CN1324422C - Method for controlling computer system protection - Google Patents
Method for controlling computer system protection Download PDFInfo
- Publication number
- CN1324422C CN1324422C CNB2005100636075A CN200510063607A CN1324422C CN 1324422 C CN1324422 C CN 1324422C CN B2005100636075 A CNB2005100636075 A CN B2005100636075A CN 200510063607 A CN200510063607 A CN 200510063607A CN 1324422 C CN1324422 C CN 1324422C
- Authority
- CN
- China
- Prior art keywords
- module
- state
- protection
- defencive function
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention discloses a control method for protecting a computer system. A protective function module for protecting the computer system is set in a computer application layer. A switch for setting the protection levels is connected with an input-output (I/O) interface of the computer. Different protection levels correspond to different on-off states. A switch drive module is added in a hard ware driving layer. The method also comprises the steps that A. the switch driving module is started, and the on-off state is read and judged; when the on-off state is open, step B is executed; B. the protective function module corresponding to the protective level indicated by the present on-off state is called. The method of the present invention can dynamically, flexibly, simply and easily control the protective function of the computer system.
Description
Technical field
The present invention relates to the computer security technique field, particularly a kind of control method of computer system protection.
Background technology
Along with the widespread use of computing machine, the computer system protection technology more and more becomes the key of personal computer (PC) research and development of products.The safeguard measure of the computer system of industry appearance at present comprises: the inspection reparation of the inspection reparation of Basic Input or Output System (BIOS) (BIOS), the inspection reparation of hard disk, booting operating system file, systematic protection software etc.; thereby computing machine can be monitored and protects self system program, to reach the purpose that improves computer run stability, security.
When implementing the protection of computer system; need in hard disk, to be provided with in advance the defencive function module; call this defencive function module by BIOS or operating system then, the system protection program of this defencive function module by moving self to department of computer science's system program check, reparation etc.Wherein, in the computer booting process, the information that system protection relates to comprises: boot sector information and booting operating system file etc. in bios program, hard disk guidance information, partition table information, the boot partition, these information spinners will be checked repair process respectively by three kinds of defencive function modules, these three kinds of defencive function modules comprise: BIOS checks and repairs module, is used for treatments B IOS program; Module is repaired in the hard disk inspection, is used for handling hard disk guidance information, partition table information, boot partition boot sector information; Module is repaired in the booting operating system file checking, is used to handle the booting operating system file.In the operating system process; the information that system protection relates to comprises: registry information, upgrading antivirus software information, operating system update information etc.; the defencive function module that is used to monitor these information is the systematic protection module, and the program of this systematic protection module operation is usually said antivirus software, firewall software etc.
Though aforementioned calculation machine system protection technology can prevent to a certain degree that department of computer science's system program from being destroyed; but the application of these safeguard measures is flexible not enough; in case computer configuration these defencive functions; when the user suspends some defencive function at needs, just be difficult to the change configuration and stop defencive function.Such as: in the time of need stopping the inspection repair function of BIOS, can only change the setting of BIOS inside; Perhaps, beat pudding or when upgrading, need the at first operation of halt system protection module to operating system, but during some systematic protection module operation not the form with icon show that on the table can only seek systematic protection program place catalogue and it be closed again this moment.But above-mentioned these operations are not simple for domestic consumer, often need professional and technical personnel's participation.
In sum; for the domestic consumer that lacks computer literacy; the use of existing computer system protection function is not easy; maloperation appears in user easily when stopping defencive function; because this type of maloperation is often relevant with system program; therefore even can make the total system paralysis, become the computed obstacle of user on the contrary, run counter to the computer system protection technology and be used to guarantee computer stability, the original intention that is user-friendly to.So, need a kind of mechanism to implement flexibly, to control easily at present, and when implementing control, can avoid professional and technical personnel's participation the computer system protection function, bring convenience for numerous computer users.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of control method of computer system protection, can control multiple other computer system protection function treatment of level flexibly, and operation is simple to make the user.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention discloses a kind of control method of computer system protection, be provided for protecting the defencive function module of computer system in the computer utility layer, on input and output (I/O) interface of computing machine, connect the switch that is used to be provided with protection level, the corresponding different on off state of different protection levels, and in the hardware driving layer, increase switch drive module; This method also comprises:
A. starting switch driver module reads and judges on off state, on off state when opening, execution in step B;
B. call the defencive function module of the indicated protection level correspondence of current on off state.
Wherein, this method is used for the system protection of control computer start process, and (BIOS) starts described switch drive module by Basic Input or Output System (BIOS); In the steps A, described read and judge on off state after, further comprise: when closing, indicate current need not that the system implementation defencive function is handled on off state.
In the steps A, directly judge on off state by described switch drive module, and, among the step B, directly call described defencive function module by described switch drive module; Perhaps,
In the steps A, after described switch drive module reads on off state, further comprise: the on off state that is read is returned to BIOS, judge according to the on off state that receives by BIOS, and, among the step B, call described defencive function module by BIOS.
Wherein, one or two or three protection levels are set; The defencive function module of each protection level correspondence comprises: BIOS checks and repairs the combination in any that module or hard disk inspection reparation module or booting operating system file checking are repaired module or this three.
Wherein, when two protection levels were set, these two protection levels were divided into: high protection level and low protection rank; The defencive function module of described high protection level correspondence comprises: BIOS checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module; The defencive function module of described low protection rank correspondence comprises: BIOS checks and repairs module.
Wherein, this method is used for the operating system protection of control operation system; Described steps A comprises:
A1. the described switch drive module of os starting, this switch drive module read switch state;
A2. judge according to the on off state that is read: if on off state is unlatching, then execution in step A3; Otherwise execution in step A4;
Whether the defencive function module of A3. judging the indicated protection level correspondence of current on off state in operation, if, execution in step C then; Otherwise execution in step B;
Whether the defencive function module of A4. judging the indicated protection level correspondence of current on off state is in operation, if then stop to carry out this defencive function module, execution in step C; Otherwise direct execution in step C;
After described step B, execution in step C: switch drive module reads current on off state, and judges whether on off state changes, if then return steps A 2; Otherwise re-execute step C.
Wherein, carry out described steps A 2, steps A 3, steps A 4, step B and step C by described switch drive module; Perhaps,
Among steps A and the step C, after described switch drive module reads on off state, further comprise: the on off state that is read is returned to operating system, judge according to the on off state that receives by operating system, and carry out described steps A 2, steps A 3, steps A 4 and step B by operating system.
Wherein, described protection level has and only has one, and the defencive function module of this protection level correspondence is the systematic protection module.
Wherein, this method is used to control the system protection from computer booting to the operating system overall process; Described switch drive module comprises: first switch drive module and second switch driver module;
In the steps A, during computer booting, start described first switch drive module,, and further comprise by this first switch drive module read switch state by BIOS: on off state when closing execution in step C to step H;
Execution in step C is to step H after the described step B, and described step C comprises to step H:
C. during operating system, by the described second switch driver module of os starting, this second switch driver module reads current on off state;
D. judge according to the on off state that is read: if on off state is unlatching, then execution in step E; Otherwise execution in step F;
Whether the defencive function module of E. judging the indicated protection level correspondence of current on off state in operation, if, execution in step H then; Otherwise execution in step G;
Whether the defencive function module of F. judging the indicated protection level correspondence of current on off state is in operation, if then stop to carry out this defencive function module, execution in step H; Otherwise direct execution in step H;
G. call the defencive function module of the indicated protection level correspondence of current on off state;
H. the second switch driver module reads current on off state, and judges whether on off state changes, if then return step D; Otherwise re-execute step H.
In the steps A, directly judge on off state, and among the step B, directly call described defencive function module by described first switch drive module by described first switch drive module; Perhaps, in the steps A, after described first switch drive module reads on off state, further comprise: the on off state that is read is returned to BIOS, judge according to the on off state that receives by BIOS, and, among the step B, call described defencive function module by BIOS;
Carry out described step D, step e, step F, step G and step H by described second switch driver module; Perhaps, among step C and the step H, after described second switch driver module reads on off state, further comprise: the on off state that is read is returned to operating system, judge according to the on off state that receives by operating system, and carry out described step D, step e, step F and step G by operating system.
Wherein, one or two or three or four protection levels are set; The defencive function module of each protection level correspondence comprises: BIOS checks that repairing module or hard disk inspection reparation module or booting operating system file checking repairs module or systematic protection module or this combination in any.
Wherein, when two protection levels were set, these two protection levels were divided into: high protection level and low protection rank; The defencive function module of the high protection level correspondence that the on off state that described first switch drive module reads is indicated comprises: BIOS checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module; The defencive function module of the low protection rank correspondence that the on off state that described first switch drive module reads is indicated comprises: BIOS checks and repairs module; The defencive function module of high protection level that the on off state that described second switch driver module reads is indicated and low protection rank correspondence is the systematic protection module.
By such scheme as can be seen, key of the present invention is: on the I/O of computing machine interface, connect the switch that is used to be provided with protection level, and the on off state that different protection levels are corresponding different, and in the hardware driving layer, increase switch drive module; Switch drive module reads and judges and call corresponding defencive function module by the indicated protection level of on off state by on off state.
Therefore; the control method of computer system protection provided by the present invention; making the ordinary PC user that the protection of protection level or shutdown system can be set by the gear of adjusting described switch handles; the user can need by using; implement the system protection function of multiple grade by the rank of configuration protection; thereby dynamically, flexibly the computer system protection function is controlled, doubling does not influence the effect that computer system protection is handled.The more important thing is that adopt switch controlling mechanism of the present invention, user's operation is more simple, can realize effective control computer system protection without any need for professional knowledge.
Description of drawings
Fig. 1 is first preferred embodiment treatment scheme synoptic diagram of the inventive method;
Fig. 2 is second preferred embodiment treatment scheme of the inventive method synoptic diagram;
Fig. 3 is the 3rd preferred embodiment treatment scheme synoptic diagram of the inventive method;
Fig. 4 is switch of the present invention connects computer motherboard by the I/O interface three kinds of connectivity scenario synoptic diagram.
Embodiment
The present invention is further described in more detail below in conjunction with drawings and the specific embodiments.
The control method of computer system protection provided by the present invention, it is mainly handled thought and is: increase the switch that is used to be provided with protection level, the on off state that different protection levels are corresponding different, and in the hardware driving layer, increase switch drive module; Switch drive module is judged the protection level of on off state indication by the read switch state, calls corresponding defencive function module according to the protection level of current indication.
The inventive method can be implemented control to the defencive function of computer system in the computer booting process or in the operating system or in the overall process from the computer booting to the operating system.Respectively the basic process under these three kinds of situations, the protection level that sets and corresponding defencive function module thereof are described below:
When one, the present invention is applied in the computer booting process; by BIOS starting switch driver module; the on off state that reads according to switch drive module determines whether to carry out the system protection processing and carries out the protection processing else of which kind of level, thereby calls the defencive function module by determined protection level.Wherein, one or two or three protection levels can be set; The defencive function module of each protection level correspondence can comprise: BIOS checks and repairs the combination in any that module or hard disk inspection reparation module or booting operating system file checking are repaired module or this three.
When two, the present invention is applied in the operating system; by the os starting switch drive module; switch drive module continues the read switch state then; need to determine whether the system protection processing and carry out the protection processing else of which kind of level, call the defencive function module or stop the defencive function module by determined protection level then.Wherein, described protection level has and only has one; The defencive function module of this protection level correspondence is the systematic protection module.
When three, the present invention was applied in the overall process from the computer booting to the operating system, described switch drive module comprised: first switch drive module and second switch driver module; In the computer booting process, open first by the BIOS startup and close driver module, the on off state that reads according to first switch drive module determines whether to carry out the system protection processing and carries out the protection processing else of which kind of level, thereby calls the defencive function module by determined protection level; When operating system; by os starting second switch driver module; the second switch driver module continues the read switch state then; need to determine whether the system protection processing and carry out the protection processing else of which kind of level, call the defencive function module or stop the defencive function module by determined protection level then.Wherein, one or two or three or four protection levels can be set; The defencive function module of each protection level correspondence comprises: BIOS checks that repairing module or hard disk inspection reparation module or booting operating system file checking repairs module or systematic protection module or this combination in any.
The detailed process process of the present invention under above-mentioned three kinds of situations set forth in three preferred embodiments that below provide respectively.
Fig. 1 is first preferred embodiment treatment scheme synoptic diagram of the inventive method.Present embodiment is applied in the computer booting process; wherein; set protection level and have two; be divided into high protection level and low protection rank; and; the defencive function module of high protection level correspondence is: BIOS checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs the module three, and the defencive function module of low protection rank correspondence is: BIOS checks the reparation module.At this moment, because two protected levels corresponding two on off states, the on off states that also should have an indication to close in addition; therefore on off state has three; obviously, described switch should be provided with three gears, and the user is provided with protection level or closes the defencive function processing by adjusting the switch gear.
Certainly; the present invention is according to the needs of concrete enforcement; the set protection level quantity and the defencive function module of each protection level correspondence should be not limited to the setting means of present embodiment; such as: three protection levels can be set; the respectively corresponding BIOS of each protection level checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module; other setting means is multiple in addition, enumerates no longer one by one here.
As shown in Figure 1, the concrete processing comprises:
Begin to start from BIOS after step 101:PC start powers on, BIOS at first starts the switch drive module in the hardware driving layer, reads current on off state by this switch drive module.
Here; the switch that is used to be provided with protection level of the present invention is connected standard I/O (I/O) interface on the computer motherboard; described I/O interface can for: serial line interface (com interface) or USB interface or Low Pin Count (LPC interface) etc., the present invention does not limit switch and specifically is connected on which kind of I/O interface.For computing machine, switch is the common simple mechanism that is connected on the I/O interface, has the method for multiple switch drive module read switch state at present, therefore, about the concrete grammar of switch drive module read switch state, belong to known technology, this paper is not described further.
Annexation between switch of the present invention for convenience of explanation and the computer motherboard, the connectivity scenario of three kinds of switches of the present invention and computer motherboard below is provided, Fig. 4 is switch of the present invention connects computer motherboard by the I/O interface three kinds of connectivity scenario synoptic diagram, as shown in Figure 4, at least comprise in the computer motherboard: CPU, north bridge control circuit, south bridge control circuit, BIOS, trusted platform module architecture module (TPM), lpc bus etc., and the south bridge control circuit also is connected with hard disk, and described three kinds of connectivity scenarios are respectively shown in Fig. 4 A, Fig. 4 B and Fig. 4 C.Among Fig. 4 A, switch is connected with com interface on the lpc bus; Among Fig. 4 B, switch is connected with general input and output (GPIO) interface on the lpc bus; Among Fig. 4 C, switch is connected with the GPIO interface, and this GPIO interface is connected to lpc bus by the SuperI/O bus.Here, the annexation between inner each ingredient of mainboard belongs to known technology, and the non-problem that the present invention relates to, and does not therefore describe.
Step 102: switch drive module is judged according to the on off state that step 101 reads:
If on off state for opening, is then determined the indicated protection level of on off state, when indicated protection level is high protection level, execution in step 103; When indicated protection level is protected rank for hanging down, execution in step 104.
If on off state is for closing; then indicate current need not that the system implementation defencive function is handled; finish to work as pre-treatment; that is to say: in the start process of PC, will can not check repair process information such as boot sector information and booting operating system file in bios program, hard disk guidance information, partition table information, the boot partition.
Step 103: switch drive module is called BIOS and is checked that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module, finishes to work as pre-treatment.
Step 104: switch drive module is called BIOS and is checked the reparation module.
Wherein, described BIOS checks that module is repaired in reparation module, hard disk inspection and booting operating system file reparation module sets in advance in hard disk, has also preserved described BIOS in the described switch drive module in advance and has checked that repairing module, hard disk inspection reparation module and booting operating system file repairs the address of module in hard disk.Therefore; in this step; switch drive module is called described BIOS and is checked that repairing module, hard disk inspection reparation module and booting operating system file repairs module; thereby each inspection reparation module of startup is checked reparation to the information of self correspondence, computer system is implemented to protect handle.
Here, the groundwork principle of described BIOS inspection reparation module, hard disk inspection reparation module and booting operating system file checking reparation module is: each inspection reparation module is preserved the preservation address of backup information in hard disk separately in advance; Check to repair module when being called when each, check whether the information of self correspondence is destroyed,, then read backup information separately in the hard disk, the ruined part of information is repaired, restart computing machine again if destroyed; If not destroyed, then directly enter normal starting up's flow process.About checking that at described BIOS repairing module, hard disk inspection reparation module and booting operating system file checking repairs inside modules; realize the concrete processing of system protection; do not belong to the problem that the present invention solves; and in another piece patented claim of the applicant, have a detailed description, no longer describe in detail here.In addition, various BIOS existing and following appearance check that repairing module, hard disk inspection reparation module and booting operating system file checking reparation module all can combine with the present invention, realizes computer system enforcement protection.
Describe as seen according to the foregoing description; the function of switch drive module is not limited only to the read switch state; also possess and judge on off state, determine protection level, call multinomial function such as corresponding defencive function module; that is: after the switch drive module read switch state; directly determine protection level, directly call BIOS again and check defencive function modules such as repairing module, hard disk inspection reparation module, booting operating system file checking reparation module.The function of switch drive module of the present invention also can only limit to the read switch state; then judge on off state; determine protection level; calling functions such as corresponding defencive function module can be finished by BIOS; be exactly specifically: switch drive module returns to BIOS with the on off state that reads; BIOS determines protection level according to the on off state that receives; and call corresponding defencive function module by determined protection level; that is: in the described step 101; switch drive module further returns to BIOS with on off state after reading on off state, carries out above-mentioned steps 102 to step 104 by BIOS then.
Fig. 2 is second preferred embodiment treatment scheme of the inventive method synoptic diagram.Present embodiment is applied to the in service of operating system, and wherein, setting protection level has one, and the defencive function module of this protection level correspondence is: the systematic protection module.At this moment, on off state should have two, and described switch should have two gears, and the user can control whether enable the systematic protection module by adjusting the switch gear.As shown in Figure 2, the concrete processing comprises:
During step 201:Windows operating system, start the switch drive module in the hardware driving layer, read current on off state by this switch drive module.
Step 202: switch drive module is judged according to the on off state that step 201 reads: if on off state is for opening, then this on off state is indicated the protection level of current unique setting, the systematic protection module that needs this protection level correspondence of operation, execution in step 203; If on off state is for closing, then indication temporarily need not operational system protection module, execution in step 205 at present.
Here, because during the operation of systematic protection module, to not allow the renewal of antivirus software, registry information and operating system program, so the user is at the upgrading antivirus software or when buying pudding to operating system, needs out of service or temporary transient start-up system protection module not.
Step 203: switch drive module judges that whether current systematic protection module is in operation, if then execution in step 207; Otherwise execution in step 204.
Step 204: switch drive module calling system protection module, execution in step 207.
Here, set in advance the entry address of systematic protection module in application layer in the switch drive module, therefore, switch drive module can be according to this call by location systematic protection module.In addition, because switch drive module is responsible for the calling system protection module, so switch drive module can judge that whether the systematic protection module is in operation.Specific implementation process about described systematic protection module; do not belong to the problem that the present invention solves; existing systematic protection module and the following new systematic protection module that may occur all can combine with the present invention implements protection to computer system, no longer sets forth the treatment scheme of systematic protection inside modules here.
Step 205: switch drive module judges that whether current systematic protection module is in operation, if then execution in step 206; Otherwise execution in step 207.
Step 206: switch drive module sends halt instruction to the systematic protection module, and the systematic protection module is out of service.
Step 207: switch drive module is the read switch state once more.
Step 208: switch drive module judges according to the on off state that step 207 reads whether on off state changes, if, then need rejudge on off state and whether indicate and need the operational system protection module, return step 202; Otherwise need to continue the variation of pilot switch state, return step 207.
Among the described embodiment of Fig. 2, switch drive module not only is responsible for the read switch state, also judge on off state, determine the on off state indication protection level, and directly call or systematic protection module out of service.The function of switch drive module of the present invention also can only limit to the read switch state; then judge on off state; determine protection level; call or defencive function module out of service etc. can be finished by operating system; be exactly specifically: after step 201 and the step 207; switch drive module returns to operating system with the on off state that reads; operating system execution in step 202 is to step 206 then; and the described processing of step 208; thereby operating system can be judged the calling system protection module according to the on off state that receives; or systematic protection module out of service; or do not deal with.
Fig. 3 is the 3rd preferred embodiment treatment scheme synoptic diagram of the inventive method.Present embodiment is applied to the overall process from the computer booting to the operating system.Wherein, set two protection levels, be divided into high protection level and low protection rank; And, described switch drive module comprises: first switch drive module and second switch driver module, and the defencive function module of the high protection level correspondence that the on off state that described first switch drive module reads is indicated comprises: BIOS checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module; The defencive function module of the low protection rank correspondence that the on off state that first switch drive module reads is indicated comprises: BIOS checks and repairs module; The defencive function module of high protection level that the on off state that described second switch driver module reads is indicated and low protection rank correspondence is the systematic protection module.At this moment, on off state has three, and described switch should have three gears; In the computer booting process, the user is provided with protection level or the processing of shutdown system defencive function by adjusting gear; When operating system, in three gears of described switch, two gears in addition except that the gear that indication is closed are all indicated and are needed the start-up system protection module, and the user can determine whether the start-up system protection module by adjusting gear equally.
Certainly, when the present invention specifically implemented, the defencive function module of the quantity of protection level and each protection level correspondence should be not limited to the setting of present embodiment as required, and other setting means has multiple, enumerates no longer one by one here.
The processing of present embodiment comprises two parts: control in the computer booting process and the control in the operating system, wherein, control section in the described computer booting process adopts the described disposal route of Fig. 1, and the control section in the described operating system adopts the described disposal route of Fig. 2.As shown in Figure 3, the control section in the described computer booting process comprises step 301 to step 305, and is similar to the processing of step 104 with step 101 shown in Figure 1; Control section in the described operating system comprises step 306 to step 315, and is similar to the processing of step 208 with step 201 shown in Figure 2, and concrete processing procedure is as follows:
Begin to start from BIOS after step 301:PC start powers on, BIOS at first starts first switch drive module.
Step 302~step 303: first switch drive module reads current on off state, judges according to the on off state that is read:
If on off state for opening, is then determined the indicated protection level of on off state, when indicated protection level is high protection level, execution in step 304; When indicated protection level is protected rank for hanging down, execution in step 305.
If on off state for closing, then indicates current need not in start process the system implementation defencive function to be handled execution in step 306.
Step 304: the BIOS that first switch drive module is called high protection level correspondence checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module, execution in step 306.
Step 305: the BIOS that first switch drive module is called low protection rank correspondence checks reparation module, execution in step 306.
Described similar with Fig. 1, in the present embodiment, first switch drive module not only possesses the function of read switch state, also possesses to judge on off state, determine protection level, call the function of corresponding defencive function module; First switch drive module of the present invention can also only realize the read switch status function; then in the step 302; further on off state is returned to BIOS when first switch drive module reads on off state, judge the on off state receive, determine protection level and call corresponding defencive function module by BIOS.
During step 306~step 308:Windows operating system, start the second switch driver module, read current on off state by this second switch driver module.
Step 309: the second switch driver module is judged according to the on off state that step 308 reads: if on off state is unlatching, then this on off state is indicated high protection level or low protection rank, execution in step 310; If on off state is for closing, then indication temporarily need not operational system protection module, execution in step 312 at present.
Step 310: whether the systematic protection module of the high protection level of second switch driver module determining step 309 described on off state indications or low protection rank correspondence is being moved, if, execution in step 314; Otherwise execution in step 311.
Step 311: second switch driver module calling system protection module, execution in step 314.
Step 312: whether the systematic protection module of the high protection level of second switch driver module determining step 309 described on off state indications or low protection rank correspondence is being moved, if, execution in step 313; Otherwise execution in step 314.
Step 313: the second switch driver module sends halt instruction to the systematic protection module, and the systematic protection module is out of service.
Step 314: the second switch driver module is the read switch state once more.
Step 315: the second switch driver module judges according to the on off state that step 314 reads whether on off state changes, if, then need rejudge on off state and whether indicate and need the operational system protection module, return step 309; Otherwise need to continue the variation of pilot switch state, return step 314.
Described similar with Fig. 2, in the present embodiment, the second switch driver module not only possesses the function of read switch state, also possesses to judge on off state, determine protection level, call the function of corresponding defencive function module; Second switch driver module of the present invention can also only be realized the read switch status function; then in step 308 and the step 314; when reading on off state, the second switch driver module further on off state is returned to operating system; judge the on off state receive, determine protection level and call corresponding defencive function module by operating system, promptly come execution in step 309 to step 313 and step 315 by operating system.
Describe as seen according to above-mentioned three embodiment; the present invention connects the switch that is used for being provided with protection level, sets up switch drive module at the hardware driving layer on the I/O of computing machine interface; this switch drive module can determine which kind of other protection of level is computer system implemented by reading current on off state; make the user pass through simply to adjust the switch gear; the defencive function of the rank of computer system protection or the system that shuts down computer just can be set, thereby the computer system protection function is implemented dynamic, flexible and simple control.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.All any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all be included in protection scope of the present invention.
Claims (12)
1, a kind of control method of computer system protection, be provided for protecting the defencive function module of computer system in the computer utility layer, it is characterized in that, on the input and output I/O of computing machine interface, connect the switch that is used to be provided with protection level, the corresponding different on off state of different protection levels, and in the hardware driving layer, increase switch drive module; This method also comprises:
A. starting switch driver module reads and judges on off state, on off state when opening, execution in step B;
B. call the defencive function module of the indicated protection level correspondence of current on off state.
2, method according to claim 1 is characterized in that, this method is used for the system protection of control computer start process, starts described switch drive module by basic input-output system BIOS;
In the steps A, described read and judge on off state after, further comprise: when closing, indicate current need not that the system implementation defencive function is handled on off state.
3, method according to claim 2 is characterized in that,
In the steps A, described switch drive module is directly judged on off state, and, among the step B, directly call described defencive function module by described switch drive module; Perhaps,
In the steps A, after described switch drive module reads on off state, further comprise: the on off state that is read is returned to BIOS, judge according to the on off state that receives by BIOS, and, among the step B, call described defencive function module by BIOS.
4, method according to claim 3 is characterized in that, one or two or three protection levels are set;
The defencive function module of each protection level correspondence comprises: BIOS checks and repairs the combination in any that module or hard disk inspection reparation module or booting operating system file checking are repaired module or this three.
5, method according to claim 4 is characterized in that, when two protection levels were set, these two protection levels were divided into: high protection level and low protection rank;
The defencive function module of described high protection level correspondence comprises: BIOS checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module;
The defencive function module of described low protection rank correspondence comprises: BIOS checks and repairs module.
6, method according to claim 1 is characterized in that, this method is used for the operating system protection of control operation system; Described steps A comprises:
A1. the described switch drive module of os starting, this switch drive module read switch state;
A2. judge according to the on off state that is read: if on off state is unlatching, then execution in step A3; Otherwise execution in step A4;
Whether the defencive function module of A3. judging the indicated protection level correspondence of current on off state in operation, if, execution in step C then; Otherwise execution in step B;
Whether the defencive function module of A4. judging the indicated protection level correspondence of current on off state is in operation, if then stop to carry out this defencive function module, execution in step C; Otherwise direct execution in step C;
After described step B, execution in step C: switch drive module reads current on off state, and judges whether on off state changes, if then return steps A 2; Otherwise re-execute step C.
7, method according to claim 6 is characterized in that,
Carry out described steps A 2, steps A 3, steps A 4, step B and step C by described switch drive module; Perhaps,
Among steps A and the step C, after described switch drive module reads on off state, further comprise: the on off state that is read is returned to operating system, judge according to the on off state that receives by operating system, and carry out described steps A 2, steps A 3, steps A 4 and step B by operating system.
8, method according to claim 7 is characterized in that, described protection level has and only have one, and the defencive function module of this protection level correspondence is the systematic protection module.
9, method according to claim 1 is characterized in that, this method is used to control the system protection from computer booting to the operating system overall process;
Described switch drive module comprises: first switch drive module and second switch driver module;
In the steps A, during computer booting, start described first switch drive module,, and further comprise by this first switch drive module read switch state by BIOS: on off state when closing execution in step C to step H;
Execution in step C is to step H after the described step B, and described step C comprises to step H:
C. during operating system,, read current on off state by this second switch driver module by the described second switch driver module of os starting;
D. judge according to the on off state that is read: if on off state is unlatching, then execution in step E; Otherwise execution in step F;
Whether the defencive function module of E. judging the indicated protection level correspondence of current on off state in operation, if, execution in step H then; Otherwise execution in step G;
Whether the defencive function module of F. judging the indicated protection level correspondence of current on off state is in operation, if then stop to carry out this defencive function module, execution in step H; Otherwise direct execution in step H;
G. call the defencive function module of the indicated protection level correspondence of current on off state;
H. the second switch driver module reads current on off state, and judges whether on off state changes, if then return step D; Otherwise re-execute step H.
10, method according to claim 9 is characterized in that,
In the steps A, directly judge on off state, and among the step B, directly call described defencive function module by described first switch drive module by described first switch drive module; Perhaps,
In the steps A, after described first switch drive module reads on off state, further comprise: the on off state that is read is returned to BIOS, judge according to the on off state that receives by BIOS, and, among the step B, call described defencive function module by BIOS;
Carry out described step D, step e, step F, step G and step H by described second switch driver module; Perhaps,
Among step C and the step H, after described second switch driver module reads on off state, further comprise: the on off state that is read is returned to operating system, judge according to the on off state that receives by operating system, and carry out described step D, step e, step F and step G by operating system.
11, method according to claim 10 is characterized in that, one or two or three or four protection levels are set;
The defencive function module of each protection level correspondence comprises: BIOS checks that repairing module or hard disk inspection reparation module or booting operating system file checking repairs module or systematic protection module or this combination in any.
12, method according to claim 11 is characterized in that, when two protection levels were set, these two protection levels were divided into: high protection level and low protection rank;
The defencive function module of the high protection level correspondence that the on off state that described first switch drive module reads is indicated comprises: BIOS checks that repairing module, hard disk inspection reparation module and booting operating system file checking repairs module;
The defencive function module of the low protection rank correspondence that the on off state that described first switch drive module reads is indicated comprises: BIOS checks and repairs module;
The defencive function module of high protection level that the on off state that described second switch driver module reads is indicated and low protection rank correspondence is the systematic protection module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100636075A CN1324422C (en) | 2005-03-31 | 2005-03-31 | Method for controlling computer system protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100636075A CN1324422C (en) | 2005-03-31 | 2005-03-31 | Method for controlling computer system protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1702594A CN1702594A (en) | 2005-11-30 |
| CN1324422C true CN1324422C (en) | 2007-07-04 |
Family
ID=35632369
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100636075A Expired - Fee Related CN1324422C (en) | 2005-03-31 | 2005-03-31 | Method for controlling computer system protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1324422C (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6097385A (en) * | 1994-11-15 | 2000-08-01 | Compaq Computer Corporation | Computer resource regulation |
| CN1427338A (en) * | 2001-12-17 | 2003-07-02 | 英业达股份有限公司 | System starting up self examination device and method |
| CN1450459A (en) * | 2002-04-10 | 2003-10-22 | 联想(北京)有限公司 | Hard disc data protector |
| CN1195268C (en) * | 2002-05-16 | 2005-03-30 | 智邦科技股份有限公司 | Computer-system capable of fast starting |
-
2005
- 2005-03-31 CN CNB2005100636075A patent/CN1324422C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6097385A (en) * | 1994-11-15 | 2000-08-01 | Compaq Computer Corporation | Computer resource regulation |
| CN1427338A (en) * | 2001-12-17 | 2003-07-02 | 英业达股份有限公司 | System starting up self examination device and method |
| CN1450459A (en) * | 2002-04-10 | 2003-10-22 | 联想(北京)有限公司 | Hard disc data protector |
| CN1195268C (en) * | 2002-05-16 | 2005-03-30 | 智邦科技股份有限公司 | Computer-system capable of fast starting |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1702594A (en) | 2005-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9495540B2 (en) | Method and system for monitoring calls to an application program interface (API) function | |
| CN1288572C (en) | Data processing unit and method for controlling overwrited by non-volatility storage device | |
| US10216936B2 (en) | Method of preventing computer malfunction, computer program, and computer | |
| KR101799261B1 (en) | Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag | |
| US8893124B2 (en) | Method, apparatus and system for limiting access to virtualization information in a memory | |
| Scott et al. | Strata: A software dynamic translation infrastructure | |
| KR101673435B1 (en) | Creating an isolated execution environment in a co-designed processor | |
| CN1285038C (en) | System and method for handling device accesses to a memory providing increased memory access security | |
| CN108154032B (en) | Computer system trust root construction method with memory integrity guarantee function | |
| CN1692332A (en) | Handling faults associated with operation of guest software in the virtual-machine architecture | |
| CN1679001A (en) | Control over faults occurring during the operation of guest software in the virtual-machine architecture | |
| KR101618535B1 (en) | Secure data protection with improved read-only memory locking during system pre-boot | |
| JPH05250183A (en) | Microprocessor system and cpu interrupting method | |
| CN1707399A (en) | Portable electronic apparatus having an openable lid, program product and method of controlling portable electronic apparatus | |
| CN1885275A (en) | Embedded system and real-time monitoring and processing method thereof | |
| US9245122B1 (en) | Anti-malware support for firmware | |
| WO2017105577A1 (en) | Method and apparatus for protecting a pci device controller from masquerade attacks by malware | |
| US10565141B1 (en) | Systems and methods for hiding operating system kernel data in system management mode memory to thwart user mode side-channel attacks | |
| CN1628284A (en) | Secure execution mode exceptions | |
| CN104572161A (en) | UEFI (Unified Extensible Firmware Interface) firmware implementation method based on Loongson portable computer | |
| KR100494499B1 (en) | Data retouching method for executing file on real time and virus elimination method using the data retouching method thereof | |
| CN1324422C (en) | Method for controlling computer system protection | |
| CN1920786A (en) | System and method for implementing safety control of operation system | |
| CN102331941B (en) | Method for managing hard disk switching of loongson mainboard | |
| Gebhardt et al. | Separating hypervisor trusted computing base supported by hardware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070704 Termination date: 20210331 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |