JP2011150490A - Program, apparatus and method for file control - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a file control program or the like that achieves control of operation of read/write to a file, allowing the control of the read/write without imposing an excessive load on arithmetic processing of a computer and without depending on hardware. <P>SOLUTION: It is decided in an API whether a designated file is a file stored in a volatile memory to instructions to specify a file that is a target of the read/write of the file from an application program. When the designated file is a file stored in a nonvolatile secondary storage device, an OS is made to copy the file to the volatile memory, and a file descriptor is made to be generated to the copied file to restrict the later target of the read/write to the files stored in the volatile memory. Because can perform the writing into only the volatile memory wherein data are erased when power is cut off, coping with unauthorized bringing-out or falsification of the file becomes possible. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a file control program, a file control apparatus, and a file control method for controlling a read / write operation on a file in order to protect the file from illegal acts such as taking out and falsification.

  When important information such as personal information is managed by a computer, appropriate protection of the file is required so that the file in which the important information is written is not taken out or altered. For example, a file is protected by setting an access authority with a password or encryption, but these methods have a problem that they cannot cope with an illegal act by an authorized person.

  In order to cope with such a problem, a method of physically prohibiting file take-out itself can be considered. For example, when data such as a file is downloaded from a file server to a terminal and used, when the terminal performs a writing process, the invention prohibits writing the data to the secondary storage device and caches the data in a volatile memory. (See paragraphs 0014 to 0015 of Patent Document 1).

JP 2007-172063 A

  According to the invention described in Patent Document 1, a file downloaded from a file server can only be written to a volatile memory even if an attempt is made to save it in the terminal. Therefore, if the terminal is turned off, the file is automatically deleted. It is possible to prevent the file from being stored in the secondary storage device and being taken out illegally. However, it is conceivable that the present invention has some problems as described below.

  First, there is a possibility that the performance of the computer may be lowered by a process of determining a cache in the volatile memory at the time of reading and writing. According to the present invention, when a write process or a read process is performed on a file, the type of the process is determined and execution of writing to the volatile memory or the like is determined. That is, this determination is made each time an instruction (read or write) for reading / writing data is performed, and processing such as writing to a volatile memory is executed.

  On the other hand, with regard to reading and writing such data, the amount of data that can be processed per process is usually limited by the application, so if you try to read or write by specifying a single file generated using the application, Is divided into a plurality of data, and a read / write instruction is performed. Therefore, when trying to read / write one file, the above determination is performed for each divided data. Therefore, as the amount of data in one file increases, the calculation load on the computer increases. There is a risk of lowering reliability.

  Second, since prohibition of reading and writing is realized by hardware control, there is a possibility that reading and writing to hardware that is not subject to control may be performed. In the present invention, control such as write prohibition is performed by a driver that hooks IO processing to the file system (see paragraph 0013 of Patent Document 1). However, since the driver controls hardware, writing is performed. The object to be prohibited depends on the hardware, and there is a risk that reading and writing to hardware that is not subject to control (for example, an external storage device such as a USB memory) will be executed.

  The present invention has been made in order to cope with such a problem, and is capable of controlling reading and writing without applying an excessive load on computer processing and without depending on hardware. It is an object of the present invention to provide a file control program, a file control apparatus, and a file control method that realize control of a read / write operation on a file for protecting it from illegal activities such as taking out and falsification.

  The present invention that solves such a problem is a file control program for controlling a read / write operation on a file, and detects an instruction for specifying a file to be read / written requested by an application program on a computer. A file specifying instruction detecting step; a file storage area determining step for determining whether a file specified by the instruction detected in the file specifying instruction detecting step is a file stored in a volatile memory of the computer; If it is determined in the file storage area determination step that the file is included in the file list, the file stored in the volatile memory in the operating system of the computer or the application program interface of the operating system is stored. A first file descriptor requesting step for requesting generation of a file descriptor to be used for reading and writing to the file, and when the file storage area determining step determines that it is not included in the file list, the operating system or the operating system A copy request step for requesting the application program interface of the system to copy the file specified by the instruction detected in the file specification instruction detection step to the volatile memory, and the file requested in the copy request step When copied to volatile memory, the file copied to volatile memory is copied to the operating system or an application program interface of the operating system. A second file descriptor requesting step for requesting generation of a file descriptor to be used for reading and writing to the first file descriptor, and a return value for an instruction for specifying a file to be read / written requested by the application program. And a file descriptor response step for returning a file descriptor generated by the operating system in response to a file descriptor generation request in the request step or the second file descriptor request step. is there.

  In the present invention, an instruction for specifying a file to be read / written for generating a file descriptor specified in the read / write instruction (open, create, etc.) is controlled instead of controlling a read / write instruction for the file. When an instruction to specify a file is received, the file descriptor is always generated for the file stored in the volatile memory and returned to the application, and then the file descriptor is specified and executed. The target of reading and writing is limited to only files stored in volatile memory.

  Since the data stored in the volatile memory is deleted when the computer is turned off, the file stored in the secondary storage device is illegally written and the file is altered, or the secondary storage device Effective in preventing a file from being written and illegally taken out, and returning a file descriptor for the file stored in volatile memory in response to an instruction identifying the file, thereby reading and writing the file ( read, write, etc.) need not be controlled. Therefore, the process for controlling one file is only required once, which is effective in improving the efficiency of arithmetic processing. In addition, since the writing process to the hardware (secondary storage device) is not controlled by the driver, any secondary storage device that can be read and written from the computer without depending on the hardware is prohibited. Can also be controlled.

  In addition, the present invention, when the file requested in the copy request step is copied to the volatile memory, the file identification information specified by the instruction detected in the file specification instruction detection step, A file list writing step for associating identification information of a file copied to the volatile memory and storing the file as a file list in the volatile memory is executed. In the file storage area determining step, the file specifying instruction detecting step is performed. Whether the file specified by the detected command is included in the file list or not is determined as a file stored in the volatile memory of the computer.

  With this configuration, since the file list of the files generated by copying from the original storage location such as the secondary storage device to the volatile memory is stored, it is stored in the secondary storage device or the like in the subsequent processing. When an instruction for specifying a file as a read / write target is received, it is possible to quickly determine whether a copy is generated in the volatile memory.

  Further, according to the present invention, the file specified by the instruction detected in the file specifying instruction detection step is a file stored in the volatile memory or a non-volatile secondary storage device, and in the copy request step Requesting a copy of the file read from the secondary storage device to the volatile memory, the secondary storage device including an auxiliary storage device in the computer, an external storage device connected to the computer, An auxiliary storage device in a computer connected to the computer through a network may be included.

  With this configuration, a file stored in a hard disk of a computer, an external storage device such as a USB memory, a hard disk of a file server connected via a network, or the like can be controlled.

  Further, according to the present invention, the computer determines whether the file specified by the instruction detected in the file specifying instruction detection step is a file stored in a predetermined storage area in a non-volatile secondary storage device. Storage area determining step, and when the storage area determining step determines that the file is stored in a predetermined storage area, the operating system, or an application program interface of the operating system, A third file descriptor requesting step for requesting generation of a file descriptor to be used for reading and writing with respect to a stored file, and an instruction for specifying a file to be read / written requested by the application program And a step of returning a file descriptor generated by the operating system in response to a file descriptor generation request in the third file descriptor request step, as a return value to be executed, and predetermined in the storage area determination step When it is determined that the file is stored in the storage area, the file storage area determination step is not executed, or the file storage area determination step is executed and it is determined that the file is not included in the file list. Alternatively, the copy request step may not be executed.

  With this configuration, not all files stored in the secondary storage device are subject to control, but some files are restored to the original files stored in the secondary storage device instead of the non-volatile memory. Can be read and written, and excluded from the object of prohibition of taking-out and tampering.

  The present invention can also be specified as a file control apparatus including the file control program according to the present invention.

  A file control apparatus according to the present invention is a file control apparatus for controlling a read / write operation on a file, and a file specifying instruction detecting means for detecting an instruction specifying a file to be read / written requested from an application program A file storage area determination means for determining whether a file specified by the instruction detected by the file specification instruction detection means is a file stored in a volatile memory of the computer; and the file storage area determination means If it is determined that the file is included in the file list, the file used for reading / writing the file stored in the volatile memory in the operating system of the computer or the application program interface of the operating system. A first file descriptor requesting unit that requests generation of a file descriptor, and a file storage area determining unit that determines that the file descriptor is not included in the file list, the operating system or an application program interface of the operating system Copy request means for requesting copying of the file specified by the instruction detected in the file specifying instruction detection step to the volatile memory; and the file requested by the copy request means is copied to the volatile memory. Then, the operating system, or the application program interface of the operating system, uses a file decoder for use in reading and writing files copied to the volatile memory. As a return value for a second file descriptor request means for requesting generation of a crypter and an instruction for specifying a file to be read / written requested by the application program, the first file descriptor request means or the second file descriptor request means And a file descriptor response unit that returns a file descriptor generated by the operating system in response to a file descriptor generation request by the file descriptor request unit.

  The present invention can also be specified as a file control method executed by the file control program according to the present invention.

  A file control method according to the present invention is a file control method for controlling a read / write operation on a file, wherein a computer detects a command for specifying a file to be read / written requested by an application program. An instruction detecting step; and a file storage area determining step in which the computer determines whether the file specified by the instruction detected in the file specifying instruction detecting step is a file stored in a volatile memory of the computer. When the computer is determined to be included in the file list in the file storage area determining step, the operating system of the computer, or the application program interface of the operating system, A first file descriptor requesting step for requesting generation of a file descriptor for use in reading and writing with respect to a file stored in the volatile memory; and the computer determines that the file storage area determining step does not include the file in the file list A copy request for requesting the operating system or an application program interface of the operating system to copy the file specified by the instruction detected in the file specifying instruction detection step to the volatile memory; And when the file requested in the copy requesting step is copied to the volatile memory, the operating system or an application of the operating system A second file descriptor requesting step for requesting generation of a file descriptor to be used for reading and writing the file copied to the volatile memory; and a read / write target requested by the application program from the application program A file descriptor generated by the operating system in response to a file descriptor generation request in the first file descriptor request step or the second file descriptor request step is returned as a return value for an instruction for specifying a file to be And a file descriptor response step.

  According to the present invention, it is possible to control reading / writing with respect to a file stored in the secondary storage device without imposing an excessive load on the arithmetic processing of the computer, and to protect the file from illegal acts such as take-out and tampering. In addition, since the driver does not control reading and writing to the secondary storage device, all files that can be read and written from the computer can be controlled without depending on the hardware.

It is a figure which shows the outline | summary of embodiment which uses this invention for a stand-alone computer. It is a figure which shows the outline | summary of embodiment which uses this invention for the computer connected to the file server via the network. It is a block diagram which shows the structure of the file control apparatus concerning this invention. It is a figure which shows the flow which specifies the file used as the object of reading / writing. It is a figure which shows the flow of reading / writing to a file. In the present invention, it is a diagram showing a flow of controlling an instruction for specifying a file to be read and written (when copied to a volatile memory). FIG. 6 is a first diagram illustrating a flow of controlling an instruction for specifying a file (when not copied to a volatile memory) to be read / written in the present invention. FIG. 9 is a second diagram showing a flow of controlling an instruction for specifying a file (when not copied to a volatile memory) to be read / written in the present invention. In this invention, it is a figure which shows the flow which reads a file. In this invention, it is a figure which shows the flow which writes a file. It is a flowchart which shows the processing flow of the file control program concerning this invention.

  Embodiments for carrying out the present invention will be described below in detail with reference to the drawings. The following description shows an example of the embodiment of the present invention. The configuration of the computer and the program, the type of the secondary storage device storing the file to be protected, and the like will be described below. It is not limited to the embodiment.

  1 and 2 show an outline of an embodiment of the present invention. As shown in these figures, the present invention can be applied to files stored in an HDD or the like of a computer operated by a user, or a file server or the like connected to a computer operated by a user via a network. Both can be protected.

  FIG. 1 shows an overview of an embodiment in which the present invention is used in a stand-alone computer. In this embodiment, when a user wants to protect a file stored in the HDD of the computer and designates a predetermined file stored in the non-volatile HDD, when the user tries to read or write, an API unique to the present invention is obtained. By the function of (application program interface), a file to be read / written is replaced with a file copied to a RAM which is a volatile memory. For this reason, writing is not performed on the file to be protected stored in the HDD, and illegal acts such as falsification of the file can be prevented.

  In addition, even when an attempt is made to write a file that has been read / written to another secondary storage device, for example, an external storage device such as a USB memory, an area for writing the file by an API function unique to the present invention. Since the volatile memory is replaced with the RAM, the file is not written to the USB memory or the like, and illegal actions such as taking out the file can be prevented.

  Note that in the present invention, when a file other than a file stored in the volatile memory is specified for an instruction for specifying a file to be read / written performed by the application program, the copy to the volatile memory is executed. However, since the file to be read / written is replaced with the file copied to the volatile memory, in principle, all files can be protected if they are stored in a non-volatile secondary storage device other than the volatile memory. Can be. Therefore, contrary to the above embodiment, even when it is desired to protect a file stored in the USB memory, reading / writing with respect to the file stored in the USB memory is replaced with reading / writing with respect to the file copied to the RAM. It is also effective for tampering such as falsification of a file stored in a memory or taking out by writing to a HDD or the like.

  FIG. 2 shows an outline of an embodiment in which the present invention is applied to a computer connected to a file server via a network. In this embodiment, a file stored in an HDD of a file server connected to a computer via a network such as the Internet or a LAN is targeted for protection, and a predetermined file stored in the HDD of the file server is designated. When the user attempts to read / write, the file to be read / written is replaced with the file copied to the RAM, which is a volatile memory, by the API function unique to the present invention. The file to be protected is not written, and illegal acts such as falsification of the file on the file server side can be prevented.

  Also, when an attempt is made to write the file read / written here to another secondary storage device, for example, an external storage device such as an HDD or USB memory of a computer operated by the user, an API unique to the present invention is also provided. With this function, the area in which the file is written is replaced with the RAM, which is a volatile memory. Therefore, the file is not written to the HDD, the USB memory, or the like, and illegal actions such as taking out the file can be prevented.

  In this embodiment, as in the previous embodiment, if a command other than the file stored in the volatile memory is specified for an instruction for specifying a file to be read / written performed by the application program, The file to be read / written is replaced with the file copied to the volatile memory, so that not only the file stored in the HDD of the file server but also the HDD of the computer operated by the user Files stored in can also be protected.

  As described above, according to the present invention, for example, when an important file containing personal information is stored in the HDD or file server of a computer, the user accesses this file and reads / writes it. However, the read / write file is stored only in the volatile memory RAM, and will be erased when the computer is turned off, so it is effective in preventing fraudulent acts such as tampering and taking out the file. It is.

  FIG. 3 shows the configuration of the file control apparatus (computer provided with the file control program according to the present invention) according to the present invention. A computer 10 constituting the file control apparatus according to the present invention includes a CPU 11, a main storage device (main memory) 12, and an auxiliary storage device (HDD) 13. The computer 10 is connected to an input device 15 such as a keyboard and a mouse, and an output device 16 such as a display and a printer, and can also be connected to an external storage device 14 such as a USB memory.

  The main storage device (main memory) 12 includes a RAM 121 and a ROM 122. The RAM 121 is a volatile memory, and functions as a working area when the CPU 11 performs a calculation process by reading a program. The ROM 122 is a read-only memory and stores various basic programs for hardware control such as input control and output control.

  The auxiliary storage device (HDD) 13 stores an OS (Operating System) 131, an application program 132, a driver 133, an API (Application Program Interface) 134, and a file 135 to be protected in the present invention. ing. In addition, the file 141 to be protected in the present invention may be stored in the external storage device 14. Alternatively, the file 21 to be protected in the present invention is a file server 20 connected to the computer 10 via a network such as the Internet or a LAN (in this case, not a volatile memory provided in the file server 20 but an auxiliary storage). The file 21 stored in the non-volatile secondary storage device such as a measure may be stored).

  When predetermined processing is executed by a program stored in the auxiliary storage device (HDD) 13, hardware control such as input control and output control stored in the ROM 122 of the main storage device (main memory) 12 is performed. The CPU 11 performs arithmetic processing while starting up various basic programs and causing the RAM 121 to function as a program work area.

  That is, when the computer 10 is activated in the configuration of FIG. 3, the OS 131 is read into the RAM 121, and various processes can be executed. Further, when it is desired to read / write a file such as a document file or a spreadsheet file, the application program 132 corresponding to each file is read into the RAM 121 and the program is started to be stored in the auxiliary storage device 13. The file 135, the file 141 stored in the external storage device 14, the file 21 stored in the file server 20, and the like can be read and written. When transferring data between the application program 132 and the OS 131, the API 134 is read into the RAM 121, and processing such as a predetermined processing request from the application program 132 to the OS 131 is executed. When a predetermined operation is executed on the file 135 or the like stored in the auxiliary storage device 13, the driver 133 corresponding to each hardware is read into the RAM 121 and a predetermined process for the hardware is executed.

  Based on such a configuration, an operation for realizing file protection by the file control program according to the present invention will be described with reference to FIGS. 6 to 10 and a flowchart of FIG. The operations performed by the application program, API, OS (operating system), and driver described with reference to FIGS. 6 to 10 are executed by the application program 132, OS 131, API 134, and driver 133, respectively.

  Before describing the operation of the present invention, the normal process flow will be described with reference to FIGS. 4 and 5 for the operation of specifying a file to be read / written by an application program and executing the read / write to the file.

  FIG. 4 shows a normal flow of operations for specifying a file to be read / written by an application program. When the user wants to read and write a specified file by the application program while the OS and application program are running on the computer, the file read command (read (file path) etc.) and the file write Before an instruction (write (file path) or the like), an instruction (open (file path), create (file path) or the like) for specifying a file to be read / written is performed.

  In this command, the file path of the target file (information that can identify the file may be used, but in general, the file stored in the storage device is identified by the path indicating the area in which the file is stored and the file name. ) Is specified (in the example of FIG. 4, the file path of the file stored in the D drive which is the auxiliary storage device is specified), and the API corresponding to the file specification is called and specified. The OS is requested to generate fd (file descriptor = file descriptor, file handle is the same) for the file. The OS calls the driver to confirm the location of the designated file, and generates fd used to specify the file in subsequent commands. The fd generated here is returned from the API to the application program as a return value for an instruction for specifying a file to be read / written.

  FIG. 5 shows a normal flow of operations for reading and writing files by an application program. The left side shows the flow of reading, and the right side shows the flow of writing. However, the file path for the file to be read / written is the same for both the file reading (read etc.) and file writing (write etc.) commands. Instead of being specified, the target file is specified by specifying the fd previously returned from the API in each command.

  In other words, when the OS first processes an instruction for specifying a file to be read / written, the OS retains the association between the file path of the target file and the fd generated for this file, and In this case, a file specified from a file path corresponding to fd designated by an instruction such as read (fd) is read by the application program. At the time of writing, data input to the application program is written to a file specified from a file path corresponding to fd specified in an instruction such as write (fd).

  Note that when reading / writing a file by an application program, the amount of data that can be processed by a single instruction is often limited, so fd is specified when reading / writing one file. Usually, read and write instructions are performed in multiple steps.

  As described above, the read / write command for the file is executed by specifying the fd generated by the command for specifying the file to be read / written. In the file control program according to the present invention, as described below, By controlling the file at the stage of specifying the file to be read / written by the application program, the file is protected when the file is read / written.

  6 to 8 show a flow of controlling an instruction for specifying a file to be read / written in the present invention. The processing flow is summarized in the flowchart of FIG.

  A computer user activates an application program such as document creation or spreadsheet, specifies a file to be read / written, and performs operations such as “open file” and “save file”. When such an operation is accepted, the application program calls the corresponding API, and a required process is requested from the API to the OS.

  Here, before a read / write command for a file is issued from the application program, as described above, a command for specifying a file to be read / written from the application program to the API (open (file path)) , Create (file path), etc.) are performed (S1 in FIG. 11). In the example shown in FIGS. 6 to 8, an instruction for specifying a file to be read / written is specified by specifying a file path of a file stored in the D drive of the auxiliary storage device.

  Normally, this command is directly transferred from the API to the OS. However, in the API used in the present invention, the file specified in the command is stored in the volatile memory (RAM) of the main storage device which is a volatile memory. Whether the file is stored in a non-volatile secondary storage device (including an auxiliary storage device, an external storage device, or an auxiliary storage device of a file server). In the following, an example in which the RAM of the main storage device is used as the volatile memory will be described. However, the volatile memory in the present invention is not limited to the RAM of the main storage device, and after the power is turned off. As long as it is a volatile memory from which data is erased, a memory other than the main storage device may be configured.

  A method for making this determination is not particularly limited. For example, files stored in the volatile memory of the main storage device are stored in the volatile memory of the main storage device as a handling list. By referring to the handling list (S2 in FIG. 11) and confirming whether or not the file specified in the instruction specifying the file to be read / written is included in the handling list (S3 in FIG. 11), the designated list is specified. It can be determined whether the file stored in volatile memory. In addition, the drive storing the file is specified from the file path specified in the instruction for specifying the file to be read / written, and the drive corresponds to the volatile memory (R drive in this example) of the main storage device. It is good also as judging whether it is.

  If it is determined that the file specified here is stored in the volatile memory of the main storage device, as shown in the example of FIG. 6, the API notifies the OS of the volatile memory of the main storage device. Is requested to generate fd for the file stored in (D drive file) (S7 in FIG. 11). Upon receiving this request, the OS reads the corresponding driver, checks the specified file in the volatile memory of the main storage device, and generates fd for specifying this file. The API receives the generated fd from the OS (S8 in FIG. 11), and returns the generated fd as a return value to the application program (S9 in FIG. 11).

  On the other hand, when it is determined that the designated file is not stored in the volatile memory of the main storage device but is stored in the non-volatile secondary storage device, as shown in the example of FIG. In this example, it is assumed that the specified file is stored in the auxiliary storage device of the D drive), and the API requests the OS to copy the specified file to the volatile memory of the main storage device (see FIG. 11 S4).

  Upon receiving this request, the OS executes a process of copying the file from the auxiliary storage device (D drive) to the volatile memory (R drive) of the main storage device. The API receives the file path of the copied file (file path of the R drive) from the OS (S5 in FIG. 11), and the file path (D of the file specified in the command specifying the file in the handling list of the volatile memory) The file path is stored in association with the file path of the drive (S6 in FIG. 11).

  Subsequently, as shown in the example of FIG. 8, the API requests the OS to generate fd for the file copied to the volatile memory of the main storage device (file of the R drive) ( S7 in FIG. Upon receiving this request, the OS reads the corresponding driver, checks the specified file in the volatile memory of the main storage device, and generates fd for specifying this file. The API receives the generated fd from the OS (S8 in FIG. 11), and returns the generated fd as a return value to the application program (S9 in FIG. 11).

  When it is determined by the operation described above that the file specified in the command specifying the file is stored in the volatile memory of the main storage device, the file specified in the command specifying the file is the main storage device. In any case where it is determined that the file is stored in a non-volatile secondary storage device, the volatile memory is always included in the application program that issued the file specifying instruction. The fd generated for the file stored in is returned. Since reading and writing commands to the file are performed by specifying this fd, reading and writing to the file executed by the application program is performed only for the file stored in the volatile memory.

  That is, if it is a read command (read (fd) or the like), as illustrated in FIG. 9, the fd of the file stored in the volatile memory is always specified, so the read file is volatile. The file is stored in memory. Further, if it is a write command (write (fd) or the like), as illustrated in FIG. 10, the fd of the file stored in the volatile memory of the main storage device is always specified. The target file is a file stored in the volatile memory of the main storage device, and the file stored in the auxiliary storage device is not written, and the written file is automatically deleted when the power is turned off. It will be.

  The same is true when an attempt is made to write a file stored in the volatile memory of the main storage device to a secondary storage device such as an auxiliary storage device. When a copy from the volatile memory (R drive) of the main storage device to the auxiliary storage device (D drive) is to be executed, an instruction for specifying a file to be written is executed before the instruction to execute the copy, If a new file is created instead of overwriting an existing file, fd is generated for the file to be created (0-byte file). At this time, fd is generated as a new file on the volatile memory (R drive) of the main storage device by the same operation as shown in FIG. 6, so that the file to be copied is also stored in the main storage device. It can only write to volatile memory (R drive).

  As described above, according to the present invention, falsification is achieved by overwriting a file stored in a secondary storage device such as an auxiliary storage device, a USB memory, or an auxiliary storage device of a file server connected via a network. In addition, the file cannot be taken out by writing it to another secondary storage device, which is suitable for protecting a file in which important information such as personal information is recorded.

  In addition, as described above, the file read and write commands that are performed after the file specifying command are normally performed in multiple times for one file. When reading / writing to the secondary storage device is controlled in response to the read / write instruction, in the present invention, in the fd generation stage for the instruction specifying the file, the fd to be read / written is only the file on the volatile memory. Control reading and writing to the secondary storage device by limiting to For this reason, it is not necessary to make a judgment necessary for control for each read / write instruction, which is effective in reducing the load on the computer and improving the performance.

  Furthermore, in the present invention, since reading and writing to the secondary storage device is controlled by controlling the generation of fd in the API, it is not necessary to make settings for each driver corresponding to each hardware. Therefore, it is also effective in that reading and writing can be controlled without depending on hardware.

  In the present invention, the read / write control to the secondary storage device is executed in the API as described above. However, the API unique to the present invention having such a function may be replaced with the existing API. In addition, while using the existing API as described with reference to FIGS. 4 and 5, the API specific to the present invention detects an instruction for specifying a file from the application, and this is detected by the OS via the existing API. The same function may be realized by making the request described above.

  In the latter case, in the flow of FIG. 6 or FIG. 8, if it is confirmed that the file specified in the command for specifying the file is stored in the volatile memory of the main storage device, the existing API is called to May be requested to generate fd. In the flow of FIG. 7, an existing API for requesting the OS to copy a file may be called to request the OS to copy the specified file to the volatile memory of the main storage device.

  In addition, according to the methods described so far, all files stored in the secondary storage device such as the auxiliary storage device become the protection target, but the protection target is changed to a part of the files stored in the secondary storage device. It is also possible to limit. In this case, when the storage area of the file to be excluded from the protection target is stored in the computer in advance, and it is confirmed that the file specified in the command for specifying the file is stored in the volatile memory of the main storage device In addition, it is confirmed whether the specified file is not stored in the storage area of the file to be excluded from protection.

  Here, even if it is determined that the specified file is not stored in the volatile memory of the main storage device but is stored in the non-volatile secondary storage device, the storage area of the file excluded from the protection target If the file is stored in the storage device, the OS is requested to generate fd for the file stored in the secondary storage device without executing the process of copying the file to the volatile memory of the main storage device. If this is done, the file can be read and written even if it is stored in the secondary storage device, and can be excluded from the protection target.

10 Computer 11 CPU
12 Main memory (main memory)
13 Auxiliary storage device (HDD)
131 OS
132 Application program 133 Driver 134 API
135 File 14 External Storage Device 141 File 15 Input Device 16 Output Device 20 File Server 21 File

Claims (6)

A file control program for controlling read / write operations on a file.
A file specifying instruction detecting step for detecting an instruction specifying a file to be read / written requested by an application program;
A file storage area determining step for determining whether a file specified by the instruction detected in the file specifying instruction detecting step is a file stored in a volatile memory of the computer;
When it is determined in the file storage area determining step that it is included in the file list, it is used for reading / writing the file stored in the volatile memory in the operating system of the computer or the application program interface of the operating system. A first file descriptor request step for requesting generation of the file descriptor;
When it is determined that the file storage area is not included in the file list in the file storage area determination step, the file is specified by the instruction detected in the file specification instruction detection step in the operating system or the application program interface of the operating system. A copy requesting step requesting copying a file to the volatile memory;
When the file requested in the copy requesting step is copied to the volatile memory, a file descriptor used for reading / writing the file copied to the volatile memory to the operating system or an application program interface of the operating system. A second file descriptor request step for requesting generation of
As a return value for an instruction specifying a file to be read / written requested from the application program, in response to a file descriptor generation request in the first file descriptor request step or the second file descriptor request step A file descriptor response step for returning a file descriptor generated by the operating system;
A file control program for executing In the computer,
When the file requested in the copy requesting step is copied to the volatile memory, the identification information of the file specified by the instruction detected in the file specifying instruction detecting step and the file copied to the volatile memory A step of writing a file list in which identification information is associated and stored in the volatile memory as a file list;
In the file storage area determining step, it is determined whether the file specified by the instruction detected in the file specifying instruction detecting step is a file stored in the volatile memory of the computer, depending on whether the file is included in the file list. The file control program according to claim 1, wherein: The file specified by the instruction detected in the file specifying instruction detection step is a file stored in the volatile memory or a non-volatile secondary storage device,
In the copy request step, a request is made to copy the file read from the secondary storage device to the volatile memory;
The secondary storage device includes an auxiliary storage device in the computer, an external storage device connected to the computer, and an auxiliary storage device in a computer connected to the computer through a network. The file control program according to claim 1 or 2. In the computer,
A storage area determination step for determining whether a file specified by the instruction detected in the file specification instruction detection step is a file stored in a predetermined storage area in a nonvolatile secondary storage device;
When it is determined that the file is stored in a predetermined storage area in the storage area determination step, the file stored in the storage area is read / written to the operating system or the application program interface of the operating system. A third file descriptor requesting step for requesting generation of a file descriptor for use;
A file descriptor generated by the operating system in response to a file descriptor generation request in the third file descriptor request step is returned as a return value for an instruction for specifying a file to be read / written requested from the application program. Step, and
If it is determined in the storage area determination step that the file is stored in a predetermined storage area, the file storage area determination step is not executed, or the file storage area determination step is executed and the file list is displayed. The file control program according to any one of claims 1 to 3, wherein the copy request step is not executed even if it is determined not to be included. A file control device for controlling a read / write operation on a file,
A file specifying instruction detecting means for detecting an instruction for specifying a file to be read / written requested by an application program;
File storage area determining means for determining whether the file specified by the instruction detected by the file specifying instruction detecting means is a file stored in the volatile memory of the computer;
When the file storage area determining means determines that the file is included in the file list, it is used for reading / writing the file stored in the volatile memory in the operating system of the computer or the application program interface of the operating system. First file descriptor request means for requesting generation of the file descriptor;
If the file storage area determination means determines that the file list is not included in the file list, the file storage area determination unit specifies the operating system or an application program interface of the operating system according to the instruction detected in the file specifying instruction detection step. Copy request means for requesting copying a file to the volatile memory;
When the file requested by the copy requesting unit is copied to the volatile memory, a file descriptor used for reading / writing the file copied to the volatile memory to the operating system or an application program interface of the operating system. Second file descriptor request means for requesting generation of
As a return value for an instruction for specifying a file to be read / written requested from the application program, in response to a file descriptor generation request by the first file descriptor request unit or the second file descriptor request unit, A file descriptor response means for returning a file descriptor generated by the operating system;
A file control apparatus comprising: A file control method for controlling a read / write operation on a file,
A file specifying instruction detecting step in which a computer detects an instruction specifying a file to be read / written requested by an application program;
A file storage area determining step in which the computer determines whether the file specified by the instruction detected in the file specifying instruction detecting step is a file stored in a volatile memory of the computer;
When it is determined that the computer is included in the file list in the file storage area determination step, the computer stores the file stored in the volatile memory in the operating system of the computer or the application program interface of the operating system. A first file descriptor request step for requesting generation of a file descriptor for use in reading and writing;
When the computer determines that the file storage area is not included in the file list in the file storage area determination step, the instruction detected in the file specific instruction detection step in the operating system or an application program interface of the operating system A copy request step for requesting to copy the file specified by the volatile memory;
When the file requested in the copy requesting step is copied to the volatile memory, the computer uses the operating system or an application program interface of the operating system to read / write the file copied to the volatile memory. A second file descriptor request step for requesting generation of a file descriptor for
Generation of a file descriptor in the first file descriptor request step or the second file descriptor request step as a return value for an instruction for specifying a file to be read / written requested by the application program from the computer A file descriptor response step for returning a file descriptor generated by the operating system in response to the request;
A file control method characterized by comprising:

Images