware producer, all needs to provide the installation procedure of software.The installation procedure of regular software does not wait from several million to hundreds of million, generally at 20-30 about million (except large-scale application software-office software).It mainly is CD that producer provides the installation medium of software to the user, and CD can not be revised, behind software discovery BUG, and upgrading, the then original CD of producing will be scrapped, and produce CD again.CD is scrapped on the one hand can increase production cost, and new on the other hand CD has the production cycle, influences product delivery.For software vendors, often require a software correspondence only to be installed in a PC and go up operation, if but other people obtain the fixing disc of software, general just energy be installed to this software among other PC, particularly CD can duplicate, copy just equals to have duplicated pirate software, is not easy very much control piracy.
Address the above problem and utilize host protecting region (HPA, Host Protected Area) to protect usually.The ATA-5 hard disk can hard disk is last a certain section space be arranged to host protecting region; like this; main frame can't find this section space on the hard disk, and operating system and general procedure can't directly be seen this space and can't the data in this space be conducted interviews.Pertinent literature please refer to: American National Standards Institute (ANSI) " Information Technology-AT Attachment with PacketInterface-5 (ATA/ATAPI-5) ".
Usually the HPA under the state can't visit, and is referred to as " HPA that closes "; Make it be in the closed condition of inaccessible by HPA is set, be referred to as " closing HPA "; When main frame and special software/program can be visited HPA, claim that the HPA of this moment is " HPA that opens "; By being set, HPA make it be referred to as " opening HPA " by special routine access.
Adopting the purpose of HPA is exactly for computer security, and the user can pass through HPA, preserves some vital documents: as user's hardware driver, and the installation file of WindoWs and the installation procedure of accompanying software.These files can be not destroyed, and therefore when the user needs (as virus outburst, system in case of system halt), the user can use these file recovery systems, install software immediately.
After the installation procedure of software put into HPA, then the problems referred to above can not occur: the program by special use can copy to software among the HPA, after software need be upgraded, only need new installation procedure is covered original installation procedure, just finish the upgrade job of software, do not needed CD, just saved the cost of producing CD, just do not need the production run control of CD yet, accelerated the speed of production of product.Therefore HPA can only be present among the corresponding PC in addition, and common people can't duplicate HPA, installation procedure that more can not propagation software, thus stoped pirate generation.
Generally, when main frame all can't directly be visited the HPA data, the data of depositing in wherein were very safe.Use special program can visit wherein data even open HPA, but general software and operating system itself remain and can't see.Therefore the user can't as general data in the access hard disk that
Sample is directly visited the data among the HPA, in the time need operation such as editing to the data among the HPA, needs visit by special procedure earlier, again related data is copied to general disk partition, and then operation such as edit, and so just produce and use limitation, bring a lot of inconvenience to domestic consumer.
Summary of the invention
The problem that the present invention solves provides a kind of computer safety system and its implementation, and the digital simulation among the HPA is become disk partition (one or more disk partition), has realized the high safety and the easily visit of HPA data.
For addressing the above problem, a kind of computer safety system of the present invention comprises:
Hard disk drive is set up host protecting region by the reference address that physical hard disk is set, and can open this host protecting region, visit and shutoff operation, and control access rights;
Virtual disk drive, by calling hard disk visit host protecting region, the disc driver in operating system nucleus simulation framework protected location, and generate the virtual disk object, virtual disk drive data from hard disk drive;
Logical drive generates by the virtual disk object is corresponding, and for user's operation;
Above-mentioned various piece cooperates, and simulating host protecting region is become disk partition and can directly visit host protecting region by opening logical driver.
This security system also comprises configuration manager and file system, and wherein configuration manager is provided with and the management host protected location by accesses virtual disc driver and hard disk drive; And file system makes the data of host protecting region deposit according to certain format.
Correspondingly, a kind of computer safety system implementation method of the present invention may further comprise the steps:
Create hard disk drive, the reference address that physical hard disk is set is set up host protecting region, and can open, visits and close this host protecting region;
Create virtual disk drive, by calling hard disk visit host protecting region, the disc driver in operating system nucleus simulation framework protected location, and generate the virtual disk object, virtual disk drive data from hard disk drive;
By the corresponding formation logic driver of virtual disk object, and for user's operation;
Simulating host protecting region is become disk partition and can directly visit host protecting region by opening logical driver.
Described computer safety system implementation method also comprises the virtual disk drive workflow, and this workflow may further comprise the steps:
The request of visit host protecting region;
Judgement is that read-write requests is also obtained the device parameter request;
If obtain device parameter, then prepare the parameter that needs and return caller;
If read-write requests then calculates the physical location of deposit data at physical disk;
Judge whether host protecting region is opened;
If do not open, then open host protecting region with hard disk drive;
If open, then with the data in the hard disk drive visit host protecting region.
Described in addition computer safety system implementation method also comprises the establishment configuration manager, is provided with and the management host protected location, and this configuration manager workflow may further comprise the steps:
Initialization;
Check all virtual disk drive and the hard disk drives of host protecting region;
Set up the user interface of configuration manager;
Accept operation requests;
Judge whether to withdraw from request;
If withdraw from request, then discharge resource and withdraw from;
If do not withdraw from request, then finish solicit operation by accesses virtual disc driver and hard disk drive.
Compared with prior art, the present invention has the following advantages:
By the digital simulation among the HPA being become disk partition (one or more disk partition), this disk partition can be read-only also can be read-write; User and ordinary procedure can be as files in the common disk partition of visit, are modeled to file in the disk partition by visit and visit data among the HPA; As to the HPA requirements for access time, by the virtual disk drive calling hard disk, hard disk drive is opened the HPA that is in guard mode, and visit is closed HPA after finishing, and makes HPA be in guard mode once more; Owing to provide higher security among the actual HPA of leaving in of data, add the visit behavior is necessarily controlled, realized the high safety and the easily visit of HPA data.
Description of drawings
Fig. 1 is a computer safety system block scheme of the present invention.
Fig. 2 is the overall flow figure of computer safety system implementation method of the present invention.
Fig. 3 is the concrete workflow diagram of virtual drive among Fig. 2.
Fig. 4 is a configuration management implement body workflow diagram among Fig. 2.
Embodiment
Please refer to shown in Figure 1ly, computer safety system of the present invention comprises:
Hard disk drive 2 is set up host protecting region by the reference address that physical hard disk 1 is set, and can open this host protecting region (HPA), visit and shutoff operation, and control access rights;
Virtual disk drive 4, by calling hard disk 2 visit host protecting region, disc driver (can be a plurality of) in operating system nucleus simulation framework protected location, and generate corresponding virtual object disk 5, (virtual disk drive 4 data from hard disk drive 2); And,
Logical drive 51 (E :) is according to virtual disk object 5 corresponding generations, for user's operation;
Above-mentioned various piece cooperates; simulating host protecting region is become disk partition and can directly visit host protecting region by logical drive 51 (E :); computer safety system of the present invention also comprises configuration manager 6 and file system (not shown); configuration manager 6 is by accesses virtual disc driver 4 and hard disk drive 2; be provided with and the management host protected location, and file system makes the data of host protecting region deposit according to certain format.
In addition, hard disk drive 2 partly generates hard disk object 3 with non-host protecting region, and hard disk object 3 generates corresponding logical drive 31,32 (C:, D :) and waits (the conventional application of prior art is not given unnecessary details).
Combination by these parts, the user is except seeing original hard disk object 3 (the driver C:D of Windows system may be provided: etc.), also can see extra logical drive (as at original C:D: the basis on had E many :), provide by virtual disk object 5.The course of work as shown in Figure 1, to the zone except HPA when visit on the physical hard disk 1 by visit (C:D :) to hard disk object 3, thereby have access to HPA on the actual physics hard disk 1 with exterior domain.When the program in user or any system need be visited data among the HPA, the problem of traditional inaccessible is resolved now, the logical drive (being E in the example :) that makes up above by accesses virtual object disk 5 visits virtual disk object 5, the virtual disk drive 4 of being responsible for setting up virtual disk object 5 will visit HPA by access hard disk driver 2, obtain corresponding data and send the upper strata to, make the user program of virtual disk think really to have an extra disk the same.
Please refer to shown in Figure 2ly, correspondingly, security system implementation method of the present invention may further comprise the steps:
Execution in step 201 is created hard disk drive, and the reference address that physical hard disk is set is set up host protecting region, and can open, visits and close this host protecting region;
Execution in step 202 is created virtual disk drive, the disc driver in operating system nucleus simulation framework protected location, and generate the virtual disk object, virtual disk drive data from hard disk drive;
Execution in step 203 generates corresponding logical drive according to the virtual disk object, operates for the user;
Execution in step 204 is created configuration manager, by accesses virtual disc driver and hard disk drive, is provided with and the management host protected location, passes through internet online upgrading or the like as data;
Execution in step 205, the configuration correspondent file system, the data of host protecting region are deposited according to certain format, and popular file system has FAT, FAT32, NTFS or the like at present.The not free order of described each step.
Create hard disk drive 2 in the step 201, be implemented in the data among the visit HPA under the operating system, provide major function to have: to create HPA; Provide and open the HPA function; Visit to data among the HPA is provided; And provide the function of closing HPA.
Details are as follows for each step of realization above-mentioned functions:
Create HPA: according to HPA (industry the is also referred to as the hidden area) size of user's needs, calculate the logical number of last sector of non-HPA (industry is also referred to as non-hidden area) of corresponding disk, then this logical number is set to the maximum reference address (Accessible Max Address) of corresponding disk, according to the ATAPI standard, make this that permanent reservation is set.If do not use similar functions to change this setting in the future, no matter be that disk powers up (Power up) or replacement (Reset) again, the disk sector after this maximum reference address will no longer can be visited in addressing, so realize the establishment of HPA.Certainly, create HPA, also can for prior art, repeat no more by the minimum access address being set or other reference address are provided with realization.Present embodiment is only being that example describes by the HPA that maximum reference address creates is set.
Open HPA: the function of the original maximum sector of the acquisition address (Native MaxAddress) that provides in the use ATAPI standard obtains the original maximum address value of corresponding disk, the maximum accessible address (Accessible Max Address) of disk is provided with maximum address for this reason, so just can have visited all data on the disk.Wherein need to mention a details; when carrying out that maximum is addressable to be provided with; requirement according to the ATAPI standard is appointed as interim setting with current setting; after disk powers up (Power up) or replacement (Reset) again; the disk addressable size of maximum automatically is set to the last permanent address that is provided with; so just, can guarantee to end to fail correctly to close under the situation of HPA beyond system, disk is closed HPA automatically, realizes data protection among the HPA.
Visit HPA to the operation that conducts interviews of the data on the disk space in the HPA, stops other visitors' the visit to HPA simultaneously, has access control and weighs.
Close HPA: the maximum accessible address (Accessible Max Address) of disk is re-set as the maximum accessible address (Accessible Max Address) of disk before opening, be in all disk sectors after this address and become and no longer can visit, thus the function of closing HPA that realizes.Need mention, this time being provided with also is to be appointed as interim setting, reason is according to the ATAPI standard, disk is at every turn from powering up (Power up) to the process of outage (Power down), permanent setting can only be used once, and (Reset) disk of must resetting immediately can use repeatedly and be provided with temporarily, and need not reset (Reset) disk and come into force immediately.Use interim setting can not cause hardware system to restart back HPA as seen herein, this is after restarting because of hardware system, and disk can be the last permanent address that is provided with the addressable size restoration of maximum, so just can guarantee the safety of data among the HPA.
Please refer to shown in Figure 3, create virtual disk drive in the step 202, be responsible for the mock disc driver, be implemented in one or more virtual disc drivers are provided on the operating system, the Data Source of virtual disk drive is a hard disk drive, and its workflow may further comprise the steps:
The request of virtual disk drive visit host protecting region;
Execution in step 301, judgement are that read-write requests is also obtained the device parameter request;
If obtain device parameter, then execution in step 302,303, prepare the parameter that needs and return caller;
If read-write requests, then execution in step 304, calculate the physical location of deposit data at physical disk;
Execution in step 305 judges whether host protecting region is opened;
If open, then execution in step 306, with the data in the hard disk drive visit host protecting region;
If do not open, then execution in step 307, open host protecting region with hard disk drive.
Please refer to shown in Figure 4ly, the work of configuration manager may further comprise the steps in the step 204:
Execution in step 401, initialization;
Execution in step 402 is checked all virtual disk drive and the hard disk drives of host protecting region;
Execution in step 403 is set up the user interface of configuration manager;
Execution in step 404 is accepted operation requests;
Execution in step 405 judges whether to withdraw from request;
If withdraw from request, then execution in step 406, discharge resource and withdraw from;
If do not withdraw from request, then execution in step 407, finish solicit operation by accesses virtual disc driver and hard disk drive.
In sum, we have realized with hard disk HPA mock disc subregion and can controlledly directly visit.
Claims (7)
1. a computer safety system is characterized in that, this security system comprises:
Hard disk drive is set up host protecting region by the reference address that physical hard disk is set, and can open this host protecting region, visit and shutoff operation, and control access rights;
Virtual disk drive, by calling hard disk visit host protecting region, the disc driver in operating system nucleus simulation framework protected location, and generate the virtual disk object, virtual disk drive data from hard disk drive; And,
Logical drive generates by the virtual disk object is corresponding, and for user's operation;
Above-mentioned various piece cooperates, and simulating host protecting region is become disk partition and can directly visit host protecting region by opening logical driver.
2. computer safety system as claimed in claim 1 is characterized in that this security system also comprises configuration manager, by accesses virtual disc driver and hard disk drive, is provided with and the management host protected location.
3. computer safety system as claimed in claim 1 is characterized in that this security system also comprises file system, and the data of host protecting region are deposited according to certain format.
4. a computer safety system implementation method is characterized in that, this method may further comprise the steps:
Create hard disk drive, the reference address that physical hard disk is set is set up host protecting region, and can open, visits and close this host protecting region;
Create virtual disk drive, by calling hard disk visit host protecting region, the disc driver in operating system nucleus simulation framework protected location, and generate the virtual disk object, virtual disk drive data from hard disk drive;
By the corresponding formation logic driver of virtual disk object, and for user's operation;
Simulating host protecting region is become disk partition and can directly visit host protecting region by opening logical driver.
5. computer safety system implementation method as claimed in claim 4 is characterized in that this method also comprises the virtual disk drive workflow, and this workflow may further comprise the steps:
The request of visit host protecting region;
Judgement is read-write requests or obtains the device parameter request;
If obtain device parameter, then the parameter with needs returns to caller;
If read-write requests then calculates the physical location of deposit data at physical disk;
Judge whether host protecting region is opened;
If do not open, then open host protecting region with hard disk drive;
If open, then with the data in the hard disk drive visit host protecting region.
6. computer safety system implementation method as claimed in claim 4 is characterized in that this method also comprises the establishment configuration manager, is provided with and the management host protected location, and this configuration manager workflow may further comprise the steps:
Initialization;
Check all virtual disk drive and the hard disk drives of host protecting region;
Set up the user interface of configuration manager;
Accept operation requests;
Judge whether to withdraw from request;
If withdraw from request, then discharge resource and withdraw from;
If do not withdraw from request, then finish solicit operation by accesses virtual disc driver and hard disk drive.
7. computer safety system implementation method as claimed in claim 4 is characterized in that, this method also comprises configuration correspondent file system step, and the data of host protecting region are deposited according to certain format.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03156149 CN1266619C (en) | 2003-08-29 | 2003-08-29 | Computer safety system and its realizing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03156149 CN1266619C (en) | 2003-08-29 | 2003-08-29 | Computer safety system and its realizing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1591365A CN1591365A (en) | 2005-03-09 |
| CN1266619C true CN1266619C (en) | 2006-07-26 |
Family
ID=34598323
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03156149 Expired - Fee Related CN1266619C (en) | 2003-08-29 | 2003-08-29 | Computer safety system and its realizing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1266619C (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008088342A1 (en) * | 2007-01-19 | 2008-07-24 | Thomson Licensing | Symmetrical storage access on intelligent digital disk recorders |
| CN101339589B (en) * | 2008-08-14 | 2011-09-07 | 普华优科(北京)科技有限公司 | Method for implementing information safety by dummy machine technology |
| CN101840378B (en) * | 2009-03-19 | 2011-11-02 | 成都市华为赛门铁克科技有限公司 | Method for accessing solid-state hard disc, control device and solid-state hard disc |
| CN102289624A (en) * | 2011-05-16 | 2011-12-21 | 福建升腾资讯有限公司 | Disk protection system based on write filtering technology |
-
2003
- 2003-08-29 CN CN 03156149 patent/CN1266619C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1591365A (en) | 2005-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9459850B2 (en) | Adaptive cloud aware just-in-time (JIT) compilation | |
| CN107092441B (en) | Virtual disk storage techniques | |
| US8364639B1 (en) | Method and system for creation, analysis and navigation of virtual snapshots | |
| CN102541658B (en) | Converting physical machines to virtual machines | |
| CN102999369B (en) | The method and device of virtual machine upgrading | |
| US8327096B2 (en) | Method and system for efficient image customization for mass deployment | |
| WO2019119850A1 (en) | Application software deployment method and device, and virtual machine | |
| CN104360892B (en) | Create the system and method for virtual machine | |
| CN1959640A (en) | System and method for representing user process to software package in software package management system | |
| CN1716148A (en) | Systems and methods for collecting operating system license revenue using an emulated computing environment | |
| CN1862494A (en) | Partition bus | |
| CN103493028A (en) | Virtual disk storage techniques | |
| WO2011075484A2 (en) | A secure virtualization environment bootable from an external media device | |
| CN1794131A (en) | Computer security management, such as in a virtual machine or hardened operating system | |
| CN104754032A (en) | Method and device for deploying OpenStack | |
| CN106775928A (en) | A kind of virtual machine Autonomic Migration Framework system and method between isomery cloud platform | |
| CN102289513A (en) | Method and system for obtaining internal files of virtual machine | |
| CN111294373B (en) | Information management and control system based on mobile industry cloud desktop architecture | |
| CN103685408A (en) | Server for providing reading base mirror by storage area network, host and method | |
| CN1266619C (en) | Computer safety system and its realizing method | |
| CN1920786A (en) | System and method for implementing safety control of operation system | |
| CN1920731A (en) | System and method for implementing operation system separation | |
| CN1245685C (en) | Drive method based on structure operation system dynamic equipment | |
| CN103713937B (en) | Transformer substation terminal system operation method | |
| CN102375700A (en) | Method for directly updating hard drive data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060726 Termination date: 20200829 |