KR102033040B1 - Method and apparatus for protecting data using volatile memory - Google Patents

Abstract

Provided are a data protection method using a volatile memory and an apparatus thereof. A data protection apparatus comprises: a storage management unit setting one of a volatile memory or a memory which is removable from the data protection device as a storage; and an application management unit identifying a security target application program and setting a storage location of application data generated by the identified application program as the storage.

Description

METHOD AND APPARATUS FOR PROTECTING DATA USING VOLATILE MEMORY}

Embodiments disclosed herein relate to a data protection method and apparatus using a volatile memory, and more particularly, a memory region having a volatile feature that maintains data only while a computing device is driven and powers generated data. A method and apparatus for protecting data by being stored in the same.

Recently, with the development of communication technology, various applications have been developed using computing devices to perform various tasks online.

For example, in the past, when purchasing products offline, it was possible to purchase products online through an online shopping mall application installed on a PC or smart device, and banking can be processed online through a bank application installed on a smart device. It became. You can also send and receive instant messages through your smart device.

As such, in the process of processing various tasks of an individual using the computing device, a file containing personal information of the individual is stored in a storage of the computing device.

However, even if the file is deleted, the connection for accessing the data stored in the storage of the computing device is only disconnected, and the data physically stored in the storage is not deleted.

For this reason, if a file temporarily created by the application and the data stored by the user are stored in the auxiliary memory device of the terminal, it can be recovered even if deleted. Therefore, in order to permanently delete data from recovery, a separate permanent erase program, low level format, degaussing, etc. must be performed.

When you delete a file, the permanent deletion program writes a random value into the memory where the data is stored, preventing you from restoring the previously recorded data. However, it takes a long time because it overwrites a value larger than the stored data. And since low-format formats the entire memory, the entire data is erased and the operating system and applications need to be reinstalled, which is time consuming and very inefficient. In addition, the degaussing does not allow the auxiliary memory device to be recovered using a strong magnetic field, but the hard disk is broken and thus cannot be used anymore.

In particular, when using a public PC or a work PC, the user searches for files one by one and deletes them through a permanently deleted program, or deletes or deletes them. There is a problem that needs to be done.

In the related art, Korean Patent Publication No. 10-2011-0034351, which is related to the prior art document, relates to a system and method for preventing information leakage through secure USB memory, and whether the I / O is included in the leakage prevention list based on the contents of the hooked file. By identifying and preventing the leakage of information, even if the file containing the security information is deleted, the data remains in the repository, so that the security information may not be solved.

Therefore, there is a need for a technique for solving the above problems.

On the other hand, the background art described above is technical information that the inventors possess for the derivation of the present invention or acquired in the derivation process of the present invention, and is not necessarily a publicly known technique disclosed to the general public before the application of the present invention. .

Embodiments disclosed herein are intended to provide a data protection method and apparatus using a volatile memory.

Embodiments disclosed herein are directed to a method and apparatus for protecting data using a volatile memory that sets a region of a main memory having volatile characteristics as a storage where data is stored.

Embodiments disclosed in the present specification are to provide a data protection method and apparatus using a volatile memory for changing the storage location of the temporary data generated during the operation of the application to the storage set in the memory.

Embodiments disclosed herein are directed to a data protection method and apparatus using a volatile memory for moving data to a storage set in a memory in a virtual memory used by an operating system.

Embodiments disclosed in the present specification are to provide a data protection method and apparatus using a volatile memory to detect whether the data is paged so that the paged data is stored in the storage set in the memory.

As a technical means for achieving the above-described technical problem, according to an embodiment, in the data protection device, the storage management unit and the security target application program for setting one of the volatile memory or the memory removable from the data protection device as a storage And it may include an application management unit for setting the storage location of the application data generated in the identified application program to the storage.

According to another embodiment, a method of protecting data by a data protection device, the method of protecting data by a data protection device, comprising: setting one of a volatile memory or a memory detachable from the data protection device as storage; And identifying a security target application program and setting a storage location of the application data generated by the identified application program as the storage.

According to another embodiment, a computer-readable recording medium having a program for executing a data protection method recorded thereon, the data protection method comprising: setting one of a volatile memory or a memory detachable from the data protection device as a storage; And identifying a security target application program and setting a storage location of the application data generated in the identified application program as the storage.

According to another embodiment, a computer program executed by a data protection device and stored in a recording medium for performing the data protection method, the data protection method comprising: storing one of a volatile memory or a memory detachable from the data protection device. And setting the storage location of the application data generated by the identified application program as the storage.

According to any one of the above-described problem solving means, it is possible to provide a data protection method and apparatus using a volatile memory.

According to any one of the above-mentioned means for solving the problem, the auxiliary storage device to a part of the main memory volatile data generated by the user through the application, such as document editing, browser, messenger or temporary files generated when the application is executed A data protection method and apparatus using volatile memory that can be stored as a storage or stored in a separate volatile auxiliary storage device so that no data remains when the power is turned off can be provided.

According to any one of the above-described problem solving means, in the case of using the important data shared in each of the plurality of terminals in the application, security can be concentrated by having the generated temporary files, etc. are stored in the designated storage rather than stored in each terminal A data protection method and apparatus using a volatile memory can be provided.

According to any one of the above-described problem solving means, it is possible to provide a data protection method and apparatus using volatile memory to reduce the vulnerability of security by centralizing the security target by allowing data to be stored in a designated storage.

According to any one of the above-mentioned means for solving the problem, it is possible to present a data protection method and apparatus using a volatile memory that can prevent data leakage by permanently deleting the data even if the user loses or is taken over by the user. have.

According to any one of the above-mentioned means for solving the problem, it is possible to present a data protection method and apparatus using a volatile memory that can permanently delete the data only by turning off the power, thereby reducing the cost and time of data deletion for permanent deletion of the data. .

The effects obtainable in the disclosed embodiments are not limited to the effects mentioned above, and other effects not mentioned above are apparent to those skilled in the art to which the embodiments disclosed from the following description belong. Can be understood.

1 is a block diagram illustrating a data protection device according to an embodiment.
2 to 4 are flowcharts illustrating a data protection method according to an embodiment.

Hereinafter, various embodiments will be described in detail with reference to the accompanying drawings. The embodiments described below may be embodied in various different forms. In order to more clearly describe the features of the embodiments, detailed descriptions of the matters well known to those skilled in the art to which the following embodiments belong are omitted. In the drawings, parts irrelevant to the description of the embodiments are omitted, and like reference numerals designate like parts throughout the specification.

Throughout the specification, when a configuration is "connected" to another configuration, this includes not only 'directly connected' but also 'connected' between different configurations. In addition, when a configuration "includes" a certain configuration, this means that, unless specifically stated otherwise, it may further include other configurations other than the other configuration.

Hereinafter, exemplary embodiments will be described in detail with reference to the accompanying drawings.

However, before describing this, the meanings of the terms used below are first defined.

'Data' is a value that is physically stored in memory. A file is a link that contains a link to access data stored in memory.

'Application data' is data generated by an application program and may include data temporarily generated during execution of an application program or data stored through the application program.

The main memory is a memory that temporarily stores data used by the central processing unit. Data is maintained while the power is supplied, but is physically initialized and deleted when the power is interrupted.

'Auxiliary memory' is a memory that stores data except main memory, for example, HDD (Hard Disk Drive), SSD (Solid State Drive), USB (Universal Serial Bus), etc. It may be included, RAM may be included when the power supply is interrupted data.

'Storage' is an area that is set in at least one of the main memory device or the auxiliary memory device to serve as an auxiliary memory device, the data may be temporarily stored, the data stored in the physical initialization can be deleted.

In addition to the terms defined above, terms that need explanation are explained separately below.

1 is a block diagram illustrating a data protection device 10 according to an embodiment.

The data protection device 10 may be implemented as a computer, a portable terminal, a television, a wearable device, or the like, connected to a remote server through a network or connected to other terminals and servers. Here, the computer includes, for example, a laptop, desktop, laptop, etc., which is equipped with a web browser, and the portable terminal is, for example, a wireless communication device that ensures portability and mobility. , Personal Communication System (PCS), Personal Digital Cellular (PDC), Personal Handyphone System (PHS), Personal Digital Assistant (PDA), Global System for Mobile communications (GSM), International Mobile Telecommunication (IMT) -2000, Code CDMA Division Multiple Access (2000), all types of handhelds such as W-Code Division Multiple Access (W-CDMA), Wireless Broadband Internet (Wibro), Smart Phones, and Mobile Worldwide Interoperability for Microwave Access (WiMAX). It may include a (Handheld) based wireless communication device. In addition, the television may include an Internet Protocol Television (IPTV), an Internet Television (Internet Television), a terrestrial TV, a cable TV, or the like. Further, the wearable device is, for example, an information processing device of a type that can be worn directly on a human body such as a watch, glasses, accessories, clothes, shoes, etc., and is connected to a remote server or another terminal via a network directly or through another information processing device. It can be connected with.

Referring to FIG. 1, the data protection device 10 according to an embodiment may include an input / output unit 110, a control unit 120, a communication unit 130, and a memory 140.

The input / output unit 110 may include an input unit for receiving an input from a user, and an output unit for displaying information such as a result of performing a task or a state of the data protection device 10. For example, the input / output unit 110 may include an operation panel for receiving a user input and a display panel for displaying a screen.

In detail, the input unit may include devices capable of receiving various types of user input such as a keyboard, a physical button, a touch screen, a camera, or a microphone. In addition, the output unit may include a display panel or a speaker. However, the present invention is not limited thereto, and the input / output unit 110 may include a configuration that supports various input / output.

The controller 120 controls the overall operation of the data protection device 10 and may include a processor such as a CPU. The controller 120 may control other components included in the data protection device 10 to perform an operation corresponding to the user input received through the input / output unit 110.

For example, the controller 120 may execute a program stored in the memory 140, read a file stored in the memory 140, or store a new file in the memory 140.

The controller 120 may include a storage manager 121, an application program manager 122, a virtual memory manager 123, and a file system access controller 124.

First, the storage manager 121 may set one of a volatile memory or a memory that is detachable from the data protection device as a storage.

According to an embodiment of the present disclosure, the storage manager 121 may set a region of the main memory 141, which is the memory 140, in which data storage is temporarily maintained while a predetermined condition is maintained.

For example, the storage manager 121 may set a region of RAM, a volatile main memory 141 that temporarily stores data processed by the central processing unit, as a storage, and store the storage as a secondary storage device 142. As described above, the storage device may be configured as a device such as an auxiliary memory device capable of storing or reading data.

According to another exemplary embodiment, the storage manager 121 may register the auxiliary memory device 142, which is a memory 140 in which data storage is maintained, and additionally set the registered auxiliary memory device 142 as a storage.

For example, the storage manager 121 may register a secondary memory device, USB, SSD, and the like, which are detachable from the data protection device 10, based on a user input, and additionally set the registered auxiliary memory device as a storage. have.

In addition, the storage manager 121 may block the storage of the application data of the application program in another memory except the memory set as the storage.

For example, the storage manager 121 may block the storage of the application data corresponding to the file when the auxiliary memory device other than the auxiliary memory device set as the storage is set as a storage path. In this case, the storage manager 121 may store data as a storage that can be stored or display a location of the storage.

On the other hand, the application management unit 122 may identify the security target application program so that the application data is stored in the storage.

For example, the application management unit 122 may analyze whether the application executed in the data protection device 10 permits the change of the application data storage location, and if the storage location of the data is changeable, the application may be applied as a security target. You can register a program.

In addition, the application manager 122 may set a storage location of the application data generated by the application identified as being able to apply security.

According to an embodiment, the application program manager 122 may set an application data storage location of a file on an application program as a storage.

For example, the application program manager 122 may change the path where the application data of the temporary file generated on the application program is stored to the storage or set the application data of the file stored by the application to be stored only in the storage.

The virtual memory manager 123 may set the location of the virtual memory set by the operating system running in the data protection device 10 as a storage.

For example, the virtual memory manager 123 may change the path of the virtual memory to change the auxiliary memory set as the virtual memory in the operating system to the storage set by the storage manager 121.

In addition, the virtual memory manager 123 may store data that the operating system processes in the main memory 141 in the storage.

For example, the virtual memory manager 123 may allow the operating system to store, in the storage, data that is paged into virtual memory for processed data among data loaded in the main memory 141 or data that has not been processed within a predetermined time. .

At this time, according to an embodiment, the virtual memory manager 123 may block the storage of data in the auxiliary memory device which is a storage location of the virtual memory preset by the operating system.

For example, the virtual memory manager 123 may move the data stored in the auxiliary memory device in which the virtual memory is set to the storage, and set the virtual memory function to be inactivated for the operating system.

In addition, the file system access control unit 124 may allow the input and output of data according to the file call of the application program identified by the application manager 122 to be secured through the storage.

According to an embodiment of the present disclosure, the file system access control unit 124 may control an input / output of data for a file call in an application program to be stored in a storage.

For example, when an application program calls a file for data stored in the auxiliary memory device, the file system access control unit 124 may copy the data stored in the auxiliary memory device to the storage, and respond to a file call of the application program. You can provide data copied to the repository.

According to another exemplary embodiment, the file system access control unit 124 may control the application program to store data of a file stored in the auxiliary memory device in the storage.

For example, when the application program selects a storage path of a file for temporary data in the auxiliary storage device, the file system access control unit 124 may store data to be stored in the application in the storage, and the file is stored in the storage. The filesystem can be controlled to form links with stored data.

In addition, the file system access control unit 124 may copy the data stored in the storage to a separate auxiliary memory device.

For example, the file system access control unit 124 may copy the data stored in the storage to the USB storage device selected by the user.

The communicator 130 may perform wired or wireless communication with another device or a network. To this end, the communication unit 130 may include a communication module supporting at least one of various wired and wireless communication methods. For example, the communication module may be implemented in the form of a chipset.

The wireless communication supported by the communication unit 130 may be, for example, Wi-Fi (Wireless Fidelity), Wi-Fi Direct, Bluetooth, UWB (Ultra Wide Band) or NFC (Near Field Communication). In addition, the wired communication supported by the communication unit 130 may be, for example, USB or High Definition Multimedia Interface (HDMI).

The memory 140 may install and store various types of data such as files, applications, and programs. The controller 120 may access and use data stored in the memory 140 or store new data in the memory 140. In addition, the controller 120 may execute a program installed in the memory 140.

The memory 140 may be divided into a main memory 141 and a secondary memory 142.

The main memory 141 may temporarily store data used by the CPU.

For example, the main memory 141 may temporarily store data processed by the CPU while directly transmitting and receiving data with the CPU.

The main memory 141 may store data while power is supplied, but when the power supply is interrupted, the main memory may be physically initialized to delete data. For example, the main memory 141 may be implemented as a random access memory (RAM). have.

The auxiliary memory device 142 may store other data except for data required by a process processed by the CPU.

The auxiliary memory device 142 may be implemented as a hard disk drive (HDD), a solid state drive (SSD), a universal serial bus (USB), or the like, which stores data even when the data power supply is interrupted. It can also be implemented as RAM where data is volatilized.

2 to 4 are flowcharts illustrating a data security method according to an embodiment.

The data security method according to the embodiment shown in FIGS. 2 to 4 includes steps that are processed in time series in the data security device 10 shown in FIG. 1. Therefore, even if omitted below, the above description of the data security device 10 shown in FIG. 1 may be applied to the data security method according to the embodiment shown in FIGS. 2 to 4.

2 is a flowchart illustrating a data security method in which the data security device 10 stores data of an application program in volatile storage.

Referring to FIG. 2, the data security device 10 may set one of a volatile memory or a memory that is detachable from the data protection device as a storage (S2001).

According to an embodiment, the data security device 10 may set storage in a main memory device which is a volatile memory.

For example, the data security device 10 may set a region of RAM, which is a main memory device for storing data, while the power supply is maintained, and set the set storage to function as an auxiliary memory device for storing data. Can be.

The data security device 10 may additionally set a storage in the auxiliary memory device.

For example, the data security device 10 may be connected to an external I / O port to register the auxiliary memory device by a user's selection among the removable storage devices detachable from the data security device 10, and the registered auxiliary memory may be registered. When the device is connected to the I / O port and recognized, a part of the recognized secondary memory can be set as a storage.

The data security device 10 may identify a security target application program (S2002).

For example, the data security device 10 may identify an application that can change a storage location of temporary data among applications executed by a user input, and secure an application that can change a storage location of temporary data. You can register as an applicable application.

The data security device 10 may set a storage location of data generated by the identified application program as a storage (S2003).

That is, the data security device 10 may set the storage location of the application data generated in the application to the storage set in step S2001 for the application that can be secured in step S2002.

For example, the data security device 10 may change the location for storing the application data temporarily generated by the application program from the HDD which is the secondary memory device of the existing data security device 10 to the storage set in step S2001.

Alternatively, for example, the data security device 10 may set the location where the application data can be stored in the application program as a storage of the USB which is the auxiliary memory device registered by the user in step S2001.

At this time, according to the embodiment, the data security device 10 may block the storage of data in other auxiliary memory devices other than the auxiliary memory device set as a storage.

For example, if an application attempts to store application data in another auxiliary memory device other than the auxiliary storage device set as storage, the data security device 10 blocks the storage of the application data with the selected other auxiliary memory device, and stores it in the application. The secondary storage device set as can notify the setting of the storage location of the application data.

In addition, the data security device 10 may control the file system to input / output data in the storage where the application program data is set (S2004).

According to an embodiment of the present disclosure, the data security device 10 may control the file system such that data input / output of the file is stored in the storage according to a file call of an application program.

For example, when an application program calls a file for data stored in an unregistered auxiliary memory device, the data security device 10 may copy data from the auxiliary memory device in which the data of the file called by the application program is stored to the storage. You can provide the application with the data copied to the repository.

According to another exemplary embodiment, the data security device 10 may control data of a file stored by an application program to be stored in the storage.

For example, when the storage path of the file for the temporary data generated by the application is a secondary storage device, the data security device 10 may store data to be stored in the secondary storage device in the application in the storage. You can make a link with the data stored in the repository.

The data security device 10 may copy the data stored in the storage to the auxiliary memory device.

For example, the data security device 10 may copy the data stored in the storage to the auxiliary storage device according to a user's input, and may generate a file that forms a link with the data copied to the storage.

Meanwhile, the data security device 10 may store data paged from the main memory to the virtual memory in the storage.

3 is a flowchart illustrating a data security method for storing data paged to a virtual memory in a storage.

First, the data security device 10 may detect whether paging of data into virtual memory (S3001).

For example, the data security device 10 may set a virtual memory in the operating system or detect a movement from the main memory to the auxiliary memory device in which the virtual memory is set.

The data security device 10 may store the paged data in the set storage (S3002).

To this end, the data security device 10 may set a storage location set as a virtual memory of the operating system as a storage.

For example, when detecting the setting of the virtual memory in the main memory in step S3001, the data security device 10 changes the storage location set to virtual memory in the operating system to the storage to store the data paged from the main memory to the virtual memory Can be stored in

On the other hand, the data security device 10 may move the data paged to the virtual memory set in the auxiliary memory device to the storage.

4 is a flowchart illustrating a method of moving data of a virtual memory to a storage.

The data security device 10 may identify a storage location set by the operating system as a virtual memory (S4001).

For example, the data security device 10 may identify the storage location set as the virtual memory by acquiring the setting information of the operating system. Alternatively, the data security device 10 may identify a storage location corresponding to the virtual memory based on the page table for converting the virtual memory address of the operating system.

And the data security device 10 may move the data stored in the identified storage location to the storage (S4002).

For example, the data security device 10 may copy and move data on the auxiliary memory device, which is a setting position of a virtual memory, set by the operating system to a storage. The data security device 10 may additionally change the area of the virtual memory of the operating system to the storage as described with reference to FIG. 3.

The term '~' used in the above embodiments refers to software or a hardware component such as a field programmable gate array (FPGA) or an ASIC, and '~' serves a part. However, '~' is not meant to be limited to software or hardware. '~ Portion' may be configured to be in an addressable storage medium or may be configured to play one or more processors. Thus, as an example, '~' means components such as software components, object-oriented software components, class components, and task components, and processes, functions, properties, procedures, and the like. Subroutines, segments of program patent code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables.

The functionality provided within the components and 'parts' may be combined into a smaller number of components and 'parts' or separated from additional components and 'parts'.

In addition, the components and '~' may be implemented to play one or more CPUs in the device or secure multimedia card.

The data security method according to the embodiments described with reference to FIGS. 2 to 4 may be implemented in the form of a computer readable medium for storing instructions and data executable by a computer. In this case, the command and data may be stored in the form of program code, and when executed by the processor, a predetermined program module may be generated to perform a predetermined operation. In addition, computer readable media can be any available media that can be accessed by a computer and includes both volatile and nonvolatile media, removable and non-removable media. In addition, the computer readable medium may be a computer recording medium, which is volatile and non-implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Both volatile, removable and non-removable media may be included. For example, computer recording media may be provided via magnetic storage media such as HDDs and SSDs, optical recording media such as CDs, DVDs and Blu-ray discs, or may be accessible via a network. It may be a memory included in the server.

In addition, the data security method according to the embodiments described with reference to FIGS. 2 to 4 may be implemented as a computer program (or computer program product) including instructions executable by a computer. The computer program includes programmable machine instructions processed by the processor and may be implemented in a high-level programming language, an object-oriented programming language, an assembly language, or a machine language. . The computer program may also be recorded on tangible computer readable media (eg, memory, hard disks, magnetic / optical media or solid-state drives, etc.).

Accordingly, the data security method according to the embodiment described with reference to FIGS. 2 to 4 may be implemented by executing the computer program as described above by the computing device. The computing device may include at least a portion of a processor, a memory, a storage device, a high speed interface connected to the memory and a high speed expansion port, and a low speed interface connected to the low speed bus and the storage device. Each of these components are connected to each other using a variety of buses and may be mounted on a common motherboard or otherwise mounted in a suitable manner.

Here, the processor may process instructions within the computing device, such as to display graphical information for providing a graphical user interface (GUI) on an external input, output device, such as a display connected to a high speed interface. Instructions stored in memory or storage. In other embodiments, multiple processors and / or multiple buses may be used with appropriately multiple memories and memory types. The processor may also be implemented as a chipset consisting of chips comprising a plurality of independent analog and / or digital processors.

The memory also stores information within the computing device. In one example, the memory may consist of a volatile memory unit or a collection thereof. As another example, the memory may consist of a nonvolatile memory unit or a collection thereof. The memory may also be other forms of computer readable media, such as, for example, magnetic or optical disks.

In addition, the storage device can provide a large amount of storage space to the computing device. The storage device may be a computer readable medium or a configuration including such a medium, and may include, for example, devices or other configurations within a storage area network (SAN), and may include a floppy disk device, a hard disk device, an optical disk device, Or a tape device, flash memory, or similar other semiconductor memory device or device array.

The above-described embodiments are for illustrative purposes, and those of ordinary skill in the art to which the above-described embodiments belong may easily change to other specific forms without changing the technical spirit or essential features of the above-described embodiments. I can understand. Therefore, it is to be understood that the above-described embodiments are illustrative in all respects and not restrictive. For example, each component described as a single type may be implemented in a distributed manner, and similarly, components described as distributed may be implemented in a combined form.

The scope to be protected by the present specification is represented by the following claims rather than the above description, and should be construed to include all changes or modifications derived from the meaning and scope of the claims and their equivalents. .

10: data security device
110: entrance and exit
120: control unit
121: storage management unit 122: application management unit
123: virtual memory management unit 124: file system access control unit
130: communication unit
140: memory
141: main memory 142: auxiliary memory

Claims (14)

In the data protection device,
A storage manager configured to set one of a volatile memory or a memory detachable from the data protection device as a storage;
An application manager for identifying a security target application program and setting a storage location of application data generated by the identified application program as the storage;
The file system is controlled so that data according to a file call of the application program is inputted and outputted from the storage, the data stored in a memory other than the storage is copied to the storage according to the file call, and the data copied to the storage is stored. File system access control unit provided to the application program; And
Identify a location of a virtual memory set by an operating system running in the data protection device, move data stored in the identified location to the storage, and change the location of the virtual memory set by the operating system to the storage Including a memory management unit,
The storage management unit,
A data protection device for blocking the storage of the application data in the other memory area except the memory set as the storage. delete delete delete delete The method of claim 1,
The virtual memory management unit,
A data protection device for blocking the storage of data for the memory of the location set by the operating system to the virtual memory. In a method of protecting data by a data protection device,
Setting one of the volatile memory or the memory detachable from the data protection device as a storage;
Identifying a security target application program;
Setting a storage location of application data generated in the identified application program as the storage;
Blocking storage of the application data in another memory area except the memory set as the storage;
Controlling a file system such that data according to a file call of the application program is inputted and outputted from the storage; And
Setting a location of a virtual memory set by an operating system running in the data protection device as the storage;
Controlling the file system,
Copying data stored in a memory other than the storage to the storage according to the file call, and providing the data copied in the storage to the application program.
Setting the location of the virtual memory to the storage,
Identifying a location of the virtual memory set by the operating system, moving data stored in the identified location to the storage, and changing and setting the location of the virtual memory set by the operating system to the storage; How to protect. delete delete delete delete The method of claim 7, wherein
The data protection method,
Blocking the storage of data for the memory of the location set by the operating system to the virtual memory, the data protection method. A computer-readable recording medium having recorded thereon a program for performing the method of claim 7. A computer program carried out by a data protection device and stored in a medium for carrying out the method according to claim 7.

Images