KR20140129714A - Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof - Google Patents
Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof Download PDFInfo
- Publication number
- KR20140129714A KR20140129714A KR20130048338A KR20130048338A KR20140129714A KR 20140129714 A KR20140129714 A KR 20140129714A KR 20130048338 A KR20130048338 A KR 20130048338A KR 20130048338 A KR20130048338 A KR 20130048338A KR 20140129714 A KR20140129714 A KR 20140129714A
- Authority
- KR
- South Korea
- Prior art keywords
- usb
- usb device
- information
- cloud server
- vdi
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004891 communication Methods 0.000 claims description 26
- 230000006870 function Effects 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000013475 authorization Methods 0.000 claims description 8
- 238000004519 manufacturing process Methods 0.000 claims description 7
- 230000000903 blocking effect Effects 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 11
- 238000003860 storage Methods 0.000 description 7
- 238000012546 transfer Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000002265 prevention Effects 0.000 description 5
- 239000000047 product Substances 0.000 description 5
- 230000008901 benefit Effects 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000007792 addition Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000007788 liquid Substances 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000003892 spreading Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Radar, Positioning & Navigation (AREA)
- Remote Sensing (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
Description
The present invention relates to an apparatus and method for preventing content leakage of a cloud server using a USB device in a VDI environment, and more particularly, to an apparatus and method for preventing content leakage in a cloud server by accessing a virtual device interface (VDI) environment through an unauthorized USB device, The present invention relates to an apparatus and method for preventing content leakage of a cloud server using a USB device in a VDI environment in which leakage of a content can be prevented.
Generally, cloud computing refers to the Internet-based (cloud) computing technology. Cloud computing represents the Internet as a cloud in a computer network diagram. It has a hidden, complex infrastructure and a computing style in which IT-related functions are provided as services. Users can use the services provided by cloud computing using the Internet.
That is, the cloud computing is a combination of various computing concepts and communication technologies such as virtualization computing, utility computing, on-demand computing, and the like. In general, a plurality of data centers constituted by a plurality of computers are integrated into a virtualization technology, Refers to a technology that implements a virtual computer or service, which is accessed by a user to provide various software, security solutions, and computing capabilities in an on-demand manner.
The cloud computing is an on-demand type outsourcing service of IT resources through the Internet. It stores programs or documents individually stored in a personal computer or a server of an enterprise in an Internet-based virtual server or storage, A cloud application such as a web browser is operated using various terminals including a mobile terminal, and a user can perform a desired operation.
At this time, users can select and use as many computing resources as cloud applications, storage, OS, and security at a desired point in time, and pay a price based on usage.
Although cloud computing has not been fully realized yet, research on cloud computing services, service platform technology, and virtualization technology is being actively conducted by large corporations including Google, Microsoft and IBM.
Such cloud computing technology development focuses mainly on desktop-based computing environments or server-side virtualization technologies for effective mass processing, but does not consider service technologies for a mobile environment based on a variety of small terminals It is true.
However, in a recent communication environment utilizing various mobile terminals such as a mobile phone, a smartphone, a notebook, a navigation and a PMP, it is desired to utilize the user's cloud application and the service effectively regardless of the place, The requirements are getting bigger and bigger.
Of course, with the growth of web-based cloud application technology, web-based cloud services that can use cloud applications such as web office and web mail are spreading everywhere with a web browser supporting standard technology, Can use this environment, but there is no effective cloud service interworking method for individual cloud applications that provide complex interfaces and functions.
Meanwhile, in recent years, there have been a lot of cases in which confidential information of a company is leaked through a USB (Universal Serial Bus) device, and the aforementioned cloud computing environment is no exception. Therefore, there is a need for a control method for accessing the cloud application environment through the unauthorized USB (Universal Serial Bus) device in the cloud computing environment and leaking important information.
SUMMARY OF THE INVENTION The present invention has been made in order to solve the above-mentioned problems, and it is an object of the present invention to provide a VDI (Virtual Device Interface) environment through an unauthorized USB device to prevent leakage of contents stored in a cloud server An apparatus and method for preventing leakage of contents of a cloud server using a USB device in a VDI environment.
According to a first aspect of the present invention, there is provided a virtual device interface (VDI) for connecting a cloud server providing a cloud computing service in response to a request of a client terminal through a wired / wireless communication network, An apparatus for preventing leakage of contents stored in a cloud server using a USB device in an environment, the apparatus comprising: an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal; And acquiring device information of the USB device connected through the USB communication interface of the VDI environment in the upper or lower filter driver; A USB authentication module for comparing the device information of the USB device acquired from the USB information acquisition module with the device information of the USB device previously authorized and determining whether the connected USB device is authorized or not according to the comparison result; And a USB control module for accepting or blocking data transmission of the connected USB device according to a predetermined security policy by receiving approval or non-approval discrimination information of the connected USB device from the USB authentication module, The present invention provides a device for preventing content leakage of a cloud server using a USB device in an environment.
Here, the USB information acquisition module changes the USB device connected to the USB communication interface of the VDI environment to the standby state, acquires the device information of the connected USB device, and stores it in a list in a separate memory .
Preferably, when the USB control module receives the data transmission event from the USB device determined to be unauthorized by the upper or lower filter driver after receiving the unauthorized discrimination information of the connected USB device from the USB authentication module, The USB device identified as unauthorized can be changed to the blocked state.
Preferably, the device information of the pre-authorized USB device may be stored in a separate server or database (DB).
Preferably, the device information of the USB device may be at least one of a manufacturer ID, a product ID (or model number), and a manufacturing serial number.
A second aspect of the present invention is a method for providing a cloud service using a USB device in a virtual device interface (VDI) environment in which a client terminal connects with a cloud server providing cloud computing service through a wired / wireless communication network, (A) a USB information acquisition module connected to an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal, Acquiring device information of a USB device connected to the USB communication interface; (b) comparing the device information of the USB device obtained in the step (a) with the device information of the USB device previously authorized through the USB authentication module connected to the USB information acquisition module, Determining whether the USB device is authorized or not; And (c) transmitting data of the connected USB device in accordance with a pre-established security policy based on authorization or non-authorization determination information of the USB device connected in the step (b) through a USB control module connected to the USB authentication module Allowing or blocking the content of the cloud server using the USB device in the VDI environment.
Preferably, in the step (a), the USB information acquisition module changes the USB device connected to the USB communication interface of the VDI environment to the standby state, acquires the device information of the connected USB device, In the form of a list.
Preferably, in the step (c), the USB control module receives the unauthorized discrimination information of the connected USB device in the step (b), and then transmits the data from the USB device determined not to be in the upper or lower filter driver When a transmission event is provided, the USB device determined to be unauthorized can be changed to the blocking state.
Preferably, in the step (b), the device information of the USB device previously authorized may be stored in a separate server or a database (DB).
Preferably, in the step (a), the device information of the USB device may be at least one of a manufacturer ID, a product ID (or model number), and a manufacturing serial number.
A third aspect of the present invention is to provide a recording medium on which a program for executing a content leakage prevention method of a cloud server using a USB device in the VDI environment described above is recorded.
The method of preventing content leakage of a cloud server using a USB device in a VDI environment according to the present invention can be implemented by a computer readable code on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.
For example, the computer-readable recording medium includes a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, a removable storage device, a nonvolatile memory, , And optical data storage devices.
According to the apparatus and method for preventing content leakage of a cloud server using the USB device in the VDI environment of the present invention as described above, it is possible to access a VDI (Virtual Device Interface) environment through an unauthorized USB device, There is an advantage that it is possible to prevent the outflow of the liquid.
FIG. 1 is a block diagram illustrating a content leakage prevention apparatus of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention. Referring to FIG.
2 is a diagram illustrating a kernel structure for operating a USB device in a client terminal according to an embodiment of the present invention.
3 is a flowchart illustrating a method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an exemplary embodiment of the present invention.
Hereinafter, advantages and features of the present invention and methods of achieving them will be made clear with reference to the embodiments described below in detail with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as being limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Is provided to fully convey the scope of the invention to those skilled in the art, and the invention is only defined by the scope of the claims. Like reference numerals refer to like elements throughout the specification. "And / or" include each and every combination of one or more of the mentioned items.
Although the first, second, etc. are used to describe various elements, components and / or sections, it is needless to say that these elements, components and / or sections are not limited by these terms. These terms are only used to distinguish one element, element or section from another element, element or section. Therefore, it goes without saying that the first element, the first element or the first section mentioned below may be the second element, the second element or the second section within the technical spirit of the present invention.
The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. It is noted that the terms "comprises" and / or "comprising" used in the specification are intended to be inclusive in a manner similar to the components, steps, operations, and / Or additions.
Unless defined otherwise, all terms (including technical and scientific terms) used herein may be used in a sense commonly understood by one of ordinary skill in the art to which this invention belongs. Also, commonly used predefined terms are not ideally or excessively interpreted unless explicitly defined otherwise.
In the following description of the present invention, detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. The following terms are defined in consideration of the functions in the embodiments of the present invention, which may vary depending on the intention of the user, the intention or the custom of the operator. Therefore, the definition should be based on the contents throughout this specification.
FIG. 1 is a block diagram illustrating a content leakage prevention apparatus of a cloud server using a USB device in a VDI environment according to an exemplary embodiment of the present invention. FIG. FIG. 8 is a diagram illustrating a kernel structure for operating a device. FIG.
Referring to FIGS. 1 and 2, an apparatus for preventing content leakage of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention includes a
Here, the VDI (Virtual Device Interface) provides a virtual desktop to which a plurality of terminals (cloud devices) of the user can access, and can share data with a netbook, a smart phone, a computer, And an interface to receive the data.
That is, the VDI environment is an environment that can be used as a local environment through an OS (Operating System) environment provided by the
In this VDI environment, the user operates the VDI view program (OS) provided to the
The
That is, the
Such a
The wired /
The
For example, the
Particularly, the
2, the structure of the USB related kernel region of the
The USB communication interface 210 is implemented by, for example, PNP (Plug & Play), and connects the
The
The
The
For example, if you need to monitor data transmitted to a USB port, you need to create a USB filter driver because the operating system provides a USB driver. Each port installed on a personal computer, or the tools used to monitor a specific task, are mostly created using a filter driver.
Another example using the
The
The
The
For example, if the lower driver has a limit on the size of the data transfer, the filter will be able to split the large data transfer into smaller sizes and transfer it to lower levels. The
In particular, the contents leakage prevention of the cloud server according to an exemplary embodiment of the present invention includes a USB
The USB
The USB
On the other hand, the device information of the
The
Meanwhile, the device information of the previously-applied USB device is not shown in the figure, but is preferably stored in a separate server or database.
The
The
Hereinafter, a content leakage prevention method of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention will be described in detail.
3 is a flowchart illustrating a method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an exemplary embodiment of the present invention.
Referring to FIGS. 1 to 3, a method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention includes: (For example, a USB manufacturer ID, a USB manufacturer ID, etc.) of a USB device connected to the USB communication interface 210 of the VDI environment through the USB
At this time, the USB
The USB
Then, device information (e.g., USB manufacturer ID, product ID (or model number), production serial number, etc.) of the USB device is acquired using the secured device descriptor table.
After comparing the device information of the USB device acquired in the step S100 with the device information list of the USB device which has been previously approved through the
At this time, it is preferable that the device information list of the pre-authorized USB device is stored in a separate server or database, for example.
[0040] In more detail, when the
If the device start control unit fails to acquire the device information of the USB device, the device request control unit attempts to acquire the device information of the USB device again. If the device information acquisition of the USB device is successful in the device request control unit, the device information list of the authorized USB device held is compared with the device information of the acquired USB device to determine whether or not the USB device is authorized.
Otherwise, if the device request control unit fails to acquire the device information of the USB device, it generates a virtual serial for the USB device, compares the stored device information list of the authorized USB device with the generated virtual serial, Or not.
Then, in step S200, based on the authorization or non-authorization determination information of the connected USB device, the data of the USB device connected thereto in accordance with the pre-established security policy through the
At this time, the
Meanwhile, the method of preventing content leakage of a cloud server using a USB device in a VDI environment according to an embodiment of the present invention can also be implemented as computer readable code on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored.
For example, the computer-readable recording medium includes a ROM, a RAM, a CD-ROM, a magnetic tape, a hard disk, a floppy disk, a removable storage device, a nonvolatile memory, , And optical data storage devices.
In addition, the computer readable recording medium may be distributed and executed in a computer system connected to a computer communication network, and may be stored and executed as a code readable in a distributed manner.
Although the present invention has been described in connection with the preferred embodiments thereof with reference to the accompanying drawings, it is to be understood that the invention is not limited to the disclosed embodiments, It is to be understood that the invention is not limited thereto and that various changes and modifications can be made within the scope of the appended drawings.
100: Cloud server,
200: client terminal,
300: USB device,
1000: USB information acquisition module,
2000: USB authentication module,
3000: USB control module
Claims (10)
The USB driver is connected to an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal and is connected to a USB A USB information acquisition module for acquiring device information of the device;
A USB authentication module for comparing the device information of the USB device acquired from the USB information acquisition module with the device information of the USB device previously authorized and determining whether the connected USB device is authorized or not according to the comparison result; And
And a USB control module for allowing or disabling data transmission of the connected USB device in accordance with a predetermined security policy by receiving approval or non-approval discrimination information of the connected USB device from the USB authentication module. In a cloud server using a USB device.
The USB information acquisition module may change the USB device connected to the USB communication interface of the VDI environment to the standby state and then acquire the device information of the connected USB device and store the acquired device information in the form of a list in a separate memory An apparatus for preventing content leakage of a cloud server using a USB device in a VDI environment.
When the USB control module receives the data transmission event from the USB device determined not to be used by the upper or lower filter driver after receiving the unauthorized discrimination information of the connected USB device from the USB authentication module, And the USB device is changed to the blocked state. [Claim 13] A device for preventing content leakage of a cloud server using a USB device in a VDI environment.
Wherein the device information of the USB device is stored in a separate server or a database (DB) in the cloud server using the USB device in the VDI environment.
Wherein the device information of the USB device comprises at least one of a manufacturer ID, a product ID (or a model number), and a production serial number.
(a) a USB connected to a USB communication interface of a VDI environment via a USB information acquisition module connected to an upper or lower filter driver level of a USB function driver provided in a kernel area of the client terminal; Obtaining device information of the device;
(b) comparing the device information of the USB device obtained in the step (a) with the device information of the USB device previously authorized through the USB authentication module connected to the USB information acquisition module, Determining whether the USB device is authorized or not; And
(c) allowing data transmission of the connected USB device according to a pre-established security policy based on authorization or non-authorization determination information of the USB device connected in the step (b) through a USB control module connected to the USB authentication module Or blocking the content of the cloud server using the USB device in the VDI environment.
In the step (a), the USB information acquisition module changes the USB device connected to the USB communication interface of the VDI environment to the standby state, acquires the device information of the connected USB device, The method of claim 1, wherein the content is stored in a VDI environment.
In the step (c), the USB control module receives a data transmission event from the USB device determined not to be used by the upper or lower filter driver, after receiving the unauthorized discrimination information of the connected USB device in the step (b) And if it is provided, changes the USB device determined to be unauthorized to a blocked state. The method of preventing leakage of contents of a cloud server using a USB device in a VDI environment.
Wherein the device information of the previously authorized USB device is stored in a separate server or a database in the step (b).
In the step (a), the device information of the USB device includes at least one of a manufacturer ID, a product ID (or a model number), and a production serial number. In the VDI environment, Way.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130048338A KR20140129714A (en) | 2013-04-30 | 2013-04-30 | Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR20130048338A KR20140129714A (en) | 2013-04-30 | 2013-04-30 | Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140129714A true KR20140129714A (en) | 2014-11-07 |
Family
ID=52454926
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR20130048338A KR20140129714A (en) | 2013-04-30 | 2013-04-30 | Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140129714A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190078198A (en) | 2017-12-26 | 2019-07-04 | 국민대학교산학협력단 | Secure memory device based on cloud storage and Method for controlling verifying the same |
KR20210100353A (en) * | 2020-02-06 | 2021-08-17 | 주식회사 티오이십일콤즈 | User device based on cloud and clould computing system with the same |
-
2013
- 2013-04-30 KR KR20130048338A patent/KR20140129714A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190078198A (en) | 2017-12-26 | 2019-07-04 | 국민대학교산학협력단 | Secure memory device based on cloud storage and Method for controlling verifying the same |
KR20210100353A (en) * | 2020-02-06 | 2021-08-17 | 주식회사 티오이십일콤즈 | User device based on cloud and clould computing system with the same |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10454942B2 (en) | Managed clone applications | |
US11483252B2 (en) | Controlling distribution of resources on a network | |
US10229283B2 (en) | Managing applications in non-cooperative environments | |
CN107710209B (en) | System and method for using per-application profiles in a computing device | |
CN111382421B (en) | Service access control method, system, electronic equipment and storage medium | |
CA2930253C (en) | Single set of credentials for accessing multiple computing resource services | |
EP3301604B1 (en) | Controlling distribution of resources on a network | |
US9246918B2 (en) | Secure application leveraging of web filter proxy services | |
US9787655B2 (en) | Controlling access to resources on a network | |
US9680763B2 (en) | Controlling distribution of resources in a network | |
US9197417B2 (en) | Hosted application sandbox model | |
US9065771B2 (en) | Managing application execution and data access on a device | |
WO2015096695A1 (en) | Installation control method, system and device for application program | |
US11757937B2 (en) | Enabling webapp security through containerization | |
US20150046979A1 (en) | Storage Detection Apparatus, System, and Method | |
US20210286890A1 (en) | Systems and methods for dynamically applying information rights management policies to documents | |
US10754972B2 (en) | Multi-factor administrator action verification system | |
US20130298187A1 (en) | Managing virtual identities | |
US10210337B2 (en) | Information rights management using discrete data containerization | |
EP3552096A1 (en) | Co-existence of management applications and multiple user device management | |
US9015854B2 (en) | Access rights management in enterprise digital rights management systems | |
KR20140129714A (en) | Apparatus for contents security of cloud server using usb device in virtual device interface environment and method thereof | |
US11687644B2 (en) | Secure visual and computational boundary for a subset of resources on a computing machine | |
KR20140129716A (en) | System for storage security of cloud server in cloud computing environment and method thereof | |
US20140325605A1 (en) | System for storage security of cloud server in cloud computing environment and method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
N231 | Notification of change of applicant | ||
WITN | Withdrawal due to no request for examination |