WO2007022687A1 - System and method for security control of operating system - Google Patents

System and method for security control of operating system Download PDF

Info

Publication number
WO2007022687A1
WO2007022687A1 PCT/CN2006/001929 CN2006001929W WO2007022687A1 WO 2007022687 A1 WO2007022687 A1 WO 2007022687A1 CN 2006001929 W CN2006001929 W CN 2006001929W WO 2007022687 A1 WO2007022687 A1 WO 2007022687A1
Authority
WO
WIPO (PCT)
Prior art keywords
operating system
module
system module
level
security control
Prior art date
Application number
PCT/CN2006/001929
Other languages
French (fr)
Chinese (zh)
Inventor
Xingming Zhang
Jinqian Liang
Original Assignee
Star Softcomm (China) Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Star Softcomm (China) Ltd filed Critical Star Softcomm (China) Ltd
Publication of WO2007022687A1 publication Critical patent/WO2007022687A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot

Definitions

  • the present invention relates to a system and method for implementing operating system security control, and more particularly to a system and method for implementing operating system security control using a data isolation method and a system isolation method, and belongs to the field of computer operating systems and computer security. Background technique
  • the computer operating system is used to control computer hardware devices and provide an operating environment for various application software. Its reliability and security are very important.
  • one of the more common methods is to install operating system recovery software in the operating system to solve operating system failures and virus damage.
  • the disadvantages of this method are: Although the system recovery software can restore the operating system to a previous healthy state, the user's data will be restored to the old state, thus greatly reducing the availability of the system recovery software. .
  • the second most common method is to install anti-virus software and firewall-based security protection software in the operating system to cope with the destruction of increasingly malicious viruses and malicious programs.
  • the disadvantage of this approach is that the development of security software products generally lags behind the spread of viruses and malicious programs. And whether these protection software can be used normally depends on whether the operating system itself runs reliably; therefore, security protection software is installed in the operating system to ensure the security of the operating system, application software, and user data, although it is effectively blocked to some extent.
  • the destruction and spread of viruses, but users need to constantly upgrade and maintain virus signatures, and inadvertently create opportunities for viruses and malicious programs.
  • Another object of the present invention is to provide a method for implementing security control of an operating system, which can implement data isolation and system isolation, and realize that the isolated system and data do not affect each other; and can verify the operating system once found. Unauthorized tampering, recovery.
  • the present invention provides a system for implementing operating system security control, including: - an upper operating system module;
  • system isolation module interacts with the upper-level operating system module, and is configured to guide and/or establish a lower-level operating system module according to a user instruction; the system isolation module is also respectively associated with the upper-level operating system module and a lower level The operating system module is configured to monitor read/write access to the disk by the upper operating system module and the lower operating system module;
  • the data isolation module copies the dynamic data of the upper operating system module and/or the lower operating system module to a disk protection partition; and monitors the dynamic data of the upper operating system module and/or the lower operating system module Read/write access, and redirecting and/or real-time copying of the read/write access to the dynamic data to the disk protection partition;
  • a security control module configured to exchange with the upper-level operating system module and/or the lower-level operating system module, to store standard information of the upper-level operating system module, collect startup information of the upper-level operating system module, and compare the upper-level operation Standard information of the system module and the startup information, and loading and/or repairing the upper operating system module according to the comparison result; and deleting the lower operating system module, and notifying the system isolation module to create or Create a new subordinate operating system module yourself.
  • the present invention provides a method for implementing operating system security control, including the following steps:
  • Step 1 Read the startup information of the upper-level operating system module, and compare with the pre-stored upper-level operating system standard information, if the startup information of the upper-level operating system module and the superior If the operating system standard information is consistent, step 2 is performed; otherwise, the startup information of the upper operating system module is repaired by using the upper-level operating system standard information;
  • Step 2 Create a lower-level operating system module, and load the upper-level operating system module and the lower-level operating system module.
  • the method further includes the following steps: monitoring the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirecting or realizing the read/write operation of the dynamic data. Copy to the disk protection partition.
  • the backup data in the security state of the upper operating system module is stored as the upper operating system standard information.
  • the present invention has the following advantages:
  • Data isolation method is adopted, so that the operating system environment created each time can map out the data of the previous operation and ensure the integrity of the data;
  • the operating system modules are isolated from each other to ensure that an operating system insecurity factor does not affect the entire system.
  • FIG. 1 is a block diagram of an embodiment of a system for implementing operating system security control according to the present invention
  • FIG. 2 is a schematic diagram of a system for implementing operating system isolation based on a conventional computer architecture
  • FIG. 3 is a block diagram of still another embodiment of a system for implementing operating system security control according to the present invention
  • FIG. 4 is a flowchart of a method for implementing operating system security control according to the present invention. detailed description
  • the upper operating system module 1 is a block diagram of an embodiment of a system for implementing operating system security control according to the present invention.
  • the upper operating system module 1, the system isolation module 2, the data isolation module 3, and the security control module 4 And a lower level operating system module 5 and a disk protection partition 6 are formed.
  • the upper operating system module 1 is a parent operating system module composed of an operating system kernel or an operating system kernel and a preset application.
  • the upper operating system module 1 serves as a parent operating system module, and no upper operating system module is present thereon.
  • the upper operating system module 1 may include only one operating system kernel for performing the most basic functions, and the operating system kernel refers to a software program for providing basic functions necessary for the operating system; the operating system kernel that performs the most basic functions may be Linux. Or the kernel of Unix or Windows.
  • the upper operating system module 1 may also include software programs other than the operating system kernel, including applications other than the operating system kernel and the operating system kernel, for providing the basic functions necessary for the operating system and User preset function. For example, if the administrator has set up Office software in all operating environments, the Office software can be installed in the upper operating system module 1.
  • the upper operating system module 1 can be stored as standard information in a secure state confirmed by the user or the administrator.
  • the upper operating system module 1 is one or more. In the traditional computer architecture, only one upper-level operating system module 1 can be run at the same time, such as running Windows or Linux, but one of them can be used as another secondary operating system. For example, when the default Windows operating system fails, as The Linux system of the secondary operating system automatically runs the load. In the virtual machine architecture, multiple upper operating system modules 1 can be run at the same time.
  • the system isolation module 2 interacts with the upper operating system module 1 for guiding and/or establishing a lower operating system module 5 according to user instructions.
  • the lower level operating system module 5 may be one or more, including any modification information made to the upper level operating system module 1.
  • the lower-level operating system module 5 installs the Office software, the translation software, and the computing software program on the basis of the upper-level operating system module 1, and shields the IE at the same time; the lower-level operating system module 5 Together with the upper-level operating system module 1, it constitutes a complete office operating system environment, which can perform word processing and data calculation, but cannot access the Internet.
  • the lower-level operating system module 5 may be multiple, for example, further including a lower-level operating system module 5 (not shown), based on the upper-level operating system module 1
  • the installed game software and multimedia player software, together with the upper-level operating system module 1 constitute a complete entertainment operating system environment, can play games, watch video files and access the Internet.
  • the number of the lower level operating system modules 5 is not limited.
  • the lower-level operating system module 5 interacts with the upper-level operating system module 1 to read and access data in the exclusive disk space of the upper-level operating system module 1.
  • the lower-level operating system module 5 has exclusive disk space; if there are multiple lower-level operating system modules 5, each module has its own exclusive disk space, and the lower-level operating system module 5 can perform exclusive disk space and disk blank space. Read/write access.
  • the system isolation module 2 also interacts with the upper-level operating system module 1 and the lower-level operating system module 5, respectively, for monitoring the read/write access of the upper-level operating system module 1 and the lower-level operating system module 5 to the disk;
  • the read/write access of the operating system module 1 and the lower operating system module 5 to the disk intercepts all write access to the exclusive disk space of the upper operating system module 1. Thereby, data isolation between the upper operating system module 1 and the lower operating system module 5 and other lower operating system modules 5 is realized.
  • the system isolation module 2 may further include an external memory access control module 21, which is stored in the disk space of the hard disk storage, and is composed of a plurality of files. Including: the disk bitmap file of the upper-level operating system module 1, the disk bitmap file of the lower-level operating system module 5, and the index file of the lower-level operating system module 5.
  • a computer system can only run one operating system at a time. Its structure is: The lowest level is computer hardware, including CPU, hard disk, memory, graphics card, I/O interface, and so on.
  • the system isolation module 2 can be set in the BIOS of the basic input and output module in the computer or in the computer expansion firmware interface, EFI; it can also be set in the firmware of the hard disk (firmware), or can be set in the upper operating system.
  • the kernel of module 1 or outside the kernel, the latter case of this embodiment is taken as an example.
  • the user Before specifying the upper operating system module 1, the user first needs to install an operating system in the computer, which is Windows in this embodiment. Users can then configure the operating system as needed, such as installing and configuring hardware drivers, configuring network addresses, and adjusting Windows desktop resolution. At the same time, software is required in each lower-level operating system module, such as some virus protection software and personal firewall, which can be installed as needed. In addition, users need to put the system
  • the isolation module 2 is installed as a driver of the operating system in the above operating system kernel or in the kernel. After completing the above preparation work, the user can specify the above operating system as the upper operating system module 1 through the system isolation module 2. Thereafter, the system isolation module 2 will monitor and intercept all read/write accesses to the disk, and will not allow any programs and systems to overwrite the programs and data in the upper operating system module 1.
  • the lower operating system module 5 can be created by interacting with the upper operating system module 1 through the system isolation module 2 as needed.
  • the user can select to launch any of the lower operating system modules 5 according to his own needs when the computer is started.
  • the system isolation module 2 it is different from the startup sequence of the upper-level operating system module 1:
  • the system isolation module 2 guides the user to select which operating system environment to enter, for example, the operator selects the entertainment environment.
  • the system isolation module 2 boots the upper-level operating system module 1 to start, and loads the lower-level operating system module 5 after the upper-level operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
  • the system isolation module 2 is set in the firmware program of the hard disk, and is started before the upper operating system module 1.
  • the startup sequence is: the system isolation module 2 is started immediately after the computer hardware, and the system isolation module 2 guides the user to select which operating system to enter.
  • the environment for example, the operator chooses an entertainment environment.
  • the system isolation module 2 boots the upper-level operating system module 1 to start, and loads the lower-level operating system module 5 after the upper-level operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
  • system isolation module 2 when the system isolation module 2 is set in the kernel of the upper-level operating system module 1 or outside the kernel, it is started simultaneously with the upper-level operating system module 1, and the startup sequence is: computer hardware startup, upper-level operating system Module 1 and system isolation module 2 are started at the same time, and prompt the user to select which operating system environment to enter. For example, if the operator selects an office environment, the system isolation module 2 boots and loads the lower-level operating system module 5 of the office program to form a complete office. Operating system environment.
  • the system isolation module 2 After the computer is started, the upper operating system module 1 and the system isolation module 2 are not as described above. The same situation is loaded and run separately. At the same time, the system isolation module 2 also loads the specified lower level operating system module 5 according to the user's selection. After that, the user can execute the installation software, modify the configuration, edit the file, and the like in the currently loaded upper operating system module 1 and the lower operating system module 5. In any case, the system isolation module 2 - directly monitors the read and write access to the disk, as long as the access to the read and write disk is intercepted by the system isolation module 2, and processed according to different situations to achieve the operating system isolation.
  • VMM Virtual Memory Manager
  • VMWare's VMWare software runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources.
  • VMWare's VMWare software runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources.
  • VMWare's VMWare software runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources.
  • XenSource's Xen software are all software that supports virtual machine technology.
  • two or more operating systems can be run simultaneously in the same computer system, taking an upper operating system module 1 as an example, wherein the upper operating system module 1 is further guided by the system isolation module 2 to establish multiple Lower level operating system module 5.
  • the system isolation module 2 is located in the VMM and is started simultaneously with the VMM.
  • the startup sequence is: the computer hardware starts; the VMM and the system isolation module 2 are started; the upper operating system module 1 is started; the lower operating system module 5 starts one or more according to the user selection. .
  • the system isolation module 2 can monitor and intercept all the read/write accesses of the upper/lower operating system modules to the disk, and interact with the external access control module to achieve isolation of the operating system.
  • Another method for implementing operating system isolation under the virtual machine architecture is to have a management operating system module or a service operating system module (referred to as a secondary operating system module) in the virtual machine system, and a higher-level operating system module 1 (also referred to as a main operation).
  • the system module runs simultaneously or firstly runs the upper operating system module 1, monitors the state of the upper operating system module 1, and provides a disk access interface for the upper operating system module 1 and the lower operating system module 5.
  • the system isolation module 2 can also be set in the kernel of the secondary operating system module or outside the kernel.
  • the startup sequence is: computer hardware startup; VMM startup; secondary operating system module and system isolation module startup; upper operating system module 1; lower level operation
  • the system module 5 initiates one or more of the user selections.
  • the data isolation module 3 dynamically changes the upper operating system module 1 and/or the lower operating system module 5
  • the data is copied to the disk protection partition 6;
  • the so-called disk protection partition 6 can be a hidden disk partition, such as a disk partition built on the hard disk HPA (Host Protection Area) standard.
  • the disk protection partition 6 and the upper-level operating system module 1 and the lower-level operating system module 5 have exclusive disk space that is not in one place and does not overlap. Its nature is like a shared partition, but it is safer, and it is protected by software or hardware. It is characterized by the fact that the operating system and applications cannot directly access this space, and only through special programs can be accessed to achieve security purposes.
  • the upper operating system module 1 and the lower operating system module 5 can be divided into the following parts: operating system programs and data; application software programs and data; user data.
  • the operating system data, application software programs and data, and user data are very important to the user application, and are frequently changed.
  • dynamic data that is, dynamic data refers to the operation of the upper-level operating system module 1.
  • Data other than system data that is, dynamic data refers to data other than the standard information of the upper-level operating system module 1.
  • the data isolation module 3 can monitor and intercept the operation of the dynamic data in real time, monitor the read/write access of the upper operating system module 1 and the lower operating system module 5 to the dynamic data, and redirect the read/write access to the dynamic data. / or copy to disk protection partition 6 in real time.
  • the dynamic data in the upper operating system module 1 and the lower operating system module 5 can be isolated to the disk protection partition 6, and any operation on the dynamic data is simultaneously redirected to the disk protection partition when the user will
  • the lower operating system module 5 is restored to a previous state, since the dynamic data has been isolated to the disk protection partition 6, the recovery of the lower operating system module 5 does not affect the dynamic data.
  • the recovery is complete, dynamic data can still be redirected to the disk protection partition through the data isolation agent.
  • the data isolation module 3 can be installed into the upper operating system module 1, and the upper operating system module 1 is loaded and loaded and runs the data isolation module 3.
  • the data isolation module 3 can be installed in the secondary operating system or installed in the virtual machine system management software, and the data isolation module 3 can be started before the upper operating system module 1 or can be operated with the upper level. System module 1 is started at the same time.
  • the security control module 4 interacts with the upper-level operating system module 1 and/or the lower-level operating system module 5, and stores standard information of the upper-level operating system module 1 as the upper-level operating system standard information, and collects The startup information of the upper-level operating system module 1 compares the standard information of the upper-level operating system module 1 with the startup information, and performs loading and/or repair control on the upper-level operating system module 1 according to the comparison result; and is used to delete the lower-level operating system module. 5, and notify the system isolation module 2 to create or create a new lower operating system module 5.
  • the upper level operating system standard information can be stored in the security control module 4.
  • the security control module 4 can be set in the BIOS, EFI, the disk master boot record MBR, the secondary operating system, the virtual machine's secondary operating system module, or the virtual machine's virtual memory management module, and is started before the upper operating system module 1.
  • a module creation module (not shown) may also be provided in the security control module 4, and the module creation module is used to create the lower level operating system module 5.
  • the security control module 4 can create the lower-level operating system module 5 without notifying the system isolation module 2.
  • a standard information storage control module (not shown) may be further disposed in the security control module 4, and the standard information storage control module is configured to store standard information of the upper operating system module 1.
  • the standard information storage control module is disposed on the disk protection partition 6, the computer chip or the network server.
  • the upper level operating system standard information can be stored in the standard information storage control module.
  • the security control module 4 utilizes a fingerprint algorithm (such as a hash algorithm) to authenticate the integrity of the upper operating system module 1 and/or the lower operating system module 5. Because the data isolation module 3 is adopted, the dynamic data in the upper operating system module 1 and the lower operating system module 5 can be isolated to the disk protection partition 6. Therefore, the operating system program should remain unchanged during normal operation. According to this premise, the unique feature value of the upper-level operating system module 1 can be extracted. For example, the sector data of the upper-level operating system module 1 can be calculated by a hash algorithm to calculate a unique feature value, which can be used as the The fingerprint of the upper operating system module 1.
  • a fingerprint algorithm such as a hash algorithm
  • the security control module 4 recalculates the feature value of the startup information before each startup of the lower-level operating system module 5, and compares the feature value with the standard feature value, thereby identifying whether the upper-level operating system module 1 has been modified by the tomb . If the upper-level operating system module 1 is tampered with, the standard operating system module 1 can be used to repair the upper-level operating system module 1.
  • the repair method can use the overlay method, that is, completely overwrite the upper-level operating system module 1 with standard information, so that it can be completely Clear virus, Trojan, spyware resides in the upper level operating system module 1.
  • the data isolation module 3 is used, Ensure that dynamic data is not lost during the recovery of the upper operating system module 1. If the upper level operating system module 1 has not been tampered with, the loading is performed directly.
  • the security control module 4 deletes the lower operating system module 5 every time it is started (because the user has made a change, there may be a virus or a Trojan. In short, the lower operating system module 5 may be insecure and thus deleted) Then, the security control module 4 re-creates a lower-level operating system module 5 for the user based on the upper-level operating system module 1, since the dynamic data includes the application being saved in the disk protection partition 6, therefore, the newly created lower-level operating system module 5 does not Lost any data information. Repeatedly, the final result is that each time a new subordinate operating system module 5 is used (because it is new, so clean, safe), and the user's data is protected by the data isolation module 3 and will not be implicated. And through the redirection function of the data isolation module 3, the data is mapped (or copied) to the currently operating lower level operating system module 5.
  • a technical solution for system isolation based on the disk bitmap file and the index file is further provided by the system isolation module 2.
  • the system isolation module 2 is set in the operating system kernel as a driver for the operating system.
  • the system isolation module 2 simultaneously creates a disk bitmap file for the upper operating system module 1 in the external memory access control module 21.
  • the disk bitmap file of the upper-level operating system module 1 records the disk storage block status of the upper-level operating system module 1 for identifying the exclusive disk space of the upper-level operating system module 1 on the disk. For example, if a disk is on the disk If the block unit (for example, a sector), the valid data of the upper operating system module 1 is stored, the position flag corresponding to the disk bitmap file of the upper operating system module 1 is 1, otherwise Marked as 0.
  • the system isolation module 2 creates a bitmap file of the lower operating system module 5 and an index file of the lower operating system module 5 for the lower operating system module 5 in the external storage access control module 21.
  • the disk bitmap file of the lower-level operating system module 5 records the disk storage block status of the lower-level operating system module 5, and is used to identify the exclusive disk space on the disk of the lower-level operating system module 5; For example, if a block unit (such as a sector in sector) has valid data of the lower operating system module 5, the disk bitmap file corresponding to the lower operating system module 5 corresponds to The position flag is 1 , otherwise it is marked as 0.
  • the index file identifies all the call addresses of the data dumped by the system isolation module 2 and the storage addresses after the dump and the corresponding relationship between the two. For example, when the operator rewrites the file ABC of the upper operating system module 1 in the office environment, the system isolation module 2 intercepts the operation, and writes the data rewritten to the file ABC to the exclusive disk of the lower operating system module 5. Space or blank disk space address is A1. The system isolation module 2 records the target storage address A1 and the source address A0 actually written by the ABC rewritten data in the index file of the lower level operating system module 5. At this point, we call the target storage address A1 the index address of the source address AO. When the data corresponding to the address AO of the file ABC is read again in the lower operating system module 5, the system isolation module 2 checks the index file and reads the data of the address A1 without reading the data in the AO.
  • the system isolation module 2 first obtains the target address AO of the read disk from the read disk access caller, and then the system isolation module 2 uses the target address AO to query the index file of the currently running lower level operating system module 5, If the corresponding index address A1 exists in the AO location in the index file, the system isolation module 2 reads the data from the disk address A1 location and returns it to the caller. Otherwise, System Isolation Module 2 reads the data from the disk address AO location and returns it to the caller.
  • the system isolation module 2 finds that it is a write disk access, the system isolation module 2 first obtains the target address B0 of the write disk from the write disk access caller, and then the system isolation module 2 uses the target address B0 to query the currently running lower level operating system module 5 Index file, if the corresponding index address B 1 exists in the B0 position in the index file, the system isolation module 2 writes the data to the B 1 position and ends the write access.
  • the system isolation module writes data to the blank space of the disk, and the write address is the storage address B2; meanwhile, the system isolation module records the storage address B2 at the location indicated by B0 in the index file of the lower-level operating system module 5, and The location indicated by B2 in the disk bitmap file of the currently running lower-level operating system module 5 is marked as 1, indicating that the data at this location is owned by the lower-level operating system module 5, and thereafter, the system isolation module 2 ends the write access.
  • the interaction between the system isolation module 2 and the external storage access control module 21 may be Make sure that users do not see data in the exclusive disk space of other subordinate operating system modules 5 on the disk.
  • the user chooses to boot into the entertainment environment, and the system isolation module 2 only calls the disk bitmap file and the index file of the lower-level operating system module 5 corresponding to the environment and the disk bitmap file of the upper-level operating system module 1 from the external storage access control module. Therefore, for the upper-level operating system module 1, it can only see and read the contents of its own exclusive disk space.
  • the lower-level operating system module 5 it can only see the disk of the upper-level operating system module 1. Exclusive space and its own exclusive disk space and blank disk space, but can not see the exclusive disk space occupied by other lower-level operating system modules 5, and, through the interception function of the system isolation module 2, the lower-level operating system module 5 also It is not possible to write data to the exclusive disk space of the upper operating system module 1 and the exclusive disk space of the other lower operating system modules 5. Therefore, by adopting the above principle, it can be ensured that the upper operating system module 1 cannot be changed, and the lower operating system modules 5 are mutually isolated, and finally the operating system is isolated.
  • the exclusive disk space of the lower-level operating system module 5 can be changed.
  • the system isolation module 2 When the lower-level operating system module 5 corresponding to the entertainment environment performs write access and writes data to the disk blank space address A3, the system isolation module 2 The corresponding location of the disk bitmap file is identified, and the blank disk space becomes the exclusive disk space of the lower operating system module 5 corresponding to the entertainment environment.
  • the system isolation module 2 identifies the corresponding location of the disk bitmap file, and the blank disk space becomes the corresponding office.
  • FIG. 2 shows a technical solution for the system isolation module 2 to implement operating system isolation under the traditional computer architecture
  • the technical solution is also applicable to the virtual chassis.
  • the system isolation according to the disk bitmap file and the index file is a preferred embodiment of the present invention, but those skilled in the art may also implement read and write control of the disk by other means, thereby Implement operating system isolation.
  • a further embodiment of the system for implementing the security control of the operating system of the present invention is that the upper operating system module is a preset application program, the upper operating system module has a lower operating system module, and the upper operating system module is operated by the upper operating system.
  • the lower level operating system module of the system module Referring to FIG. 3, a lower-level operating system module 5 is built based on a higher-level operating system module 1, and the lower-level operating system module 5 is a preset application, such as a media playing application installed in an entertainment environment; and further,
  • the lower level operating system modules 51, 52 and 53 can be continuously built on the lower level operating system module 5, wherein 51 is a game program installed; 52 a flash program is installed; 53 a media conversion program is installed. At this time, the lower-level operating system module 5 becomes the upper-level operating system module of 51, 52, and 53, and the lower-level operating system modules of 51, 52, and 53 are 5.
  • the security control module stores the standard information of 5, and when the computer is started, the security control module 4 reacquires the feature value of the activation information before the start 1, and the feature value is compared with the standard
  • the feature values are compared to identify whether the upper operating system module 1 has been modified by the tomb. If the upper-level operating system module 1 is modified by the tomb; then the standard information is used to re-upgrade the upper-level operating system module 1 .
  • the repairing method can adopt the covering method. If the upper-level operating system module 1 has not been tampered with, the loading is directly performed.
  • the security control module 4 reacquires the feature value of the 5 start information before the start 5, and compares the feature value with the standard feature value, so that it can be discriminated whether or not 5 has been tampered with. If 5 is tampered with; use standard information to restore 5, if 5 has not been tampered, load directly. Finally, depending on the user selection, delete 51, 52 or 53 and recreate it.
  • the operating system module 5 may be one or more.
  • Step 1 The backup data in the security state of the upper-level operating system module is stored as the upper-level operating system standard information;
  • Step 12 Read startup information of the upper operating system module.
  • Step 13 Compare the startup information with the pre-stored standard information of the upper-level operating system. If yes, execute step 14. Otherwise, use the upper-level operating system standard information to repair (for example, overwrite) the startup information of the upper-level operating system module. And performing step 14;
  • Step 14 determining whether the lower-level operating system module exists, if yes, performing step 15, otherwise performing step 16;
  • Step 17 Monitor the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirect or copy the read/write operations of the dynamic data to the disk protection partition in real time.
  • step 13 is specifically:
  • Step 1301 Calculate a feature value of the startup information of the upper-level operating system module and a feature value of the upper-level operating system standard information.
  • Step 1302 Compare the feature value of the startup information with the feature value of the upper-level operating system standard information; Step 1303, if the two are consistent, proceed to step 14, otherwise use the feature value of the standard information of the upper-level operating system module to repair the The characteristic value of the startup information of the upper operating system module.
  • step 13 is specifically as follows:
  • Step 1311 Read the startup information of the upper operating system module and the standard information of the upper operating system module.
  • Step 1312 Compare the startup information and the standard information.
  • Step 1313 If the two are consistent, perform step 13; otherwise, use the standard information of the upper operating system module to repair the startup information of the upper operating system module.
  • step 17 the step of redirecting or real-time copying the read/write operation of the dynamic data to the disk protection partition includes:
  • Step 171 Copy the dynamic data to a disk protection partition.
  • Step 172 Monitor a read/write operation on the dynamic data.
  • Step 173 Map the read/write operation of the dynamic data to the currently operating lower-level operating system module.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

A system and method for performing security control of the OS (operating system). The system includes a primary OS module, a system isolation module, a data isolation module and a security control module, a secondary OS module is deleted and installed then booted, and a dynamic data is copied to a disk protect partition by the system. The method comprises reading a startup message of the primary OS module and comparing it with the standard information. And it also comprises setting up the secondary OS and loading the primary module and secondary module if the result of the comparing is “yes”, otherwise repairing the startup message of the primary OS module with the standard information. The malicious destroy of the computer core is prevented and the security of the current OS environment is protected by the system and method of the invention. Using the method of data isolation ensures the integrality of the data, and using the method of the system isolation ensures the whole system would not be affected because of the factor of insecurity of a certain OS.

Description

实现操作系统安全控制的系统及方法 技术领域  System and method for realizing operating system security control
本发明涉及一种实现操作系统安全控制的系统及方法, 尤其涉及一种 应用数据隔离方法及系统隔离方法实现操作系统安全控制的系统及方法, 属于计算机操作系统与计算机安全领域。 背景技术  The present invention relates to a system and method for implementing operating system security control, and more particularly to a system and method for implementing operating system security control using a data isolation method and a system isolation method, and belongs to the field of computer operating systems and computer security. Background technique
计算机操作系统用于控制计算机硬件设备, 并为各种应用软件提供运行 环境, 其可靠性与安全性十分重要。  The computer operating system is used to control computer hardware devices and provide an operating environment for various application software. Its reliability and security are very important.
随着越来越多的应用被部署在单一操作系统环境中, 用户计算环境变得 非常复杂, 难以管理与维护, 且复杂的计算环境使得各种计算机安全防护技 术无法进行即时防护与识别, 难以避免病毒和间谍软件的攻击。  As more and more applications are deployed in a single operating system environment, user computing environments become very complex, difficult to manage and maintain, and complex computing environments make it impossible for various computer security technologies to be instantly protected and identified. Avoid attacks from viruses and spyware.
为解决上述问题, 目前比较通用的方法之一, 是在操作系统中安装操作 系统恢复软件来解决操作系统故障以及病毒破坏的问题。 此种方法的缺点在 于: 虽然系统恢复软件可以将搡作系统还原到以前的某个健康状态, 但用户 的数据也会被还原到旧的状态, 从而使得搡作系统还原软件的可用性大大的 降低。  To solve the above problems, one of the more common methods is to install operating system recovery software in the operating system to solve operating system failures and virus damage. The disadvantages of this method are: Although the system recovery software can restore the operating system to a previous healthy state, the user's data will be restored to the old state, thus greatly reducing the availability of the system recovery software. .
目前比较通用的方法之二, 是用户在操作系统中安装杀毒软件和防火墙 一类的安全防护软件来应付日渐猖獗的病毒与恶意程序的破坏。 此种方法的 缺点在于: 安全防护软件产品的发展一般都滞后于病毒和恶意程序的传播。 且这些防护软件能否正常使用 , 往往依赖于操作系统本身是否可靠的运行; 因此, 在操作系统中安装安全防护软件来保证操作系统、 应用软件、 用户数 据的安全, 虽然在一定程度上有效阻止病毒的破坏和传播, 但用户需要不断 的升级和维护病毒特征码, 一旦疏忽即给病毒和恶意程序造成可乘之机。  The second most common method is to install anti-virus software and firewall-based security protection software in the operating system to cope with the destruction of increasingly malicious viruses and malicious programs. The disadvantage of this approach is that the development of security software products generally lags behind the spread of viruses and malicious programs. And whether these protection software can be used normally depends on whether the operating system itself runs reliably; therefore, security protection software is installed in the operating system to ensure the security of the operating system, application software, and user data, although it is effectively blocked to some extent. The destruction and spread of viruses, but users need to constantly upgrade and maintain virus signatures, and inadvertently create opportunities for viruses and malicious programs.
综上所述, 在 IT应用中, 计算机的安全性是目前普通遇到的最大问题, 这些问题给计算机消费者和企业造成了巨大的时间成本和经济成本, 而目前 尚没有全面彻底的进行操作系统安全控制的方法。 因此, 用户需要一种能够 简化安全防护的步骤, 低安全防护的成本, 并且保证企业信息资产和个人 用户数据安全可靠的技术方案。 发明内容 In summary, in IT applications, the security of computers is the biggest problem that is commonly encountered at present. These problems have caused huge time and economic costs for computer consumers and enterprises, but there is no comprehensive operation at present. The method of system security control. Therefore, users need a step that simplifies security, the cost of low security, and the assurance of corporate information assets and individuals. User data security and reliable technical solutions. Summary of the invention
本发明的目的是提供一种实现操作系统安全控制的系统, 该系统能够对 操作系统的数据隔离并保护; 并且能够对操作系统进行隔离, 产生可在用户 不再使用时被删除的下级操作系统模块。  It is an object of the present invention to provide a system for implementing operating system security control that is capable of isolating and protecting data of an operating system; and is capable of isolating the operating system to generate a lower level operating system that can be deleted when the user no longer uses it. Module.
本发明的另一目的是提供一种实现操作系统安全控制的方法, 该方法能 够实现数据隔离和系统隔离, 实现隔离的系统及数据不会互相影响; 并且能 对操作系统进行校验, 一旦发现未经授权的篡改, 则进行恢复。  Another object of the present invention is to provide a method for implementing security control of an operating system, which can implement data isolation and system isolation, and realize that the isolated system and data do not affect each other; and can verify the operating system once found. Unauthorized tampering, recovery.
为实现上述目的,本发明提供了一种实现操作系统安全控制的系统,包括. - 上级操作系统模块;  To achieve the above object, the present invention provides a system for implementing operating system security control, including: - an upper operating system module;
一系统隔离模块, 所述系统隔离模块与所述上级操作系统模块交互, 用 于根据用户指令引导和 /或建立下级操作系统模块;所述系统隔离模块还分别 同所述上级操作系统模块和下级操作系统模块交互, 用于监控所述上级操作 系统模块和下级操作系统模块对磁盘的读 /写访问;  a system isolation module, the system isolation module interacts with the upper-level operating system module, and is configured to guide and/or establish a lower-level operating system module according to a user instruction; the system isolation module is also respectively associated with the upper-level operating system module and a lower level The operating system module is configured to monitor read/write access to the disk by the upper operating system module and the lower operating system module;
一数据隔离模块 ,所述数据隔离模块将所述上级操作系统模块和 /或下级 操作系统模块的动态数据复制到磁盘保护分区; 监控所述上级操作系统模块 和 /或下级操作系统模块对动态数据的读 /写访问, 并将对所述动态数据的读 / 写访问重定向和 /或实时复制到所述磁盘保护分区;  a data isolation module, the data isolation module copies the dynamic data of the upper operating system module and/or the lower operating system module to a disk protection partition; and monitors the dynamic data of the upper operating system module and/or the lower operating system module Read/write access, and redirecting and/or real-time copying of the read/write access to the dynamic data to the disk protection partition;
一安全控制模块, 与所述上级操作系统模块和 /或下级操作系统模块交 互, 用于存储所述上级操作系统模块的标准信息, 采集所述上级操作系统模 块的启动信息, 比较所述上级操作系统模块的标准信息及所述启动信息, 并 根据比较结果对所述上级操作系统模块进行加载和 /或修复控制; 以及用于删 除所述下级操作系统模块, 并通知所述系统隔离模块创建或自行创建新的下 级操作系统模块。  a security control module, configured to exchange with the upper-level operating system module and/or the lower-level operating system module, to store standard information of the upper-level operating system module, collect startup information of the upper-level operating system module, and compare the upper-level operation Standard information of the system module and the startup information, and loading and/or repairing the upper operating system module according to the comparison result; and deleting the lower operating system module, and notifying the system isolation module to create or Create a new subordinate operating system module yourself.
为实现上述另一目的, 本发明提供了一种实现操作系统安全控制的方 法, 包括以下步骤:  To achieve the above other object, the present invention provides a method for implementing operating system security control, including the following steps:
步骤 1、 读取上级操作系统模块的启动信息, 并与预先存储的所迷上级 操作系统标准信息比较, 如果所述上级操作系统模块的启动信息与所述上级 操作系统标准信息一致, 则执行步骤 2, 否则使用所述上级操作系统标准信 息修复所述的上级操作系统模块的启动信息; Step 1: Read the startup information of the upper-level operating system module, and compare with the pre-stored upper-level operating system standard information, if the startup information of the upper-level operating system module and the superior If the operating system standard information is consistent, step 2 is performed; otherwise, the startup information of the upper operating system module is repaired by using the upper-level operating system standard information;
步驟 2、 创建下级操作系统模块, 并加载所述上级操作系统模块和所述 下级操作系统模块。  Step 2: Create a lower-level operating system module, and load the upper-level operating system module and the lower-level operating system module.
所述步骤 1之后还包括步骤 3: 监控所述上级操作系统模块和 /或所述下 级操作系统模块中动态数据的读写操作,并将对所述动态数据的读 /写操作重 定向或实时复制到磁盘保护分区。  After the step 1, the method further includes the following steps: monitoring the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirecting or realizing the read/write operation of the dynamic data. Copy to the disk protection partition.
所述步骤 1之前, 将所述上级操作系统模块的安全状态下的备份数据存 储为所述上级操作系统标准信息。  Before the step 1, the backup data in the security state of the upper operating system module is stored as the upper operating system standard information.
因此, 本发明具有以下优点:  Therefore, the present invention has the following advantages:
1、计算机每次启动时, 都创建新的当前操作系统环境,保证了当前操作 系统环境的安全性;  1. Each time the computer starts, it creates a new current operating system environment to ensure the security of the current operating system environment.
2、采用数据隔离的方法,使每次创建的操作系统环境都可映射出以前操 作的数据, 保证了数据的完整性;  2. Data isolation method is adopted, so that the operating system environment created each time can map out the data of the previous operation and ensure the integrity of the data;
3、 对操作系统内核进行校验, 防止对计算机内核的恶意破坏;  3. Verify the operating system kernel to prevent malicious damage to the computer kernel;
4、操作系统模块彼此隔离,保证了某一操作系统不安全因素不会波及整 个系统。  4. The operating system modules are isolated from each other to ensure that an operating system insecurity factor does not affect the entire system.
下面结合附图和实施例, 对本发明的技术方案做进一步的详细描述。 附图说明  The technical solution of the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. DRAWINGS
图 1为本发明实现操作系统安全控制的系统一个实施例的框图; 图 2本发明所提供的系统在基于传统计算机架构下, 实现操作系统隔离 的系统示意图;  1 is a block diagram of an embodiment of a system for implementing operating system security control according to the present invention; FIG. 2 is a schematic diagram of a system for implementing operating system isolation based on a conventional computer architecture;
图 3为本发明实现操作系统安全控制的系统又一实施例的框图; 图 4为本发明实现操作系统安全控制的方法的流程图。 具体实施方式  3 is a block diagram of still another embodiment of a system for implementing operating system security control according to the present invention; FIG. 4 is a flowchart of a method for implementing operating system security control according to the present invention. detailed description
参见图 1 ,是本发明实现操作系统安全控制的系统的一个实施例的框图, 由上级操作系统模块 1 , 系统隔离模块 2, 数据隔离模块 3 , 安全控制模块 4 以及下级操作系统模块 5和磁盘保护分区 6构成。 上级操作系统模块 1为操 作系统内核或操作系统内核和预先设置的应用程序构成的母操作系统模块, 所述上级操作系统模块 1作为母操作系统模块, 其上不再具有上级操作系统 模块。 1 is a block diagram of an embodiment of a system for implementing operating system security control according to the present invention. The upper operating system module 1, the system isolation module 2, the data isolation module 3, and the security control module 4 And a lower level operating system module 5 and a disk protection partition 6 are formed. The upper operating system module 1 is a parent operating system module composed of an operating system kernel or an operating system kernel and a preset application. The upper operating system module 1 serves as a parent operating system module, and no upper operating system module is present thereon.
上级操作系统模块 1可以仅包括一个用于完成最基本功能的操作系统内 核, 所谓操作系统内核指用于提供操作系统必需的基本功能的软件程序; 这 个完成最基本功能的操作系统内核可以为 Linux或者 Unix或者 Windows的 内核。  The upper operating system module 1 may include only one operating system kernel for performing the most basic functions, and the operating system kernel refers to a software program for providing basic functions necessary for the operating system; the operating system kernel that performs the most basic functions may be Linux. Or the kernel of Unix or Windows.
除了包括操作系统内核, 上级操作系统模块 1还可包括操作系统内核之 外的软件程序在内, 即包括操作系统内核和操作系统内核之外的应用程序, 用于提供操作系统必需的基本功能和用户预设的功能。 比如, 如果管理员设 定所有的操作环境中都有 Office软件, 就可以将 Office软件安装在上级操作 系统模块 1中。  In addition to including the operating system kernel, the upper operating system module 1 may also include software programs other than the operating system kernel, including applications other than the operating system kernel and the operating system kernel, for providing the basic functions necessary for the operating system and User preset function. For example, if the administrator has set up Office software in all operating environments, the Office software can be installed in the upper operating system module 1.
在用户或管理员确认的安全状态下, 可以将上级操作系统模块 1作为标 准信息存储起来。  The upper operating system module 1 can be stored as standard information in a secure state confirmed by the user or the administrator.
上级操作系统模块 1为一个或一个以上。 在传统计算机架构下, 同时仅 能运行一个上级操作系统模块 1 , 比如运行 Windows或者 Linux, 但其中之 一可以作为另外一个的副操作系统, 举例来说, 当默认的 Windows操作系统 出现故障, 作为副操作系统的 Linux系统自动运行加载。 在虚拟机架构下, 同时可以运行多个上级操作系统模块 1。  The upper operating system module 1 is one or more. In the traditional computer architecture, only one upper-level operating system module 1 can be run at the same time, such as running Windows or Linux, but one of them can be used as another secondary operating system. For example, when the default Windows operating system fails, as The Linux system of the secondary operating system automatically runs the load. In the virtual machine architecture, multiple upper operating system modules 1 can be run at the same time.
系统隔离模块 2与所述上级操作系统模块 1交互, 用于根据用户指令引 导和 /或建立下级操作系统模块 5。  The system isolation module 2 interacts with the upper operating system module 1 for guiding and/or establishing a lower operating system module 5 according to user instructions.
该下级操作系统模块 5可以为一个或一个以上, 包括对所述上级操作系 统模块 1所做的任何修改信息。 以一个下级操作系统模块 5为例进行说明: 下级操作系统模块 5为在上级操作系统模块 1基础上安装了 Office软件、 翻 译软件和计算软件程序, 同时对 IE进行了屏蔽; 下级操作系统模块 5同上级 操作系统模块 1共同构成一个完整的办公操作系统环境, 可以进行文字处理 及数据计算, 但是不可以上网。 下级操作系统模块 5可以为多个, 比如, 还 包括一个下级操作系统模块 5 (图中未示) , 在上级操作系统模块 1基础上 安装了的游戏软件和多媒体播放软件, 同上级操作系统模块 1共同构成一个 完整的娱乐操作系统环境, 可以游戏、 看视频文件以及上网等。 在计算 ^"兹 盘空间允许的情况下, 下级操作系统模块 5的数量无限制。 The lower level operating system module 5 may be one or more, including any modification information made to the upper level operating system module 1. Take a lower-level operating system module 5 as an example: The lower-level operating system module 5 installs the Office software, the translation software, and the computing software program on the basis of the upper-level operating system module 1, and shields the IE at the same time; the lower-level operating system module 5 Together with the upper-level operating system module 1, it constitutes a complete office operating system environment, which can perform word processing and data calculation, but cannot access the Internet. The lower-level operating system module 5 may be multiple, for example, further including a lower-level operating system module 5 (not shown), based on the upper-level operating system module 1 The installed game software and multimedia player software, together with the upper-level operating system module 1 constitute a complete entertainment operating system environment, can play games, watch video files and access the Internet. In the case where the calculation of the "disk space" is allowed, the number of the lower level operating system modules 5 is not limited.
下级操作系统模块 5同上级操作系统模块 1交互, 可以对上级操作系统 模块 1的独享磁盘空间中的数据进行读取访问。 下级操作系统模块 5具有独 享磁盘空间; 如果有多个下级操作系统模块 5, 则各个模块具有各自的独享 磁盘空间, 且下级操作系统模块 5可以对其独享磁盘空间及磁盘空白空间进 行读 /写访问。  The lower-level operating system module 5 interacts with the upper-level operating system module 1 to read and access data in the exclusive disk space of the upper-level operating system module 1. The lower-level operating system module 5 has exclusive disk space; if there are multiple lower-level operating system modules 5, each module has its own exclusive disk space, and the lower-level operating system module 5 can perform exclusive disk space and disk blank space. Read/write access.
系统隔离模块 2还分别同所述上级操作系统模块 1和下级操作系统模块 5交互, 用于监控所述上级操作系统模块 1和下级操作系统模块 5对磁盘的 读 /写访问;具体为监控上级操作系统模块 1和下级操作系统模块 5对磁盘的 读 /写访问,拦截所有对上级操作系统模块 1的独享磁盘空间的写访问。从而, 实现了上级操作系统模块 1和下级操作系统模块 5以及其他下级操作系统模 块 5之间的数据隔离。  The system isolation module 2 also interacts with the upper-level operating system module 1 and the lower-level operating system module 5, respectively, for monitoring the read/write access of the upper-level operating system module 1 and the lower-level operating system module 5 to the disk; The read/write access of the operating system module 1 and the lower operating system module 5 to the disk intercepts all write access to the exclusive disk space of the upper operating system module 1. Thereby, data isolation between the upper operating system module 1 and the lower operating system module 5 and other lower operating system modules 5 is realized.
系统隔离模块 2还可进一步包括外存访问控制模块 21 , 该模块被存放在 硬盘存储器的磁盘空间中, 它由多个文件所组成。 包括: 上级操作系统模块 1 的磁盘位图文件, 下级操作系统模块 5的磁盘位图文件和下級操作系统模 块 5的索引文件。  The system isolation module 2 may further include an external memory access control module 21, which is stored in the disk space of the hard disk storage, and is composed of a plurality of files. Including: the disk bitmap file of the upper-level operating system module 1, the disk bitmap file of the lower-level operating system module 5, and the index file of the lower-level operating system module 5.
对于传统计算机架构, 计算机系统每次只能运行一个操作系统, 其结构 为: 最底层为计算机硬件, 包括 CPU、 硬盘、 内存、 显卡、 I/O接口等。 系 统隔离模块 2在此架构下可设置在计算机中的基本输入输出模块即 BIOS中 或者计算机扩展固件接口即 EFI 中; 也可以设置在硬盘的固件程序 ( Firmware )中, 也可以设置在上级操作系统模块 1的内核之中或内核之外, 本实施例以后一种情况为例。  For traditional computer architectures, a computer system can only run one operating system at a time. Its structure is: The lowest level is computer hardware, including CPU, hard disk, memory, graphics card, I/O interface, and so on. In this architecture, the system isolation module 2 can be set in the BIOS of the basic input and output module in the computer or in the computer expansion firmware interface, EFI; it can also be set in the firmware of the hard disk (firmware), or can be set in the upper operating system. In the kernel of module 1, or outside the kernel, the latter case of this embodiment is taken as an example.
在指定上级操作系统模块 1之前, 用户首先需要在计算机中安装一个操 作系统, 在本实施例中为 Windows。 然后, 用户可以根据需要对此操作系统 进行必要的配置,如安装和配置硬件驱动程序,配置网络地址,调整 Windows 桌面分辨率等。 同时对于在每个下级操作系统模块中都需要用到软件, 如一 些病毒防护软件和个人防火墙, 可以根据需要安装。 此外, 用户需要将系统 隔离模块 2作为操作系统的驱动程序设置在上述操作系统内核之中或内核之 夕卜。 在完成上述准备工作之后, 用户可以通过系统隔离模块 2指定上述的操 作系统为上级操作系统模块 1。 此后, 系统隔离模块 2将监控并拦截所有对 磁盘的读 /写访问,不允许任何程序和系统改写上级操作系统模块 1中的程序 和数据。 Before specifying the upper operating system module 1, the user first needs to install an operating system in the computer, which is Windows in this embodiment. Users can then configure the operating system as needed, such as installing and configuring hardware drivers, configuring network addresses, and adjusting Windows desktop resolution. At the same time, software is required in each lower-level operating system module, such as some virus protection software and personal firewall, which can be installed as needed. In addition, users need to put the system The isolation module 2 is installed as a driver of the operating system in the above operating system kernel or in the kernel. After completing the above preparation work, the user can specify the above operating system as the upper operating system module 1 through the system isolation module 2. Thereafter, the system isolation module 2 will monitor and intercept all read/write accesses to the disk, and will not allow any programs and systems to overwrite the programs and data in the upper operating system module 1.
当用户通过系统隔离模块 2指定了上级操作系统模块 1之后, 则可以根 据需要通过系统隔离模块 2与上级操作系统模块 1交互而创建下级操作系统 模块 5。  After the user specifies the upper operating system module 1 through the system isolation module 2, the lower operating system module 5 can be created by interacting with the upper operating system module 1 through the system isolation module 2 as needed.
当完成了一个或多个下级操作系统模块 5的创建之后, 用户即可在计算 机启动时根据自己的需要选择启动任意一个下级操作系统模块 5。 根据系统 隔离模块 2设置的位置不同,其与上级操作系统模块 1的启动顺序也有不同: 系统隔离模块 2设置在 BIOS或 EFI时,先于上级操作系统模块 1启动, 启动顺序为: 系统隔离模块 2紧随计算机硬件启动, 系统隔离模块 2引导提 示用户选择进入哪一个操作系统环境, 比如, 操作者选择娱乐环境。 然后系 统隔离模块 2引导上级操作系统模块 1启动, 并在上级操作系统模块 1引导 完成后加载下级操作系统模块 5,从而为用户形成完整得娱乐操作系统环境。  After the creation of one or more lower operating system modules 5 is completed, the user can select to launch any of the lower operating system modules 5 according to his own needs when the computer is started. According to the location of the system isolation module 2, it is different from the startup sequence of the upper-level operating system module 1: When the system isolation module 2 is set in the BIOS or EFI, it is started before the upper-level operating system module 1, and the startup sequence is: System isolation module 2 Immediately following the computer hardware startup, the system isolation module 2 guides the user to select which operating system environment to enter, for example, the operator selects the entertainment environment. Then, the system isolation module 2 boots the upper-level operating system module 1 to start, and loads the lower-level operating system module 5 after the upper-level operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
系统隔离模块 2设置在硬盘固件程序 ( Firmware ) 中, 先于上级操作系 统模块 1启动, 启动顺序为: 系统隔离模块 2紧随计算机硬件启动, 系统隔 离模块 2引导提示用户选择进入哪一个操作系统环境, 比如, 操作者选择娱 乐环境。 然后系统隔离模块 2引导上级操作系统模块 1启动, 并在上级操作 系统模块 1引导完成后加载下级操作系统模块 5, 从而为用户形成完整得娱 乐操作系统环境。  The system isolation module 2 is set in the firmware program of the hard disk, and is started before the upper operating system module 1. The startup sequence is: the system isolation module 2 is started immediately after the computer hardware, and the system isolation module 2 guides the user to select which operating system to enter. The environment, for example, the operator chooses an entertainment environment. Then, the system isolation module 2 boots the upper-level operating system module 1 to start, and loads the lower-level operating system module 5 after the upper-level operating system module 1 is booted, thereby forming a complete entertainment operating system environment for the user.
而本实施例的情况为, 当系统隔离模块 2设置在上级操作系统模块 1的 内核之中或内核之外时, 与上级操作系统模块 1同时启动, 启动顺序为: 计 算机硬件启动, 上级操作系统模块 1与系统隔离模块 2同时启动, 并提示用 户选择进入哪一个操作系统环境 , 比如, 操作者选择办公环境, 则系统隔离 模块 2引导加载为办公程序的下级操作系统模块 5, 构成完整的办公操作系 统环境。  In the case of the embodiment, when the system isolation module 2 is set in the kernel of the upper-level operating system module 1 or outside the kernel, it is started simultaneously with the upper-level operating system module 1, and the startup sequence is: computer hardware startup, upper-level operating system Module 1 and system isolation module 2 are started at the same time, and prompt the user to select which operating system environment to enter. For example, if the operator selects an office environment, the system isolation module 2 boots and loads the lower-level operating system module 5 of the office program to form a complete office. Operating system environment.
当计算机启动之后, 上级操作系统模块 1和系统隔离模块 2按照上述不 同情况分别被加载运行。 同时, 系统隔离模块 2也会根据用户的选择加载指 定的下级操作系统模块 5。此后,用户可以在当前加载的上级操作系统模块 1 和下級操作系统模块 5中执行安装软件, 修改配置, 编辑文件等操作。 但无 论何种情况, 系统隔离模块 2—直在监控对磁盘的读写访问, 只要发生读写 磁盘的访问都会被系统隔离模块 2拦截, 并根据不同的情况分别进行处理, 以实现操作系统的隔离。 After the computer is started, the upper operating system module 1 and the system isolation module 2 are not as described above. The same situation is loaded and run separately. At the same time, the system isolation module 2 also loads the specified lower level operating system module 5 according to the user's selection. After that, the user can execute the installation software, modify the configuration, edit the file, and the like in the currently loaded upper operating system module 1 and the lower operating system module 5. In any case, the system isolation module 2 - directly monitors the read and write access to the disk, as long as the access to the read and write disk is intercepted by the system isolation module 2, and processed according to different situations to achieve the operating system isolation.
对于虚拟机架构, 也可以实现操作系统隔离。 在支持虚拟机技术的计算 机架构下, 虚拟内存管理模块(Virtual Memory Manager, 简称 VMM )是虚 拟机技术中最核心的部分, 运行于所有其他操作系统之下, 为运行于其上的 操作系统分配和协调系统资源。 例如 VMWare公司的 VMWare软件, 微软 公司的 Virtual PC软件, 以及 XenSource公司的 Xen软件都是支持虚拟机技 术的软件。 在 VMM的作用下, 同一个计算机系统中能够同时运行两个或者 多个操作系统, 以一个上级操作系统模块 1为例, 其中, 上级操作系统模块 1又由系统隔离模块 2引导建立了多个下級操作系统模块 5。  Operating system isolation is also possible for virtual machine architectures. Under the computer architecture supporting virtual machine technology, Virtual Memory Manager (VMM) is the core part of virtual machine technology. It runs under all other operating systems and is allocated for operating systems running on it. And coordinate system resources. For example, VMWare's VMWare software, Microsoft's Virtual PC software, and XenSource's Xen software are all software that supports virtual machine technology. Under the action of the VMM, two or more operating systems can be run simultaneously in the same computer system, taking an upper operating system module 1 as an example, wherein the upper operating system module 1 is further guided by the system isolation module 2 to establish multiple Lower level operating system module 5.
系统隔离模块 2位于 VMM中, 与 VMM同时启动, 启动顺序为: 计算 机硬件启动; VMM与系统隔离模块 2启动; 上级操作系统模块 1启动; 下 级操作系统模块 5根据用户选择启动其中一个或多个。  The system isolation module 2 is located in the VMM and is started simultaneously with the VMM. The startup sequence is: the computer hardware starts; the VMM and the system isolation module 2 are started; the upper operating system module 1 is started; the lower operating system module 5 starts one or more according to the user selection. .
系统隔离模块 2能够监控并拦截所有上级 /下级操作系统模块对磁盘的 读 /写访问, 并与外存访问控制模块交互作用, 实现操作系统的隔离。  The system isolation module 2 can monitor and intercept all the read/write accesses of the upper/lower operating system modules to the disk, and interact with the external access control module to achieve isolation of the operating system.
虛拟机架构下实现操作系统隔离的又一方法为在虚拟机系统中设有管理 操作系统模块或服务操作系统模块(称为副操作系统模块 ) , 和上级操作系 统模块 1 (也称为主操作系统模块)同时运行或先上级操作系统模块 1运行, 监控上级操作系统模块 1的状态, 并为上级操作系统模块 1和下级操作系统 模块 5提供磁盘访问接口。  Another method for implementing operating system isolation under the virtual machine architecture is to have a management operating system module or a service operating system module (referred to as a secondary operating system module) in the virtual machine system, and a higher-level operating system module 1 (also referred to as a main operation). The system module runs simultaneously or firstly runs the upper operating system module 1, monitors the state of the upper operating system module 1, and provides a disk access interface for the upper operating system module 1 and the lower operating system module 5.
系统隔离模块 2也可以设置在副操作系统模块的内核之中或内核之外, 启动顺序为: 计算机硬件启动; VMM启动; 副操作系统模块与系统隔离模 块启动; 上级操作系统模块 1; 下级操作系统模块 5根据用户选择启动其中 一个或多个。  The system isolation module 2 can also be set in the kernel of the secondary operating system module or outside the kernel. The startup sequence is: computer hardware startup; VMM startup; secondary operating system module and system isolation module startup; upper operating system module 1; lower level operation The system module 5 initiates one or more of the user selections.
数据隔离模块 3将上级操作系统模块 1和 /或下级操作系统模块 5的动态 数据复制到磁盘保护分区 6; 所谓的磁盘保护分区 6可以是一个被隐藏的磁 盘分区, 例如基于硬盘 HPA ( Host Protection Area )标准构建的磁盘分区。 磁盘保护分区 6与上级操作系统模块 1和下级操作系统模块 5的独享磁盘空 间不在一个地方, 也不会重叠, 其性质如同共享分区, 只不过它比较安全, 通过软件或者硬件加了保护措施, 其特点是操作系统和应用程序无法直接访 问这个空间, 只有通过特殊的程序才能访问到, 从而实现安全的目的。 上级 操作系统模块 1和下级操作系统模块 5可以分割为以下几个部分组成: 操作 系统程序和数据; 应用软件程序和数据; 用户数据。 其中操作系统数据、 应 用软件程序和数据以及用户数据对用户应用而言是非常重要的, 而且是经常 变化的, 我们称之为动态数据, 即动态数据是指所述上级操作系统模块 1的 操作系统数据以外的数据, 即动态数据是指所述上级操作系统模块 1的标准 信息以外的数据。 The data isolation module 3 dynamically changes the upper operating system module 1 and/or the lower operating system module 5 The data is copied to the disk protection partition 6; the so-called disk protection partition 6 can be a hidden disk partition, such as a disk partition built on the hard disk HPA (Host Protection Area) standard. The disk protection partition 6 and the upper-level operating system module 1 and the lower-level operating system module 5 have exclusive disk space that is not in one place and does not overlap. Its nature is like a shared partition, but it is safer, and it is protected by software or hardware. It is characterized by the fact that the operating system and applications cannot directly access this space, and only through special programs can be accessed to achieve security purposes. The upper operating system module 1 and the lower operating system module 5 can be divided into the following parts: operating system programs and data; application software programs and data; user data. The operating system data, application software programs and data, and user data are very important to the user application, and are frequently changed. We call it dynamic data, that is, dynamic data refers to the operation of the upper-level operating system module 1. Data other than system data, that is, dynamic data refers to data other than the standard information of the upper-level operating system module 1.
数据隔离模块 3能够实时的监控并拦截对动态数据的操作, 监控上级操 作系统模块 1和下级操作系统模块 5对动态数据的读 /写访问,并将对动态数 据的读 /写访问重定向和 /或实时复制到磁盘保护分区 6。使用数据隔离的方法 之后, 上级操作系统模块 1和下级操作系统模块 5中的动态数据可以被隔离 到磁盘保护分区 6, 对动态数据的任何操作都同时被重定向到磁盘保护分区 当用户将某个下级操作系统模块 5恢复到以前的某个状态时, 因为动态 数据已经被隔离到了磁盘保护分区 6, 所以恢复下级操作系统模块 5并不会 影响到动态数据。 当恢复完成后, 动态数据依然可以通过数据隔离代理程序 重定向到磁盘保护分区 6。  The data isolation module 3 can monitor and intercept the operation of the dynamic data in real time, monitor the read/write access of the upper operating system module 1 and the lower operating system module 5 to the dynamic data, and redirect the read/write access to the dynamic data. / or copy to disk protection partition 6 in real time. After using the data isolation method, the dynamic data in the upper operating system module 1 and the lower operating system module 5 can be isolated to the disk protection partition 6, and any operation on the dynamic data is simultaneously redirected to the disk protection partition when the user will When the lower operating system module 5 is restored to a previous state, since the dynamic data has been isolated to the disk protection partition 6, the recovery of the lower operating system module 5 does not affect the dynamic data. When the recovery is complete, dynamic data can still be redirected to the disk protection partition through the data isolation agent.
数据隔离模块 3可以被安装到上级操作系统模块 1中, 上级操作系统模 块 1被启动后加载并运行数据隔离模块 3。在支持虛拟技术的计算机体系中, 数据隔离模块 3可以被安装到副操作系统中或者安装到虚拟机系统管理软件 中, 数据隔离模块 3可以先于上级操作系统模块 1启动, 也可以与上级操作 系统模块 1同时启动。  The data isolation module 3 can be installed into the upper operating system module 1, and the upper operating system module 1 is loaded and loaded and runs the data isolation module 3. In the computer system supporting the virtual technology, the data isolation module 3 can be installed in the secondary operating system or installed in the virtual machine system management software, and the data isolation module 3 can be started before the upper operating system module 1 or can be operated with the upper level. System module 1 is started at the same time.
安全控制模块 4,与上级操作系统模块 1和 /或下级操作系统模块 5交互, 用于存储上级操作系统模块 1的标准信息作为上级操作系统标准信息, 采集 上级操作系统模块 1的启动信息, 比较上级操作系统模块 1的标准信息及所 述启动信息, 并根据比较结果对上级操作系统模块 1 进行加载和 /或修复控 制; 以及用于删除下级操作系统模块 5 , 并通知系统隔离模块 2创建或自行 创建新的下级操作系统模块 5。 The security control module 4 interacts with the upper-level operating system module 1 and/or the lower-level operating system module 5, and stores standard information of the upper-level operating system module 1 as the upper-level operating system standard information, and collects The startup information of the upper-level operating system module 1 compares the standard information of the upper-level operating system module 1 with the startup information, and performs loading and/or repair control on the upper-level operating system module 1 according to the comparison result; and is used to delete the lower-level operating system module. 5, and notify the system isolation module 2 to create or create a new lower operating system module 5.
上级操作系统标准信息可存储到安全控制模块 4中。  The upper level operating system standard information can be stored in the security control module 4.
安全控制模块 4可设置在 BIOS、 EFI、 磁盘主引导记录 MBR、 副操作 系统、 虛拟机的副操作系统模块或虚拟机的虚拟内存管理模块中, 且先于上 级操作系统模块 1启动。  The security control module 4 can be set in the BIOS, EFI, the disk master boot record MBR, the secondary operating system, the virtual machine's secondary operating system module, or the virtual machine's virtual memory management module, and is started before the upper operating system module 1.
安全控制模块 4中还可设有模块创建模块(图中未示) , 该模块创建模 块用于创建下级操作系统模块 5。 通过模块创建模块, 安全控制模块 4无需 通知系统隔离模块 2即可自行创建下级操作系统模块 5。  A module creation module (not shown) may also be provided in the security control module 4, and the module creation module is used to create the lower level operating system module 5. Through the module creation module, the security control module 4 can create the lower-level operating system module 5 without notifying the system isolation module 2.
安全控制模块 4中还可设有一标准信息存储控制模块(图中未示) , 标 准信息存储控制模块用于存储所述上级操作系统模块 1的标准信息。  A standard information storage control module (not shown) may be further disposed in the security control module 4, and the standard information storage control module is configured to store standard information of the upper operating system module 1.
该标准信息存储控制模块设置在所述磁盘保护分区 6、 计算机芯片或网 络服务器上。  The standard information storage control module is disposed on the disk protection partition 6, the computer chip or the network server.
上级操作系统标准信息可以存储到标准信息存储控制模块。  The upper level operating system standard information can be stored in the standard information storage control module.
安全控制模块 4利用一种指紋算法(如哈希算法)来鉴定上级操作系统 模块 1和 /或下级操作系统模块 5的完整性。 因为采用了数据隔离模块 3 , 可 以将上级操作系统模块 1和下级操作系统模块 5中的动态数据隔离到磁盘保 护分区 6, 因此, 操作系统程序在正常的运行过程中应保持不变。 根据这个 前提, 可以对上级操作系统模块 1的标准信息提取其唯一的特征值, 例如可 以通过哈希算法将上级操作系统模块 1的扇区数据进行运算, 算出一个唯一 的特征值, 可以作为该上级操作系统模块 1的指紋。 此后, 安全控制模块 4 在每次启动下级操作系统模块 5之前重新计算启动信息的特征值, 并且将特 征值与标准的特征值进行比较, 从而可以鉴别出上级操作系统模块 1有没有 被墓改。 假如上级操作系统模块 1被篡改, 则可以使用一个标准信息来重新 修复上级操作系统模块 1 , 该修复方法可以釆用覆盖的方法, 即使用标准信 息完全覆盖上级操作系统模块 1 , 从而可以彻底的清除病毒, 木马, 间谍软 件在上级操作系统模块 1的驻留。 同时, 因为采用了数据隔离模块 3, 可以 确保在恢复上级操作系统模块 1的过程中, 不会造成动态数据的丢失。 假如 上级操作系统模块 1未被篡改, 则直接进行加载。 The security control module 4 utilizes a fingerprint algorithm (such as a hash algorithm) to authenticate the integrity of the upper operating system module 1 and/or the lower operating system module 5. Because the data isolation module 3 is adopted, the dynamic data in the upper operating system module 1 and the lower operating system module 5 can be isolated to the disk protection partition 6. Therefore, the operating system program should remain unchanged during normal operation. According to this premise, the unique feature value of the upper-level operating system module 1 can be extracted. For example, the sector data of the upper-level operating system module 1 can be calculated by a hash algorithm to calculate a unique feature value, which can be used as the The fingerprint of the upper operating system module 1. Thereafter, the security control module 4 recalculates the feature value of the startup information before each startup of the lower-level operating system module 5, and compares the feature value with the standard feature value, thereby identifying whether the upper-level operating system module 1 has been modified by the tomb . If the upper-level operating system module 1 is tampered with, the standard operating system module 1 can be used to repair the upper-level operating system module 1. The repair method can use the overlay method, that is, completely overwrite the upper-level operating system module 1 with standard information, so that it can be completely Clear virus, Trojan, spyware resides in the upper level operating system module 1. At the same time, because the data isolation module 3 is used, Ensure that dynamic data is not lost during the recovery of the upper operating system module 1. If the upper level operating system module 1 has not been tampered with, the loading is performed directly.
也可以不计算标准信息以及启动信息的特征值, 而直接对标准信息和启 动信息进行比较。  It is also possible to directly compare the standard information and the startup information without calculating the characteristic information of the standard information and the startup information.
同时,安全控制模块 4在每一次启动时,先删除下级操作系统模块 5 (因 为用户做了更改, 也可能存在病毒或者木马, 总而言之, 这个下级操作系统 模块 5可能不安全, 因而要删除之) , 然后安全控制模块 4再基于上级操作 系统模块 1重新创建一个下级操作系统模块 5给用户使用, 由于动态数据包 括应用程序被保存在磁盘保护分区 6, 因此, 新建的下級操作系统模块 5不 会丟失任何数据信息。 如此反复, 最终的效果是每次都用一个新建的下级操 作系统模块 5启动 (因为新建, 所以干净, 安全) , 而用户的数据通过数据 隔离模块 3保护起来, 不会受到牵连。 并且通过数据隔离模块 3的重定向功 能, 将数据映射(或者复制)到当前运行的下级操作系统模块 5中。  At the same time, the security control module 4 deletes the lower operating system module 5 every time it is started (because the user has made a change, there may be a virus or a Trojan. In short, the lower operating system module 5 may be insecure and thus deleted) Then, the security control module 4 re-creates a lower-level operating system module 5 for the user based on the upper-level operating system module 1, since the dynamic data includes the application being saved in the disk protection partition 6, therefore, the newly created lower-level operating system module 5 does not Lost any data information. Repeatedly, the final result is that each time a new subordinate operating system module 5 is used (because it is new, so clean, safe), and the user's data is protected by the data isolation module 3 and will not be implicated. And through the redirection function of the data isolation module 3, the data is mapped (or copied) to the currently operating lower level operating system module 5.
在本发明中, 还进一步提供了系统隔离模块 2根据磁盘位图文件和索引 文件实现系统隔离的技术方案。  In the present invention, a technical solution for system isolation based on the disk bitmap file and the index file is further provided by the system isolation module 2.
以传统计算机架构为例, 参见图 2, 为实现系统隔离的示意图, 其实现 原理如下:  Take the traditional computer architecture as an example. See Figure 2 for the schematic diagram of system isolation. The implementation principle is as follows:
系统隔离模块 2作为操作系统的驱动程序设置在操作系统内核中。  The system isolation module 2 is set in the operating system kernel as a driver for the operating system.
当指定了上级操作系统模块 1之后, 系统隔离模块 2同时在外存访问控 制模块 21中为上级操作系统模块 1创建磁盘位图文件。  After the upper operating system module 1 is designated, the system isolation module 2 simultaneously creates a disk bitmap file for the upper operating system module 1 in the external memory access control module 21.
上级操作系统模块 1的磁盘位图文件记录上级操作系统模块 1的磁盘存 储块状态, 用于标识所述上级操作系统模块 1在磁盘上的独享磁盘空间 ·; 举 例来说, 如果磁盘上某个块单位(如以扇区为单位, 则为某个扇区)上存有 上级操作系统模块 1的有效数据, 则在上级操作系统模块 1的磁盘位图文件 对应的位置标志为 1, 否则标记为 0。  The disk bitmap file of the upper-level operating system module 1 records the disk storage block status of the upper-level operating system module 1 for identifying the exclusive disk space of the upper-level operating system module 1 on the disk. For example, if a disk is on the disk If the block unit (for example, a sector), the valid data of the upper operating system module 1 is stored, the position flag corresponding to the disk bitmap file of the upper operating system module 1 is 1, otherwise Marked as 0.
系统隔离模块 2在外存访问控制模块 21中为下级操作系统模块 5创建下 级操作系统模块 5的位图文件和下级操作系统模块 5的索引文件。  The system isolation module 2 creates a bitmap file of the lower operating system module 5 and an index file of the lower operating system module 5 for the lower operating system module 5 in the external storage access control module 21.
下级操作系统模块 5的磁盘位图文件记录下级操作系统模块 5的磁盘存 储块状态, 用于标识下级操作系统模块 5的在磁盘上的独享磁盘空间; 举例 来说, 如果磁盘上某个块单位(如以扇区为单位, 则为某个扇区)上存有下 级操作系统模块 5的有效数据, 则在下级操作系统模块 5的磁盘位图文件对 应的位置标志为 1 , 否则标记为 0。 The disk bitmap file of the lower-level operating system module 5 records the disk storage block status of the lower-level operating system module 5, and is used to identify the exclusive disk space on the disk of the lower-level operating system module 5; For example, if a block unit (such as a sector in sector) has valid data of the lower operating system module 5, the disk bitmap file corresponding to the lower operating system module 5 corresponds to The position flag is 1 , otherwise it is marked as 0.
索引文件标识所有被系统隔离模块 2所转储数据的调用地址与转储后的 存储地址及二者间的对应关系。 比如, 当操作者在办公环境中对上级操作系 统模块 1的文件 ABC进行改写时, 系统隔离模块 2将拦截该操作, 并将对 文件 ABC改写的数据写入下级操作系统模块 5的独享磁盘空间或者空白磁 盘空间地址为 A1的地方。 系统隔离模块 2在下级操作系统模块 5的索引文 件中记录该文件 ABC改写的数据实际写入的目标存储地址 A1和源地址 A0。 此刻,我们称目标存储地址 A1为源地址 AO的索引地址。 当在下级操作系统 模块 5中再次读取文件 ABC的地址 AO所对应的数据时, 系统隔离模块 2检 查该索引文件, 将地址 A1的数据读取出来, 而不读取 AO中的数据。  The index file identifies all the call addresses of the data dumped by the system isolation module 2 and the storage addresses after the dump and the corresponding relationship between the two. For example, when the operator rewrites the file ABC of the upper operating system module 1 in the office environment, the system isolation module 2 intercepts the operation, and writes the data rewritten to the file ABC to the exclusive disk of the lower operating system module 5. Space or blank disk space address is A1. The system isolation module 2 records the target storage address A1 and the source address A0 actually written by the ABC rewritten data in the index file of the lower level operating system module 5. At this point, we call the target storage address A1 the index address of the source address AO. When the data corresponding to the address AO of the file ABC is read again in the lower operating system module 5, the system isolation module 2 checks the index file and reads the data of the address A1 without reading the data in the AO.
如果发现是读磁盘访问, 系统隔离模块 2首先从读磁盘访问调用者那里 获取读磁盘的目标地址 AO , 然后, 系统隔离模块 2使用目标地址 AO查询当 前运行的下级操作系统模块 5的索引文件, 如果索引文件中的 AO位置存在 相应的索引地址 Al, 则系统隔离模块 2从磁盘地址 A1位置读取数据, 并返 回给调用者。 否则, 系统隔离模块 2则从磁盘地址 AO位置读取数据, 并返 回给调用者。  If it is found that the disk access is read, the system isolation module 2 first obtains the target address AO of the read disk from the read disk access caller, and then the system isolation module 2 uses the target address AO to query the index file of the currently running lower level operating system module 5, If the corresponding index address A1 exists in the AO location in the index file, the system isolation module 2 reads the data from the disk address A1 location and returns it to the caller. Otherwise, System Isolation Module 2 reads the data from the disk address AO location and returns it to the caller.
如果系统隔离模块 2发现是写磁盘访问, 系统隔离模块 2首先从写磁盘 访问调用者那里获取写磁盘的目标地址 B0, 然后, 系统隔离模块 2使用目标 地址 B0查询当前运行的下级操作系统模块 5的索引文件, 如果索引文件中 的 B0位置存在相应的索引地址 B 1 ,则系统隔离模块 2将数据写入 B 1位置, 并结束写访问。 否则, 系统隔离模块将数据写入磁盘空白空间, 该写入地址 为存储地址 B2; 同时, 系统隔离模块在下级操作系统模块 5 的索引文件中 B0所指示的位置记录该存储地址 B2, 并将当前运行的下级操作系统模块 5 的磁盘位图文件中 B2所指示的位置标记为 1 ,表示此位置的数据为下级操作 系统模块 5所有, 此后, 系统隔离模块 2结束写访问。  If the system isolation module 2 finds that it is a write disk access, the system isolation module 2 first obtains the target address B0 of the write disk from the write disk access caller, and then the system isolation module 2 uses the target address B0 to query the currently running lower level operating system module 5 Index file, if the corresponding index address B 1 exists in the B0 position in the index file, the system isolation module 2 writes the data to the B 1 position and ends the write access. Otherwise, the system isolation module writes data to the blank space of the disk, and the write address is the storage address B2; meanwhile, the system isolation module records the storage address B2 at the location indicated by B0 in the index file of the lower-level operating system module 5, and The location indicated by B2 in the disk bitmap file of the currently running lower-level operating system module 5 is marked as 1, indicating that the data at this location is owned by the lower-level operating system module 5, and thereafter, the system isolation module 2 ends the write access.
根据上述实现操作系统隔离的方法, 当用户选择启动到任一下级操作系 统模块 5时,通过系统隔离模块 2与外存访问控制模块 21的交互作用,可以 确保用户不会看到磁盘上其他下级操作系统模块 5 的独享磁盘空间中的数 据。 比如用户选择启动进入娱乐环境, 系统隔离模块 2只从外存访问控制模 块中调用对应该环境的下级操作系统模块 5的磁盘位图文件和索引文件以及 上级操作系统模块 1的磁盘位图文件, 因此,对于上级操作系统模块 1来说, 它只能看到和读取自己的独享磁盘空间中的内容, 对于下级操作系统模块 5 来说, 它只能看到上级操作系统模块 1的磁盘独享空间和自身的独享磁盘空 间以及空白磁盘空间, 但看不到其他下级操作系统模块 5所占用的独享磁盘 空间, 而且, 通过系统隔离模块 2的拦截作用, 下级操作系统模块 5也不可 能将数据写入上级操作系统模块 1的独享磁盘空间和其他下级操作系统模块 5 的独享磁盘空间中。 因此, 采用上述原理, 即可确保上级操作系统模块 1 不可被更改, 而且, 各个下级操作系统模块 5之间实现相互隔离, 最终实现 了操作系统的隔离。 According to the foregoing method for implementing operating system isolation, when the user selects to boot to any of the lower-level operating system modules 5, the interaction between the system isolation module 2 and the external storage access control module 21 may be Make sure that users do not see data in the exclusive disk space of other subordinate operating system modules 5 on the disk. For example, the user chooses to boot into the entertainment environment, and the system isolation module 2 only calls the disk bitmap file and the index file of the lower-level operating system module 5 corresponding to the environment and the disk bitmap file of the upper-level operating system module 1 from the external storage access control module. Therefore, for the upper-level operating system module 1, it can only see and read the contents of its own exclusive disk space. For the lower-level operating system module 5, it can only see the disk of the upper-level operating system module 1. Exclusive space and its own exclusive disk space and blank disk space, but can not see the exclusive disk space occupied by other lower-level operating system modules 5, and, through the interception function of the system isolation module 2, the lower-level operating system module 5 also It is not possible to write data to the exclusive disk space of the upper operating system module 1 and the exclusive disk space of the other lower operating system modules 5. Therefore, by adopting the above principle, it can be ensured that the upper operating system module 1 cannot be changed, and the lower operating system modules 5 are mutually isolated, and finally the operating system is isolated.
另外, 下级操作系统模块 5的独享磁盘空间是可以改变的, 比如, 当对 应娱乐环境的下级操作系统模块 5执行写访问, 将数据写入磁盘空白空间地 址 A3时, 系统隔离模块 2就将其磁盘位图文件的对应位置进行标识, 该空 白磁盘空间即变为对应娱乐环境的下级操作系统模块 5的独享磁盘空间。 当 对应办公环境的下级操作系统模块 5执行写访问 , 将数据写入磁盘空白空间 A4时, 系统隔离模块 2就将其磁盘位图文件的对应位置进行标识,该空白磁 盘空间即变为对应办公环境的下级操作系统模块 5的独享磁盘空间; 当对应 娱乐环境的下级操作系统模块 5启动时, A4的数据不会被读取, 因此, 对于 对应娱乐环境的下级操作系统模块 5来说 A4的数据为不可见。  In addition, the exclusive disk space of the lower-level operating system module 5 can be changed. For example, when the lower-level operating system module 5 corresponding to the entertainment environment performs write access and writes data to the disk blank space address A3, the system isolation module 2 The corresponding location of the disk bitmap file is identified, and the blank disk space becomes the exclusive disk space of the lower operating system module 5 corresponding to the entertainment environment. When the lower-level operating system module 5 of the corresponding office environment performs write access and writes data to the blank space A4 of the disk, the system isolation module 2 identifies the corresponding location of the disk bitmap file, and the blank disk space becomes the corresponding office. The exclusive disk space of the lower-level operating system module 5 of the environment; when the lower-level operating system module 5 corresponding to the entertainment environment is started, the data of A4 is not read, and therefore, for the lower-level operating system module 5 corresponding to the entertainment environment, A4 The data is not visible.
虽然图 2所示为传统计算机架构下, 系统隔离模块 2实现操作系统隔离 的技术方案, 但本领域技术人员应当了解, 该技术方案同样适用于虚拟机架 构下。 同时, 本领域技术人员也应当理解, 依据磁盘位图文件和索引文件进 行的系统隔离为本发明较佳的实施例, 但本领域技术人员也可以通过其他方 式实现对磁盘的读写控制, 从而实现操作系统隔离。  Although FIG. 2 shows a technical solution for the system isolation module 2 to implement operating system isolation under the traditional computer architecture, those skilled in the art should understand that the technical solution is also applicable to the virtual chassis. At the same time, those skilled in the art should also understand that the system isolation according to the disk bitmap file and the index file is a preferred embodiment of the present invention, but those skilled in the art may also implement read and write control of the disk by other means, thereby Implement operating system isolation.
本发明实现操作系统安全控制的系统的又一实施例为, 上级操作系统模 块为预先设置的应用程序, 该上级操作系统模块有其下级操作系统模块, 且 所述上级操作系统模块为其上级操作系统模块的下级操作系统模块。 参见图 3 , 基于某一上级操作系统模块 1构建了一下级操作系统模块 5 , 下级操作系统模块 5为预先设置的应用程序, 比如构建为娱乐环境则安装了 媒体播放应用程序; 而进一步的, 可以在该下级操作系统模块 5之上, 继续 构建下級操作系统模块 51、 52和 53 , 其中 51为安装了游戏程序; 52安装了 flash程序; 53安装了媒体转换程序。 此时, 下级操作系统模块 5就成为 51、 52和 53的上级操作系统模块, 51、 52和 53为 5的下级操作系统模块。 A further embodiment of the system for implementing the security control of the operating system of the present invention is that the upper operating system module is a preset application program, the upper operating system module has a lower operating system module, and the upper operating system module is operated by the upper operating system. The lower level operating system module of the system module. Referring to FIG. 3, a lower-level operating system module 5 is built based on a higher-level operating system module 1, and the lower-level operating system module 5 is a preset application, such as a media playing application installed in an entertainment environment; and further, The lower level operating system modules 51, 52 and 53 can be continuously built on the lower level operating system module 5, wherein 51 is a game program installed; 52 a flash program is installed; 53 a media conversion program is installed. At this time, the lower-level operating system module 5 becomes the upper-level operating system module of 51, 52, and 53, and the lower-level operating system modules of 51, 52, and 53 are 5.
当 51、 52和 53其一建立时, 安全控制模块存储 5的标准信息, 当计算 机启动时, 安全控制模块 4在启动 1之前重新获取 1启动信息的特征值, 并 且将该特征值与标准的特征值进行比较, 从而可以鉴别出上级操作系统模块 1有没有被墓改。 假如上级操作系统模块 1被墓改;则使用标准信息来重新修 复上级操作系统模块 1 , 该修复的方法可以采用覆盖的方法, 假如上级操作 系统模块 1未被篡改, 则直接进行加载。 随后, 安全控制模块 4在启动 5之 前重新获取 5启动信息的特征值, 并且将特征值与标准的特征值进行比较, 从而可以鉴别出 5有没有被篡改。假如 5被篡改;则使用标准信息来重新恢复 5 , 假如 5未被篡改, 则直接进行加载。 最后, 根据用户选择, 删除 51、 52 或 53并重新创建之。  When one of 51, 52, and 53 is established, the security control module stores the standard information of 5, and when the computer is started, the security control module 4 reacquires the feature value of the activation information before the start 1, and the feature value is compared with the standard The feature values are compared to identify whether the upper operating system module 1 has been modified by the tomb. If the upper-level operating system module 1 is modified by the tomb; then the standard information is used to re-upgrade the upper-level operating system module 1 . The repairing method can adopt the covering method. If the upper-level operating system module 1 has not been tampered with, the loading is directly performed. Subsequently, the security control module 4 reacquires the feature value of the 5 start information before the start 5, and compares the feature value with the standard feature value, so that it can be discriminated whether or not 5 has been tampered with. If 5 is tampered with; use standard information to restore 5, if 5 has not been tampered, load directly. Finally, depending on the user selection, delete 51, 52 or 53 and recreate it.
在本实施例中, 该操作系统模块 5可以为一个或一个以上。  In this embodiment, the operating system module 5 may be one or more.
仅仅上级操作系统模块具有标准信息, 任何操作系统模块, 只要具有了 其下级操作系统模块, 该操作系统模块就不可改写。  Only the upper-level operating system module has standard information, and any operating system module cannot be rewritten as long as it has its lower-level operating system module.
实现操作系统安全控制的方法的实施例, 如图 4所示包括以下步骤: 步骤 1 1、上级操作系统模块的安全状态下的备份数据存储为上级操作系 统标准信息;  The embodiment of the method for implementing the security control of the operating system includes the following steps as shown in FIG. 4: Step 1 1. The backup data in the security state of the upper-level operating system module is stored as the upper-level operating system standard information;
步驟 12、 读取上级操作系统模块的启动信息;  Step 12: Read startup information of the upper operating system module.
步骤 13、 将启动信息与预先存储的所述上级操作系统标准信息比较, 如 果一致, 则执行步驟 14, 否则使用上级操作系统标准信息修复(比如覆盖) 所述的上级操作系统模块的启动信息, 并执行步骤 14;  Step 13: Compare the startup information with the pre-stored standard information of the upper-level operating system. If yes, execute step 14. Otherwise, use the upper-level operating system standard information to repair (for example, overwrite) the startup information of the upper-level operating system module. And performing step 14;
步骤 14、 判断该下级操作系统模块是否存在 , 若存在, 执行步骤 15 , 否则执行步骤 16;  Step 14, determining whether the lower-level operating system module exists, if yes, performing step 15, otherwise performing step 16;
步骤 15、 删除该下级操作系统模块并执行步骤 16; 步骤 16、 创建下级操作系统模块, 并加载上级操作系统模块和该下级操 作系统模块; Step 15, delete the subordinate operating system module and perform step 16; Step 16. Create a lower-level operating system module, and load the upper-level operating system module and the lower-level operating system module.
步驟 17、 监控上级操作系统模块和 /或下级操作系统模块中动态数据的 读写操作,并将对所述动态数据的读 /写操作重定向或实时复制到磁盘保护分 区。  Step 17. Monitor the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirect or copy the read/write operations of the dynamic data to the disk protection partition in real time.
其中, 步驟 13具体为:  Wherein, step 13 is specifically:
步骤 1301、计算上级操作系统模块的启动信息的特征值和上级操作系统 标准信息特征值。  Step 1301: Calculate a feature value of the startup information of the upper-level operating system module and a feature value of the upper-level operating system standard information.
步驟 1302、 比较启动信息的特征值和上级操作系统标准信息的特征值; 步骤 1303、如果二者相一致, 则进入步骤 14, 否则使用所述上级操作系 统模块的标准信息的特征值修复所述的上级操作系统模块的启动信息的特征 值。  Step 1302: Compare the feature value of the startup information with the feature value of the upper-level operating system standard information; Step 1303, if the two are consistent, proceed to step 14, otherwise use the feature value of the standard information of the upper-level operating system module to repair the The characteristic value of the startup information of the upper operating system module.
或者, 步骤 13具体为:  Or, step 13 is specifically as follows:
步骤 1311、读取上级操作系统模块的启动信息和上级操作系统模块的标 准信息。  Step 1311: Read the startup information of the upper operating system module and the standard information of the upper operating system module.
步驟 1312、 比较所述启动信息和标准信息;  Step 1312: Compare the startup information and the standard information.
步骤 1313、 如果二者相一致, 则执行步骤 13 , 否则使用所述上级操作系 统模块的标准信息修复所述的上级操作系统模块的启动信息。  Step 1313: If the two are consistent, perform step 13; otherwise, use the standard information of the upper operating system module to repair the startup information of the upper operating system module.
步驟 17中, 对所述动态数据的读 /写操作重定向或实时复制到磁盘保护 分区的步骤包括:  In step 17, the step of redirecting or real-time copying the read/write operation of the dynamic data to the disk protection partition includes:
步驟 171、 将所述动态数据复制到磁盘保护分区;  Step 171: Copy the dynamic data to a disk protection partition.
步驟 172、 监控对所述动态数据的读 /写操作;  Step 172: Monitor a read/write operation on the dynamic data.
步骤 173、 将对所述动态数据的读 /写操作映射到当前运行的下级操作系 统模块中。  Step 173: Map the read/write operation of the dynamic data to the currently operating lower-level operating system module.
最后应说明的是: 以上实施例仅用以说明本发明的技术方案而非对其进 行限制, 尽管参照较佳实施例对本发明进行了详鈿的说明, 本领域的普通技 术人员应当理解: 其依然可以对本发明的技术方案进行修改或者等同替换, 而这些修改或者等同替换亦不能使修改后的技术方案脱离本发明技术方案的 精神和范围。  It should be noted that the above embodiments are only intended to illustrate the technical solutions of the present invention and are not to be construed as limiting the present invention. The modifications and equivalents of the technical solutions of the present invention may be made without departing from the spirit and scope of the technical solutions of the present invention.

Claims

权利 要 求 Rights request
1、 一种实现操作系统安全控制的系统, 其特征在于包括:  A system for implementing security control of an operating system, comprising:
上级操作系统模块;  Upper operating system module;
一系统隔离模块, 所述系统隔离模块与所述上级操作系统模块交互, 用 于根据用户指令引导和 /或建立下级操作系统模块;所述系统隔离模块还分别 同所述上级操作系统模块和下级操作系统模块交互, 用于监控所述上级操作 系统模块和下级操作系统模块对磁盘的读 /写访问;  a system isolation module, the system isolation module interacts with the upper-level operating system module, and is configured to guide and/or establish a lower-level operating system module according to a user instruction; the system isolation module is also respectively associated with the upper-level operating system module and a lower level The operating system module is configured to monitor read/write access to the disk by the upper operating system module and the lower operating system module;
一数据隔离模块 ,所述数据隔离模块将所述上级操作系统模块和 /或下级 操作系统模块的动态数据复制到磁盘保护分区; 监控所述上级操作系统模块 和 /或下级操作系统模块对动态数据的读 /写访问, 并将对所述动态数据的读 / 写访问重定向和 /或实时复制到所述磁盘保护分区;  a data isolation module, the data isolation module copies the dynamic data of the upper operating system module and/or the lower operating system module to a disk protection partition; and monitors the dynamic data of the upper operating system module and/or the lower operating system module Read/write access, and redirecting and/or real-time copying of the read/write access to the dynamic data to the disk protection partition;
一安全控制模块, 与所述上级操作系统模块和 /或下级操作系统模块交 互, 用于存储所述上级操作系统模块的标准信息, 采集所述上级操作系统模 块的启动信息, 比较所述上级操作系统模块的标准信息及所述启动信息, 并 根据比较结果对所述上级操作系统模块进行加载和 /或修复控制; 以及用于删 除所述下级操作系统模块, 并通知所述系统隔离模块创建或自行创建新的下 级操作系统模块。  a security control module, configured to exchange with the upper-level operating system module and/or the lower-level operating system module, to store standard information of the upper-level operating system module, collect startup information of the upper-level operating system module, and compare the upper-level operation Standard information of the system module and the startup information, and loading and/or repairing the upper operating system module according to the comparison result; and deleting the lower operating system module, and notifying the system isolation module to create or Create a new subordinate operating system module yourself.
2、 根据权利要求 1 所述的实现操作系统安全控制的系统, 其特征在于 所述上級操作系统模块为一个或一个以上, 由操作系统内核或操作系统内核 和预先设置的应用程序构成上级操作系统模块。  2. The system for implementing operating system security control according to claim 1, wherein the upper operating system module is one or more, and the upper operating system is constituted by an operating system kernel or an operating system kernel and a preset application. Module.
3、 根据权利要求 1 所述的实现操作系统安全控制的系统, 其特征在于 所述上级操作系统模块为一个或一个以上, 由预先设置的应用程序构成。  3. The system for implementing operating system security control according to claim 1, wherein the upper operating system module is one or more, and is composed of a preset application.
4、 根据权利要求 1、 2或 3所述的实现操作系统安全控制的系统, 其特 征在于所述下级操作系统模块为一个或一个以上。  4. A system for implementing operating system security control according to claim 1, 2 or 3, characterized in that said lower level operating system modules are one or more.
5、 根据权利要求 1 所述的实现操作系统安全控制的系统, 其特征在于 所述安全控制模块设置在 BIOS、 EFI、 磁盘主引导记录、 副操作系统、 虚拟 机的副操作系统模块或虛拟机的虚拟内存管理模块中 , 且先于所述上级操作 系统模块启动。  5. The system for implementing operating system security control according to claim 1, wherein the security control module is configured in a BIOS, an EFI, a disk master boot record, a secondary operating system, a virtual machine secondary operating system module, or a virtual machine. In the virtual memory management module, and starting before the upper operating system module.
6、 根据权利要求 1 所述的实现操作系统安全控制的系统, 其特征在于 所述安全控制模块中还设有模块创建模块, 用于创建下级操作系统模块。6. The system for implementing operating system security control according to claim 1, wherein The security control module further includes a module creation module for creating a lower-level operating system module.
7、 根据权利要求 1 所述的实现操作系统安全控制的系统, 其特征在于 所述安全控制模块中还设有一标准信息存储控制模块, 用于存储所述上级操 作系统模块的标准信息。 The system for implementing the security control of the operating system according to claim 1, wherein the security control module further comprises a standard information storage control module for storing standard information of the upper operating system module.
8、 根据权利要求 7所述的实现操作系统安全控制的系统, 其特征在于 所述标准信息存储控制模块设置在所述磁盘保护分区、 计算机芯片或网络服 务器上。  8. The system for implementing operating system security control according to claim 7, wherein said standard information storage control module is disposed on said disk protection partition, a computer chip or a network server.
9、 根据权利要求 1 所述的实现操作系统安全控制的系统, 其特征在于 所述上级操作系统模块的标准信息为存储到所述安全控制模块的上级操作系 统模块安全状态下的备份数据。  9. The system for implementing operating system security control according to claim 1, wherein the standard information of the upper operating system module is backup data stored in a security state of the upper operating system module of the security control module.
10、 根据权利要求 1或 7所述的实现操作系统安全控制的系统, 其特征 在于所述上级操作系统模块的标准信息为存储到所述标准信息存储控制模块 的上级操作系统模块的安全状态下的备份数据。  The system for implementing the security control of the operating system according to claim 1 or 7, wherein the standard information of the upper operating system module is stored in a security state of the upper operating system module of the standard information storage control module. Backup data.
11、 根据权利要求 1所述的实现操作系统安全控制的系统, 其特征在于 所述动态数据是指所述上級操作系统模块的标准信息以外的数据。  11. The system for implementing operating system security control according to claim 1, wherein the dynamic data refers to data other than standard information of the upper operating system module.
12、 一种实现操作系统安全控制的方法, 其特征在于包括以下步骤: 步骤 1、 读取上级操作系统模块的启动信息, 并与预先存储的所述上级 操作系统标准信息比较, 如果所述上级操作系统模块的启动信息与所述上级 操作系统标准信息一致, 则执行步骤 2, 否则使用所述上级操作系统标准信 息修复所述的上级操作系统模块的启动信息;  A method for implementing security control of an operating system, comprising the steps of: Step 1: reading startup information of a higher-level operating system module, and comparing with the pre-stored standard information of the upper-level operating system, if the superior If the startup information of the operating system module is consistent with the standard information of the upper-level operating system, step 2 is performed; otherwise, the startup information of the upper-level operating system module is repaired by using the upper-level operating system standard information;
步骤 2、 创建下级操作系统模块, 并加载所述上级操作系统模块和所述 下级操作系统模块。  Step 2: Create a lower-level operating system module, and load the upper-level operating system module and the lower-level operating system module.
13、 根据权利要求 12所述的实现操作系统安全控制的方法, 其特征在 于所述步骤 2之后还具有以下步驟:  13. The method for implementing operating system security control according to claim 12, further characterized by the following steps after the step 2:
步骤 3、 监控所述上级操作系统模块和 /或所述下级操作系统模块中动态 数据的读写操作,并将对所述动态数据的读 /写操作重定向或实时复制到磁盘 保护分区。  Step 3: Monitor the read and write operations of the dynamic data in the upper operating system module and/or the lower operating system module, and redirect or copy the read/write operations of the dynamic data to the disk protection partition in real time.
14、根据权利要求 12所述的实现操作系统安全控制的方法,其特征在于 所述步骤 1之前还包括, 将所述上级操作系统模块的安全状态下的备份数据 存储为所述上级操作系统标准信息。 The method for implementing security control of an operating system according to claim 12, wherein the step 1 further comprises: backing up data in a security state of the upper operating system module. Stored as the upper-level operating system standard information.
15、根据权利要求 12所述的实现操作系统安全控制的方法,其特征在于 所述步骤 1中, 所述与上级操作系统标准信息比较具体为: '  The method for implementing security control of an operating system according to claim 12, wherein in the step 1, the standard information of the operating system is compared with the following:
步棟 101、 计算上级操作系统模块的启动信息的特征值和上级操作系统 标准信息特征值;  Step 101: Calculating a feature value of the startup information of the upper operating system module and a standard information characteristic value of the upper operating system;
步骤 102、 比较所述启动信息的特征值和上级操作系统标准信息的特征 值;  Step 102: Compare a feature value of the startup information with a feature value of a higher-level operating system standard information.
步骤 103、 如果一致, 则进入步驟 2, 否则使用所述上级搡作系统标准信 息的特征值修复所述的上级操作系统模块的启动信息的特征值。  Step 103: If yes, go to step 2, otherwise use the feature value of the upper-level system standard information to repair the feature value of the startup information of the upper-level operating system module.
16、根据权利要求 12所述的实现操作系统安全控制的方法,其特征在于 所述步骤 1中, 所述与上级操作系统标准信息比较具体为:  The method for implementing the security control of the operating system according to claim 12, wherein in the step 1, the comparison with the standard information of the upper operating system is:
步驟 111、读取上级操作系统模块的启动信息和上级操作系统标准信息; 步骤 112、 比较所述启动信息和标准信息;  Step 111: Read startup information of the upper-level operating system module and upper-level operating system standard information; Step 112: Compare the startup information and standard information;
步骤 113、如果一致, 则执行步骤 2, 否则使用所述上级操作系统标准信 息修复所述的上级操作系统模块的启动信息。  Step 113: If yes, perform step 2, otherwise use the upper-level operating system standard information to repair the startup information of the upper-level operating system module.
17、根据权利要求 12所述的实现操作系统安全控制的方法,其特征在于 所述步驟 2中, 在创建所述下级操作系统模块之前, 如果下级操作系统模块 已经存在, 则先删除所述下级操作系统模块。  The method for implementing the security control of the operating system according to claim 12, wherein in the step 2, before the lower operating system module is created, if the lower operating system module already exists, the lower level is deleted first. Operating system module.
18、根据权利要求 13所述的实现操作系统安全控制的方法,其特征在于 所述步骤 3中 ,对所述动态数据的读 /写操作重定向或实时复制到磁盘保护分 区具体为:  The method for implementing security control of an operating system according to claim 13, wherein in the step 3, the read/write operation of the dynamic data is redirected or copied to the disk protection partition in real time:
步骤 31、 将所述动态数据复制到磁盘保护分区;  Step 31: Copy the dynamic data to a disk protection partition;
步骤 32、 监控对所述动态数据的读 /写操作;  Step 32: Monitor a read/write operation on the dynamic data;
步骤 33、 将对所述动态数据的读 /写操作映射到当前运行的下级操作系 统模块中。  Step 33: Map the read/write operation of the dynamic data to the currently operating lower level operating system module.
PCT/CN2006/001929 2005-08-23 2006-08-01 System and method for security control of operating system WO2007022687A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510093388.5 2005-08-23
CNB2005100933885A CN100514305C (en) 2005-08-23 2005-08-23 System and method for implementing safety control of operation system

Publications (1)

Publication Number Publication Date
WO2007022687A1 true WO2007022687A1 (en) 2007-03-01

Family

ID=37771221

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001929 WO2007022687A1 (en) 2005-08-23 2006-08-01 System and method for security control of operating system

Country Status (2)

Country Link
CN (1) CN100514305C (en)
WO (1) WO2007022687A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100524286C (en) * 2007-10-29 2009-08-05 中国科学院计算技术研究所 Multiple core processing system and its management method
CN103617069B (en) * 2011-09-14 2017-07-04 北京奇虎科技有限公司 Malware detection methods and virtual machine
CN103914650B (en) * 2012-12-31 2017-12-01 腾讯科技(深圳)有限公司 Method for detecting virus and device
CN105335227B (en) * 2014-06-19 2019-01-08 华为技术有限公司 Data processing method, device and system in a kind of node
CN104360917B (en) * 2014-11-29 2017-06-27 中国航空工业集团公司第六三一研究所 A kind of avionics system N+1 module backup methods
CN108959915B (en) * 2018-06-30 2022-07-22 平安科技(深圳)有限公司 Rootkit detection method, rootkit detection device and server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508697A (en) * 2002-12-16 2004-06-30 联想(北京)有限公司 Method and apparatus for realizing protection of computer operation system in hard disk
US20050015581A1 (en) * 2003-07-18 2005-01-20 Hung-Ping Chen [selectable booting method by bios with multi-partition in the disk on a single computer platform]
US20050138282A1 (en) * 2003-12-18 2005-06-23 Garney John I. Maintaining disk cache coherency in multiple operating system environment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1508697A (en) * 2002-12-16 2004-06-30 联想(北京)有限公司 Method and apparatus for realizing protection of computer operation system in hard disk
US20050015581A1 (en) * 2003-07-18 2005-01-20 Hung-Ping Chen [selectable booting method by bios with multi-partition in the disk on a single computer platform]
US20050138282A1 (en) * 2003-12-18 2005-06-23 Garney John I. Maintaining disk cache coherency in multiple operating system environment

Also Published As

Publication number Publication date
CN1920786A (en) 2007-02-28
CN100514305C (en) 2009-07-15

Similar Documents

Publication Publication Date Title
TWI420300B (en) Method, apparatus, and computer program product for anti-virus speed-up
US8239959B2 (en) Method and data processing system to prevent manipulation of computer systems
US8788763B2 (en) Protecting memory of a virtual guest
US8842837B2 (en) Method and apparatus for providing seamless file system encryption from a pre-boot environment into a firmware interface aware operating system
JP4916576B2 (en) Multi-operating system (OS) booting apparatus, multi-OS booting program, recording medium, and multi-OS booting method
US8782351B2 (en) Protecting memory of a virtual guest
US20140115316A1 (en) Boot loading of secure operating system from external device
US20070106993A1 (en) Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources
US10402378B2 (en) Method and system for executing an executable file
US7210013B2 (en) Data protection for computer system
US9396329B2 (en) Methods and apparatus for a safe and secure software update solution against attacks from malicious or unauthorized programs to update protected secondary storage
US20110078791A1 (en) Using chipset-based protected firmware for host software tamper detection and protection
JP2005129066A (en) Operating system resource protection
KR20100087336A (en) Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface
US7069445B2 (en) System and method for migration of a version of a bootable program
EP3627368B1 (en) Auxiliary memory having independent recovery area, and device applied with same
WO2007009328A1 (en) A virtual machine system supporting trusted computing and a trusted computing method implemented on it
EP3079057B1 (en) Method and device for realizing virtual machine introspection
WO2007022687A1 (en) System and method for security control of operating system
US20230342472A1 (en) Computer System, Trusted Function Component, and Running Method
US9390275B1 (en) System and method for controlling hard drive data change
US11500787B2 (en) Enforcing code integrity using a trusted computing base
JP2008305377A (en) System and method for intrusion protection of network storage
WO2007022686A1 (en) System and method for isolating operating system
JP4564477B2 (en) Thin client, thin client system, and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06775261

Country of ref document: EP

Kind code of ref document: A1