KR102368208B1 - File leakage prevention based on security file system and commonly used file access interface - Google Patents

Abstract

Receiving a storage request for a target file from a first program among the application programs through an API (Application Programming Interface) type file input/output interface that can be commonly called by application programs in the system of the present specification; determining whether the type of the target file is included in a list of allowed types in a preset policy; encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and storing the encrypted target file in a storage connected to a network.

Description

File system that supports security features and file leakage prevention based on common file access interface

This specification relates to a file system supporting a security function and file leakage prevention based on a common file access interface.

In electronic devices such as computers, a lot of data is handled in the form of files, and the files are stored and/or stored in a storage medium and read from the storage medium again. Protective measures such as access control may be applied to files that can be accessed by multiple people for security reasons. However, despite the protection measures for these files in various organizations such as companies, government agencies, and non-profit organizations, file leakage occurs frequently due to the involvement of insiders. File leakage can occur in the form of computer files for various data such as personal information, many technical data such as product blueprints, and confidential data such as public facilities, industrial facilities, and military secrets.

As a technology to prevent file leakage, it is a method of forcing file storage in a special storage medium (eg USB memory) designed to be equipped with a security function, a method of preventing the leakage of data in a specific format through real-time monitoring of the network, for work A method of safely storing encrypted files after encrypting temporary files has been proposed.

The present specification provides an API and a processing module thereof, which exist as an API of a system or framework and which can be commonly called by an application program, so as to utilize a file leakage prevention function without modifying an application program installed in an electronic device. This specification proposes a file leakage prevention technology that can be implemented in the form of a file system so that it can be safely stored in a storage existing on a network according to the type of the application program and the type of the target file.

The present specification provides a method for preventing file leakage of a computer according to an embodiment. The file leakage prevention method includes receiving a storage request for a target file from a first program among the application programs through an API (Application Programming Interface) type file input/output interface that can be commonly called by application programs in the system. movement; determining whether the type of the target file is included in a list of allowed types in a preset policy; encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and storing the encrypted target file in a network-connected storage.

Meanwhile, the present specification provides a method for preventing file leakage of a computer according to another embodiment. The file leakage prevention method includes receiving a read request for the target file from any one of the application programs through an API (Application Programming Interface) type file input/output interface that can be commonly called by application programs in the system. operation, the target file is stored in a network-connected storage in the form of a ciphertext; When the application program is included in the list of allowed programs in a preset policy and the application program is associated with the type of the target file, the encrypted target file is decrypted in plaintext form, and the transmitting the target file in response to the read request; and transmitting the target file in cipher text form in response to the read request when the application program is not included in the list of allowed programs in the policy.

Meanwhile, the present specification provides an apparatus for preventing file leakage according to an embodiment. The file leakage prevention device includes a memory for storing an application program and a file system module, and the file system module receives a file storage request and a read request received through file input/output interfaces in the form of an API that can be commonly called by the application program. configured to include instructions for executing an operation to process; a network module that establishes a connection with a storage of a network and transmits and receives a target file processed by the file system module to the storage; and a processor electrically connected to the memory and the network module to process the storage request of the application program and process the read request for the target file. The processor may process the storage request by: receiving a storage request for the target file from any one of the application programs through a first interface among the file input/output interfaces; determining whether the type of the target file is included in a list of allowed types in a preset policy; encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and storing the encrypted target file in a network-connected storage. The processor is configured to process the read request: receiving a read request for the target file from any one of the application programs through a second interface among the file input/output interfaces, wherein the target file is in the form of a network is stored in a connected storage; When the application program is included in the list of allowed programs in a preset policy and the application program is associated with the type of the target file, the encrypted target file is decrypted in plaintext form, and the transmitting the target file in response to the read request; and when the application program is not included in the list of allowed programs in the policy, transmitting the target file in the form of a cipher text in response to the read request.

Meanwhile, the present specification provides a storage request for a target file that is operable in a computer according to an embodiment and is received through file input/output interfaces in the form of an API (Application Programming Interface) that can be commonly called by application programs in the system. and a computer program storable in a recording medium to execute an operation for processing a read request.

The processing of the storage request may include: receiving a storage request for the target file from any one of the application programs through a first interface among the file input/output interfaces; determining whether the type of the target file is included in a list of allowed types in a preset policy; encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and storing the encrypted target file in a network-connected storage. The operation of processing the read request includes: receiving a read request for the target file from any one of the application programs through a second interface among the file input/output interfaces; stored in the repository; When the application program is included in the list of allowed programs in a preset policy and the application program is associated with the type of the target file, the encrypted target file is decrypted in plaintext form, and the transmitting the target file in response to the read request; and when the application program is not included in the list of allowed programs in the policy, transmitting the target file in the form of a cipher text in response to the read request.

The file leak prevention technology disclosed in this specification prevents the target file from being leaked to users who are not authorized by policy by using encryption and distributed storage functions according to the types of applications and files. The file leakage prevention technology of the present specification is implemented using a commonly used interface, so that the application program provider can use the file input/output function as in the prior art without separate modification. In addition, the file leakage prevention technology eliminates the need to install a separate security program from the user's point of view as compared to a separate media control security program.

The file leakage prevention technology disclosed in this specification allows access to a registered application program even in the case of the same target file, but prevents operations such as duplication and editing by unregistered application programs. The file leakage prevention technology enables file sharing even if the operating system of the user's computer is different.

1 is a diagram illustrating an exemplary electronic system.
2 illustrates an implementation example of an electronic device to which the technology of the present specification can be applied.
3 is a block diagram of an exemplary program module of an electronic device to which the technology disclosed herein can be applied.
4 is an exemplary flowchart of performing a processing operation for a file storage request according to the technology disclosed herein.
5 is an exemplary flowchart of performing a processing operation for a file read request according to the technology disclosed herein.
6 is an exemplary flowchart of performing processing operations for a file storage request and a file read request according to the technology disclosed herein.
7 shows an interface called by an application program.
8 is a block diagram of an electronic device to which the technology disclosed herein can be applied.

The technology disclosed herein may be applied to a file leakage prevention device. However, the technology disclosed in the present specification is not limited thereto, and may be applied to all electronic devices and methods to which the technical idea of the technology may be applied.

It should be noted that the technical terms used in this specification are only used to describe specific embodiments, and are not intended to limit the spirit of the technology disclosed herein. In addition, the technical terms used in this specification should be interpreted in the meaning generally understood by those of ordinary skill in the art to which the technology disclosed in this specification belongs, unless otherwise defined in this specification. It should not be construed in a very comprehensive sense or in an excessively reduced meaning. In addition, when the technical term used in this specification is an erroneous technical term that does not accurately express the spirit of the technology disclosed in this specification, a technical term that can be correctly understood by those of ordinary skill in the art to which the technology disclosed in this specification belongs should be understood and replaced with In addition, general terms used in this specification should be interpreted according to the definition in the dictionary or according to the context before and after, and should not be interpreted in an excessively reduced meaning.

As used herein, terms including an ordinal number such as first, second, etc. may be used to describe various elements, but the elements should not be limited by the terms. The above terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, a first component may be referred to as a second component, and similarly, a second component may also be referred to as a first component.

Hereinafter, the embodiments disclosed in the present specification will be described in detail with reference to the accompanying drawings, but the same or similar components are assigned the same reference numerals regardless of reference numerals, and redundant description thereof will be omitted.

In addition, in describing the technology disclosed in the present specification, if it is determined that a detailed description of a related known technology may obscure the gist of the technology disclosed in this specification, the detailed description thereof will be omitted. In addition, it should be noted that the accompanying drawings are only for easy understanding of the spirit of the technology disclosed in this specification, and should not be construed as limiting the spirit of the technology by the accompanying drawings.

1 is a diagram illustrating an exemplary electronic system.

Referring to FIG. 1 , the electronic system 100 may include at least one electronic device 101 , 102 , 104 , a server 106 , and/or a network 162 .

The electronic device according to the present specification may be implemented in the form of a device including a communication function. For example, the electronic device includes a smart phone, a tablet personal computer, a mobile phone, a video phone, an ebook reader, a desktop personal computer, and a laptop PC. (laptop personal computer), personal digital assistant (PDA), portable multimedia player (PMP), MP3 player, mobile medical device, camera, or wearable device (e.g. head-mounted device such as electronic glasses) (HMD), an electronic garment, an electronic bracelet, an electronic necklace, an electronic newspaper, or a smart watch).

According to some embodiments, the electronic device may be a smart home appliance having a communication function. Smart home appliances include, for example, a television, a digital video disk (DVD) player, an audio device, a refrigerator, an air conditioner, a vacuum cleaner, an oven, a microwave oven, a washing machine, an air purifier, a set-top box, and a TV. It may include at least one of a box (eg, Samsung HomeSync ^TM , Apple TV ^TM , or Google TV ^TM ), game consoles, an electronic dictionary, an electronic key, a camcorder, or an electronic picture frame.

According to some embodiments, the electronic device includes various medical devices (eg, magnetic resonance angiography (MRA), magnetic resonance imaging (MRI), computed tomography (CT), imagers, ultrasound machines, etc.), navigation devices, and GPS receivers (eg, global positioning system receiver), EDR (event data recorder), FDR (flight data recorder), automotive infotainment device, marine electronic equipment (e.g. marine navigation system and gyro compass, etc.), avionics, security It may include at least one of a device, a head unit for a vehicle, an industrial or household robot, an automatic teller machine (ATM) of a financial institution, or a point of sales (POS) of a store.

According to some embodiments, the electronic device is a piece of furniture or a building/structure including a communication function, an electronic board, an electronic signature receiving device, a projector, or various measurement devices. It may include at least one of devices (eg, water, electricity, gas, or radio wave measuring devices, etc.). The electronic device according to the present specification may be a combination of one or more of the various devices described above. Also, the electronic device according to the present specification may be a flexible device. Also, it is apparent to those skilled in the art that the electronic device according to the present specification is not limited to the above-described devices.

The electronic device 101 may include a bus 110 , a processor 120 , a memory 130 , an input/output interface 150 , a display 160 , and/or a communication interface 170 .

In this case, the network 162 may include a wired LAN, a cable channel network, and all possible methods connected wirelessly.

In some embodiments, the electronic device 101 may omit at least one of the components or may additionally include other components.

The bus 110 may include, for example, a circuit that connects the components 110 - 170 to each other and transmits communication (eg, a control message and/or data) between the components.

The processor 120 may include one or more of a central processing unit (CPU), an application processor (AP), and a communication processor (CP). The processor 120 may, for example, execute an operation or data processing related to control and/or communication of at least one other component of the electronic device 101 .

The memory 130 may include a volatile 131 and/or a non-volatile 133 memory. The memory 130 may store, for example, commands or data related to at least one other component of the electronic device 101 . According to an embodiment, the memory 130 may store software and/or a program. The program may include, for example, a kernel 141 , middleware 143 , an application programming interface (API) 145 , and/or an application program (or “application”) 147 , etc. can At least a portion of the kernel 141 , the middleware 143 , or the API 145 may be referred to as an operating system (OS).

The input/output interface 150 may serve as an interface capable of transmitting, for example, a command or data input from a user or other external device to other component(s) of the electronic device 101 . Also, the input/output interface 150 may output a command or data received from other component(s) of the electronic device 101 to a user or other external device.

The display 160 is, for example, a liquid crystal display (LCD), a light emitting diode (LED) display, an organic light-emitting diode (OLED) display, or microelectromechanical It may include a Micro-Electro-Mechanical Systems (MEMS) display, or an electronic paper display. The display 160 may display, for example, various contents (eg, text, image, video, icon, or symbol) to the user. The display 160 may include a touch screen, and may receive, for example, a touch, gesture, proximity, or hovering input using an electronic pen or a part of the user's body.

The communication interface 170 may establish, for example, communication between the electronic device 101 and an external device (eg, the electronic device 102 , the electronic device 104 , or the server 106 ). For example, the communication interface 170 may be connected to the network 162 through wireless communication or wired communication to communicate with an external device (eg, the electronic device 104 or the server 106 ).

The wireless communication may include, for example, cellular communication. The cellular communication is, for example, long-term evolution (LTE), LTE Advance (LTE-A), code division multiple access (CDMA), wideband CDMA (WCDMA), universal mobile telecommunications system (UMTS), Wireless (WiBro) Broadband) or GSM (Global System for Mobile Communications) may include at least one of. Also, the wireless communication may include, for example, short-range communication 164 . The short-range communication 164 may include, for example, at least one such as wireless fidelity (Wi-Fi), Bluetooth (Bluetooth), or nearfield communication (NFC). In addition, the wireless communication may include a global positioning system (GPS).

The wired communication may include, for example, at least one of universal serial bus (USB), high definition multimedia interface (HDMI), recommended standard232 (RS-232), or plain old telephone service (POTS). The network 162 may include at least one of a telecommunications network, for example, a computer network (eg, LAN or WAN), the Internet, or a telephone network.

Each of the electronic device 102 and the electronic device 104 may be the same or a different type of device from the electronic device 101 . According to one embodiment, the server 106 may include a group of one or more servers. According to various embodiments, all or some of the operations performed by the electronic device 101 may be executed by one or a plurality of external devices (eg, the electronic devices 102 and 104 or the server 106 ). According to an embodiment, when the electronic device 101 needs to automatically or request a function or service, the electronic device 101 performs the function or service by itself instead of or in addition, At least some functions related thereto may be requested from an external device (eg, the electronic devices 102 and 104 or the server 106 ). An external device (eg, the electronic device 102 or 104 , or the server 106 ) may execute a requested function or an additional function, and transmit the result to the electronic device 101 . The electronic device 101 may provide a requested function or service by processing the received result as it is or additionally. For this purpose, for example, cloud computing, distributed computing, or client-server computing technology may be used.

2 illustrates an implementation example of an electronic device to which the technology of the present specification can be applied. The computing device is merely an example of an electronic device to which the technology disclosed herein can be applied, and is not intended to limit the function or scope of use of the technology disclosed herein. Accordingly, the computing environment herein should not be construed as dependent on or necessarily including components shown by way of example and/or combinations thereof.

The computing device may operate for a general purpose or special purpose computing system environment. The computing device 200 to which the technology disclosed herein can be applied is, for example, a personal computer, a server computer, a hand-held device, or a laptop device; Tablets, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable consumer electronics, network PCs ), minicomputers, mainframe computers, distributed computing environments including any of the above systems or devices, and the like.

The techniques disclosed herein may be expressed in the form of general instructions such as program modules executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. The techniques disclosed herein may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in local and/or remote computer storage media including memory storage devices.

Referring to FIG. 2 , an exemplary system to which the technology disclosed herein may be applied includes a general-purpose computing device that may be implemented in the form of a computer 200 . Computer 200 may include, but is not limited to, a system bus 215 that couples various system components, including processor 210 , system memory 220 , and system memory 220 to processing device 210 . it is not The system bus 215 may be any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. For example, such architectures include an industry standard architecture (ISA) bus, a micro channel architecture (MCA) bus, an Enhanced ISA (EISA) bus, a video electronics standard association (VESA) local bus, and a peripheral component interconnect (PCI) bus, etc. can, but is not limited thereto.

Computer 200 may typically include a variety of computer-readable media. Any medium accessible by computer 200 can be computer readable media, and includes volatile and nonvolatile media, removable and non-removable media. For example, computer-readable media may include, but is not limited to, computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media may include RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical disk storage device, magnetic cassette, magnetic tape, magnetic disk storage device or other magnetic storage device; or any other medium that can be accessed by computer 200 and can store desired information. Communication media can transmit computer readable instructions, data structures, program modules, or other data mounted on a data signal modulated by a carrier wave or other transmission method, in general. Includes all information delivery media. The term 'modulated data signal' means a signal in which one or more characteristics of a signal are set or changed so that information is encoded in the signal. For example, communication media includes, but is not limited to, wired media through a wired network or direct connection, and wireless media such as sound, RF, infrared, and the like. Any combination of the above may also be included within the scope of computer-readable media.

System memory 220 includes computer storage media in the form of volatile and/or non-volatile memory such as read-only memory (ROM) 221 and random access memory (RAM) 132 . The ROM 221 , which is a non-volatile memory, generally includes a Basic Input/Output System (BIOS) including basic routines for performing data transfer between internal components when the computer 220 is booted. RAM 222 generally contains data and/or program modules that are immediately accessible to processor 210 and/or are currently operated by processor 210 . For example, the RAM 222 may be a program module including an operating system (OS), an application program, other program modules, and program data, but is not limited thereto.

Computer 200 may also be configured to include other removable/non-removable, volatile/nonvolatile computer storage media. 2, for example, the computer 200 includes a non-removable memory interface 250 for writing data to and reading data from a hard disk drive (HDD), which is a non-removable, non-volatile magnetic medium. It may be configured or configured to include a removable memory interface 260 for writing data to and reading data from a removable, non-volatile flash memory medium. For example, other removable/non-removable, volatile/nonvolatile computer storage media that can be used in connection with the computer 200 include magnetic tape cassettes, flash memory cards, DVDs, digital video tapes, solid state disks (SSDs), etc. but is not limited thereto.

The computer 200 may write or read computer readable instructions, data structures, program modules, and other data of the computer 200 to a storage medium. For example, a computer disk drive may write or read an operating system (OS), application programs, other program modules, and program data. The computer 200 may read data from the storage medium and load it into the system memory 220 .

Computer 200 may operate in a networked environment connected to one or more remote computers. When the computer 200 operates in a network environment, it may be connected to a remote computer through the network interface 270 . The remote computer may be another computing device, for example, a personal computer, server, router, network PC, peer device, or other common network node, and generally at least some or all of the components described in connection with computer 200 . It may be configured to include Such network environments are common in offices, corporate networks, intranets, and the Internet.

Storage space available in a computing device can be generally classified into direct attached storage (DAS), network attached storage (NAS), and storage area network (SAN). The DAS method of directly connecting the storage medium to the computing device may be, for example, a method of writing data to and reading from the storage medium through the non-removable interface 250 or the removable memory interface 260 . When a remote computer in a network environment provides storage space for the computer 200 in a NAS or SAN method, the computer 200 connects to the remote computer through the network interface 270 and stores data in the NAS or SAN method. can be written to and read from.

The computer 200 may be connected to a display device such as a monitor through the video interface 230 . Also, the computer 200 may receive commands and information from input devices such as a keyboard, a mouse, a microphone, an electronic digitizer, a scanner, and a camera through the user input interface 280 . Also, the computer 200 may be connected to a peripheral device such as a printer, a speaker, or the like through the peripheral device interface 240 .

3 is a block diagram of an exemplary program module of an electronic device to which the technology disclosed herein can be applied.

According to an embodiment, the program module 300 (eg, a program stored in the memory 130 of FIG. 1 ) controls resources related to an electronic device (eg, the electronic device 101 of FIG. 1 ). It may include an operating system (OS) and/or various application programs (applications, apps, etc.) running on the operating system. An operating system for an electronic device with relatively high performance may be, for example, Windows or Linux, and an operating system for an electronic device with relatively low performance, for example, Android, It may be iOS, RTOS (Realtime OS), Linux, or Tizen.

The program module 300 may be configured to include a kernel, middleware, an application programming interface (API), and/or an application program. At least a part of the program module 300 may be installed or preloaded on an electronic device, and an external electronic device (eg, the external electronic devices 102 and 104 of FIG. 1 , the server 106 ) etc.) can be downloaded from

The kernel may include, for example, a system resource manager and/or a device driver. The system resource manager may control, allocate, or recover system resources. According to an embodiment, the system resource manager may include a process manager, a memory manager, or a file system manager. The device driver may include, for example, a display driver, a camera driver, a Bluetooth driver, a shared memory driver, a USB driver, a keypad driver, a network driver, a Wi-Fi driver, an audio driver, or an inter process communication (IPC) driver. can

The middleware provides functions commonly required by the application programs, or provides various functions through the API so that the application programs can efficiently use limited system resources inside the electronic device in the form of the application program. can be provided as

The API is, for example, a set of API programming functions, and an application program can use a function provided by the kernel and/or the middleware through the API. The API may be classified into an API that is commonly followed irrespective of the type of the operating system and an API configured differently depending on the operating system. If an API function does not have a dependency on the operating system and supports a form widely used in different operating systems, applications running in the device can access the resources provided by the operating system using the well-known API. can do. As an API standardized to have a common form across multiple operating systems, there is a Portable Operating System Interface (POSIX) rule. File input/output according to POSIX rules may be performed, for example, through an input/output interface such as open, write, write, read, and close. In an embodiment, the API function is provided by the operating system and may be a function that an application program operating in a user mode calls to perform a system operation in a kernel mode. In this case, the API function may be a set of functions located at the boundary between the user mode and the kernel mode. In one embodiment, the API operates as a wrapper function of the system, and may be designed to perform a function combining one or more system APIs.

Various types of the application program exist according to the purpose of the electronic device. In an embodiment, when the electronic device is a mobile terminal providing a communication function, the application program may include, for example, a communication program such as a dialer, SMS/MMS, IM, and an address book. In an embodiment, when the electronic device is a computer, the application program may include, for example, a productivity-related program such as a document creation program, an e-mail program, and a task management program.

3 exemplarily illustrates a part of a program module constituting an electronic device. The program module 300 may include a first program 311 , a second program 312 , and a third program 313 as application programs, but this is illustrated by way of example and the number of applications is limited thereto. it doesn't happen

In one embodiment, the API function 320 may be a file input/output interface provided by the operating system. The application programs may use the file read and/or write functions provided by the file system modules 331 , 332 , 333 which are sub-modules through the file input/output API function 320 .

The file system modules 331 , 332 , and 333 are implemented to process file input/output for different file systems, but the number of file system modules is not limited thereto. According to an embodiment, a file system module to process the file system module may be selected from among the file system modules according to the storage space of the target file of the file input/output requested by the application program.

Referring to FIG. 3 , the application programs 311 , 312 , and 313 provide information about a target file through an interface 320 having an API format commonly supported by a plurality of file system modules 331 , 332 , 333 . File input/output may be requested, and in this case, one file system module determined based on the location of the target file among the plurality of file system modules may process the request. For example, as a network file system, the first file system module 331 may transmit/receive data to/from another device connected to the network and may perform a file input/output request received from the application program. However, even in this case, in order for the first file system 331 to process the file input/output request of the application program, a part of the target file, a temporary file or other intermediate data that may be generated in the process of processing the target file is stored in another file. The possibility of storing and/or reading from storage in the electronic device using a storage medium interface (eg, storage medium interface 343 ) is not excluded.

In one embodiment, the first file system module 331 is present in a network environment through a network interface 341 (eg, the communication interface 170 of FIG. 1 or the network interface 270 of FIG. 2 ). The file may be stored in a file storage server 350 (eg, server 105 of FIG. 1 ). An embodiment of the file leakage prevention technology disclosed in this specification may use a storage existing on a network as a storage area associated with file input/output requested by an application program. In addition, in another embodiment, the file storage server 350 may be a distributed storage configured to include a plurality of servers (351a, 351b, 351c, 351d), in this case, the number of the plurality of servers is an exemplary However, the present invention is not limited thereto.

On the other hand, for example, the second file system module 332 uses the storage medium interface 343 (eg, the non-removable memory interface 250 of FIG. 2 ) to the storage medium ( 360) (eg, the non-volatile memory 133 of FIG. 1 ) may store the file. When the file system module receives a storage request for the type of application and/or target file that is determined not to be stored using the storage, even if the request is received using the same interface 320 . It is stored in a separate storage medium through the storage medium interface 343 rather than the storage 350.

The file system module disclosed in this specification receives a file input/output request through an API type commonly used by a plurality of application programs. In order to support file leakage prevention without any significant modifications to the application program, the interface generally needs to be the same as the form commonly called by the application program. If the user of the electronic device or application program needs to call a special API to perform the file leakage prevention method disclosed in this specification, the application program is designed to use the special API. , which can cause problems that have to be recompiled and distributed. Therefore, the file leak prevention method disclosed in this specification needs to be implemented in a lower-level file system module that is called through a common interface and handles it. For example, the API form that can be commonly called may be an interface conforming to the POSIX standard or an interface conforming to a Filesystem in User-Space (FUSE).

According to various embodiments, at least a portion of the program module 300 may be implemented in software, firmware, hardware, or a combination of at least two or more thereof. At least a portion of the program module 300 may be implemented (eg, executed) by, for example, a processor (eg, the processor 210 ). At least a portion of the program module 300 may include, for example, a module, a program, a routine, a set of instructions, or a process for performing one or more functions.

As used herein, the term “module” may refer to, for example, a unit including one or a combination of two or more of hardware, software, or firmware. The term “module” may be used interchangeably with terms such as, for example, unit, logic, logical block, component, or circuit. A “module” may be a minimum unit or a part of an integrally configured component. A “module” may be a minimum unit or a part of performing one or more functions. A “module” may be implemented mechanically or electronically. For example, a “module” is one of an application-specific integrated circuit (ASIC) chip, field-programmable gate arrays (FPGAs) or programmable-logic device that performs certain operations, known or to be developed. It may include at least one.

At least a portion of an apparatus (eg, modules or functions thereof) or a method (eg, operations) according to various embodiments is, for example, a computer-readable storage medium in the form of a program module It can be implemented as a command stored in . When the instruction is executed by a processor (eg, the processor 120), the one or more processors may perform a function corresponding to the instruction. The computer-readable storage medium may be, for example, the memory 130 .

Computer-readable recording media include hard disks, floppy disks, magnetic media (eg, magnetic tape), optical media (eg, compact disc read only memory (CD-ROM), DVD ( digitalversatile disc), magneto-optical media (e.g., foptical disk), hardware devices (e.g., read only memory (ROM), random access memory (RAM), or flash memory, etc.) etc. In addition, the program instructions may include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a computer using an interpreter, etc. The above-described hardware device may include various implementations. It may be configured to operate as one or more software modules to perform the example operations, and vice versa.

A module or a program module according to various embodiments may include at least one or more of the above-described components, some may be omitted, or may further include additional other components. Operations performed by a module, a program module, or other components according to various embodiments may be executed sequentially, in parallel, iteratively, or in a heuristic manner. Also, some operations may be executed in a different order, omitted, or other operations may be added.

4 is an exemplary flowchart of performing a processing operation for a file storage request according to the technology disclosed herein. The technology disclosed in this specification provides an access control means for a target file to prevent file leakage, and the access control is a method of allowing access only to normal file use according to a preset policy. The file leakage prevention technology disclosed herein may be implemented in a file system that processes an input/output request of a file. Therefore, the file leakage prevention technology can use the standardized file input/output API used by general applications, and the conventional file leakage prevention technology does not receive assistance from the file system module, so a separate temporary file that the application program can access There is an advantage in that it is not necessary to perform actions that are vulnerable to security, such as creating

First, the electronic device receives a storage request for a target file through an API-type file input/output interface that can be commonly called by application programs in the system ( 410 ). The storage request may include a name for the target file, a storage path associated with a location to store the target file, and the like. The API type that can be commonly called may include POSIX or FUSE (Filesystem in User-Space).

The electronic device may determine whether the storage request conforms to the preset policy ( 420 ). Whether the policy conforms to the policy may be determined according to various items in the policy. The electronic device stores in advance conditions used to determine whether to apply the file protection method disclosed in the present specification. The conditions may be referred to by various terms such as policies and configuration values, and may be preset in the electronic device or updated as necessary. The policy generally includes conditions for user identification information, use time, device identification information, location of use, program used, etc., and if essential conditions among the conditions are met, follow-up measures to prevent file leakage can be done

In an embodiment, the electronic device may determine whether the type of the target file is included in a list of allowed types in a preset policy in order to determine whether the storage request conforms to the policy ( 421).

That is, the electronic device may determine whether to encrypt the target file based at least partially on the type of the target file ( 421 ). As the type of the target file, an extension included in the name of the target file, a file type determined based on the format of the target file, or a Multipurpose Internet Mail Extensions (MIME) type may be used. In an embodiment, as the type of the encryption target file, a document, mail, picture, text, or compressed file may be included.

In another embodiment, when it is necessary to determine whether the storage request meets other conditions included in the policy, the electronic device stores in the storage or encrypts the target file only when the other conditions are satisfied. Determining operations may be performed ( 423 ). For example, the electronic device may determine whether the application program is included in the program list for the type of the target file in the preset policy. That is, the electronic device determines that the storage request does not conform to the policy when the application program is not associated with the type of the target file and is not included in the list of programs associated with the type of the target file. can judge In this case, the storage device may respond with an error value in response to the storage request and stop a processing operation for the storage request.

When the storage request does not conform to the preset policy, the electronic device may store the target file in the storage in the form of plain text without encryption ( 430 ).

Encryption of the target file may include not only public key infrastructure (PKI) based encryption, but also various obfuscation methods such as data scrambling. The encryption is to ensure confidentiality of the target file, and according to an embodiment, when the storage is implemented in the form of a distributed storage, information on servers constituting each distributed storage is included in the encryption operation Thus, even when some of the servers are leaked, the confidentiality of the target file as a whole can be guaranteed. In this case, the distributed servers constituting the storage may be configured to include one or more NAS (Network Attached Storage) servers.

In an embodiment, the operation of encrypting the target file may generate protected data including one or more encrypted chunks based on the target file. Even if a part of the one or more encrypted chunks is leaked, it cannot be recognized that the protected data or the target file is leaked. To this end, each chunk may include information obtainable from each of the distributed servers. Thereafter, the one or more chunks may be distributed and stored in distributed servers constituting the storage.

The electronic device stores the encrypted target file in the storage ( 450 ). This may be an operation of sending the encrypted target file to a storage existing on a network through a communication interface in the electronic device.

5 is an exemplary flowchart of performing a processing operation for a file read request according to the technology disclosed herein. The processing operation according to the read request may be performed separately or continuously from the processing operation for the storage request described with reference to FIG. 4 .

First, the electronic device receives a read (read) request for a target file through the file input/output interface (510). The read request may include a name for the target file, a storage path associated with a location accessible to the target file, and the like. The electronic device may determine whether the read request conforms to the preset policy ( 520 ).

In an embodiment, the electronic device may decrypt files in the form of cipher text in the storage into plain text for a program included in the list of application programs included in the policy. To this end, the electronic device may determine whether the application program that has transmitted the read request is included in the list of allowed programs in the policy ( 521 ). Conversely, in the case of an application program that is not included in the allowed program list in the policy, the target file stored in the storage can be returned as a response in the form of a cipher text because it does not undergo a decryption process. That is, a decryption function may be performed according to the policy within the common file input/output interface. This is to block unauthorized access by unregistered applications to the files stored in the storage.

In another embodiment, the electronic device may determine whether the application program that has transmitted the read request is related to the type of the read-requested target file ( 523 ). The policy may include a list of applications that can access a specific file type. That is, the policy may force the user to use only a specified application program for a specified file type. For example, if only a specific document editing program is included in the list of applications that can access a document file in a specific format, read requests by other text editors or file manager programs of the operating system are disabled it has been

Also, according to an embodiment, when a separate policy needs to be applied in addition to the type of the application program, it may be determined whether or not an essential policy is satisfied ( 525 ). For example, the policy may include a list of devices capable of storing a specific file, a list of places or network addresses, a list of operating systems, a time band, and the like, to further determine whether a corresponding condition is met.

When it is determined that the application program type and/or other policies are satisfied, the encrypted target file is decrypted in plaintext form (540), and the target file in the plaintext form is transmitted in response to the read request. do (550). In other cases, the target file in the form of cipher text stored in the storage may be transmitted in response to the read request ( 560 ).

6 is an exemplary flowchart of performing processing operations for a file storage request and a file read request according to the technology disclosed herein. 6 illustrates an operation in which different application programs process a storage request and a read request with respect to a file system module to which the technology of the present specification is applied. Duplicate content among the parts described with reference to FIGS. 4 and 5 will be omitted.

First, the electronic device receives a storage request of the first program for the target file through the file input/output interface (S611). The electronic device may determine whether the type of the target file is included in a list of allowed types in a preset policy (S613). In addition, if it is necessary to determine whether the storage request meets other conditions included in the policy, the electronic device may perform subsequent encryption operations only when the other conditions are satisfied ( 615 ). For example, the electronic device may determine whether the first program is included in a program list for the type of the target file in the preset policy.

When the type of the target file is included in the list of allowed types or meets other policies, the electronic device may designate a storage area of the target file as a storage and encrypt the target file. (617). Conversely, if the storage request does not conform to the policy, the electronic device may designate a storage medium other than storage for the target file as a storage area and store it, or store it in the storage in the form of unencrypted plaintext. (619). The electronic device stores the encrypted target file in the network-connected storage ( S621 ).

Thereafter, the electronic device may receive a read (read) request for the target file from the second program through the file input/output interface ( 551 ). The electronic device may determine whether the second program is included in a preset program list ( S653 ). Also, according to an embodiment, the electronic device may determine whether the second program is related to the type of the read-requested target file ( 655 ). In addition, according to an embodiment, the electronic device may determine whether other essential policies in the policy are satisfied ( 657 ). When it is determined that the second program type and/or other policies are satisfied, the encrypted target file is decrypted in plaintext form (659), and the target file in the plaintext form is converted into a response to the read request. transmit (661). In other cases, an error message may be transmitted in response to the read request or a target file in the form of a cipher text stored in the storage may be transmitted ( 663 ).

In the electronic device according to the embodiment, when the first program is included in the preset program list but the second program is not, the target file is stored in the storage by the first program, but In the read request, the target file may be received in an encrypted state, so that confidentiality of contents may be maintained. For example, the first program may correspond to a document creation program such as an office, and the second program may be a file management program such as an explorer. In this case, when trying to save the document created by the first program, the target document is encrypted and stored in the storage, but it is stored in a storage device (not the first program) to another device or a local storage device by a searcher with a general function. When copying is attempted, since it is not an allowed application, the copy is made with encryption, and if the decryption method or key value is not known, the target file cannot be accessed.

Meanwhile, in the operation of receiving the read request ( 651 ), when the file system module receives a read request for the encrypted target file from the same first program, whether to allow the first program is stored in the storage Since it is known that it corresponds to the program list during the processing of the request, the subsequent operation may be omitted, the encrypted target file may be directly decrypted in a plain text form, and the target file in the plain text format may be transmitted in response to the read request.

7 shows an interface called by an application program. A file system module to which the technology disclosed herein can be applied may be implemented by including a file input/output interface including a first interface for a file storage request and a second interface for a file read request.

That is, the operation of the file system module processing the storage request may include: receiving a storage request for the target file from any one of the application programs through a first interface among the file input/output interfaces; determining whether the type of the target file is included in a list of allowed types in a preset policy; encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and storing the encrypted target file in a network-connected storage.

In addition, the operation of the file system module processing the read request may include: receiving a read request for the target file from any one of the application programs through a second interface among the file input/output interfaces; is stored in networked storage in the form of ciphertext; When the application program is included in the list of allowed programs in a preset policy and the application program is associated with the type of the target file, the encrypted target file is decrypted in plaintext form, and the transmitting the target file in response to the read request; and when the application program is not included in the list of allowed programs in the policy, transmitting the target file in the form of a cipher text in response to the read request.

In one embodiment, the file input/output interface may be a system API conforming to a POSIX protocol. Referring to FIG. 7A , the file input/output interface 710 may be a system API that distinguishes a user mode and a kernel mode. In this case, the file leakage prevention method according to the technology disclosed herein may be implemented to be included in a file system module corresponding to a part of the operating system. For example, the interface for the storage request may be a function such as open, write, or close, and the interface for the read request may be a function such as open, read, or close.

In another embodiment, the file input/output interface may be a middleware on a program module or a wrapper API on a framework. Referring to FIG. 7B , the file input/output interface 720 may be an API of a framework that may be deployed by a system provider or an independent framework provider. In this case, the file leakage prevention method according to the technology disclosed herein may be implemented to correspond to a part of the framework. For example, the interface provided in the form of a framework API may be a Filesystem in User-Space (FUSE) API.

8 is a block diagram of an electronic device to which the technology disclosed herein can be applied. Referring to FIG. 8 , the electronic device 800 may be configured to include a processor 810 , a memory 820 , and a network module 830 .

The memory 820 may be configured to store an application program and a file system module. The file system module may be configured to include a command for executing an operation for processing a file storage request and a read request received through file input/output interfaces in the form of an API that can be commonly called by the application program.

The network module 830 may be configured to establish a connection with a storage existing on a network and transmit/receive a target file processed by the file system module to the storage.

The processor 810 is electrically connected to the memory 820 and the network module 830 to process the storage request of the application program and the read request for the target file. can be configured to receiving, by the processor, a storage request for a target file from any one of the application programs through a first interface among the file input/output interfaces in order to process the storage request; determining whether the type of the target file is included in a list of allowed types in a preset policy; encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and storing the encrypted target file in a network-connected storage.

The processor may further include: receiving, by the processor, a read request for the target file from any one of the application programs through a second interface among the file input/output interfaces in order to process the read request; When the application program is included in the list of allowed programs in a preset policy and the application program is associated with the type of the target file, the encrypted target file is decrypted in plaintext form, and the transmitting the target file in response to the read request; and when the application program is not included in the list of allowed programs in the policy, transmitting the target file in the form of a cipher text in response to the read request.

Meanwhile, the electronic device 800 may be implemented in the form of the electronic device 101 described with reference to FIG. 1 or the computing device 200 described with reference to FIG. 2 . The electronic device 101 may include: the memory 130 configured to store the application program and the file system module; the communication interface 170 configured to establish a connection with a storage existing on a network and transmit and receive a target file processed by the file system module to the storage; and the processor configured to be electrically connected to the memory 130 and the communication interface 170 to process the storage request of the application program and process the read request for the target file may be configured to include 120 . Hereinafter, overlapping descriptions will be omitted.

The memory 820 may be configured to store an application program and a file system module. The file system module may be configured to include a command for executing an operation for processing a file storage request and a read request received through file input/output interfaces in the form of an API that can be commonly called by the application program.

The network module 830 may be configured to establish a connection with a storage existing on a network and transmit/receive a target file processed by the file system module to the storage.

The processor 810 is electrically connected to the memory 820 and the network module 830 to process the storage request of the application program and the read request for the target file. can be configured to

In the above, preferred embodiments of the technology of the present specification have been described with reference to the accompanying drawings. Here, the terms or words used in the present specification and claims should not be construed as being limited to conventional or dictionary meanings, but should be interpreted as meanings and concepts consistent with the technical spirit of the present invention.

The scope of the present invention is not limited to the embodiments disclosed herein, and the present invention can be modified, changed, or improved in various forms within the scope of the spirit and claims of the present invention.

Claims (14)

receiving a storage request for a target file from a first program among the application programs through an API (Application Programming Interface) type file input/output interface that can be commonly called by application programs in the system;
determining whether the type of the target file is included in a list of allowed types in a preset policy;
encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and
and storing the encrypted target file in a network-connected storage,
The operation of encrypting the target file is
determining whether to encrypt the target file based at least in part on the type of the target file;
generating protected data including one or more encrypted chunks based on the target file when it is determined that the target file is encrypted; and
Transmitting the one or more chunks through a network interface to be distributed and stored in distributed servers constituting the storage, respectively
A method of preventing file leakage on a computer, comprising: The file of claim 1, further comprising responding with an error value in response to the storage request when the first program is not included in the program list for the type of the target file in the preset policy. How to prevent spills. The method of claim 1, wherein the API type that can be commonly called is
A method of preventing the leak of files on your computer, including the Portable Operating System Interface (POSIX) or Filesystem in User-Space (FUSE). delete According to claim 1,
The distributed server constituting the storage method includes one or more NAS (Network Attached Storage) servers. receiving a storage request for a target file from a first program among the application programs through an API (Application Programming Interface) type file input/output interface that can be commonly called by application programs in the system;
determining whether the type of the target file is included in a list of allowed types in a preset policy;
encrypting the target file when it is determined that the type of the target file is included in the allowed type list;
storing the encrypted target file in a network-connected storage;
receiving a read request for the encrypted target file from a second program among the application programs through the file input/output interface;
determining whether the read request from the second program meets the preset policy;
transmitting the target file in cipher text form in response to the read request when it is determined that the read request does not conform to the preset policy; and
when it is determined that the read request conforms to the preset policy, decrypting the target file in a plain text format, and transmitting the target file in the plain text format in response to the read request; How to prevent. The method of claim 6 , wherein it is determined whether the read request from the second program meets the preset policy.
When the second program is not included in the list of allowed programs in the preset policy, or when the second program is not associated with the type for the target file, the computer that determines that it does not meet the policy How to prevent file leaks. delete A memory for storing an application program and a file system module, the file system module executes an operation of processing a file storage request and a read request received through file input/output interfaces in the form of an API that can be commonly called by the application program is configured to include instructions to;
a network module that establishes a connection with a storage of a network and transmits and receives a target file processed by the file system module to the storage; and
A file leakage prevention device comprising a processor electrically connected to the memory and the network module to process the storage request of the application program and process the read request for the target file,

The processor to process the storage request:
receiving a storage request for a target file from any one of the application programs through a first interface among the file input/output interfaces;
determining whether the type of the target file is included in a list of allowed types in a preset policy;
encrypting the target file when it is determined that the type of the target file is included in the allowed type list; and
performing an operation to store the encrypted target file in a network-connected storage,
The processor to process the read request:
receiving a read request for the target file from any one of the application programs through a second interface among the file input/output interfaces, the target file being stored in a network-connected storage in the form of cipher text;
When the application program is included in the list of allowed programs in a preset policy and the application program is associated with the type of the target file, the encrypted target file is decrypted in plaintext form, and the transmitting the target file in response to the read request; and
When the application program is not included in the list of allowed programs in the policy, transmitting the target file in the form of a cipher text in response to the read request.
File leak protection device. 10. The method of claim 9,
The file system module is included in a part of the operating system of the file leakage prevention device and is configured as one of the modules for processing the file system,
The file leakage prevention device, characterized in that the API type that can be commonly called is the file input/output API type of the operating system. 11. The method of claim 10,
The API that can be commonly called is a file leakage prevention device including a POSIX (Portable Operating System Interface) API. 12. The method of claim 11,
The interface for the storage request includes open, write, or close, and the interface for the read request includes open, read or close. 10. The method of claim 9,
The API that can be commonly called is a file leakage prevention device including a file FUSE (Filesystem in User-Space). delete

Images