File system operation intercepting method based on event monitoring mechanism

A file system operation and mechanism technology, applied in computer security devices, special data processing applications, instruments, etc., can solve problems such as lack of fine control, inaccessibility, and large granularity of protection means

Active Publication Date: 2009-10-14
INSIGMA TECHNOLOGY CO LTD
View PDF0 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the granularity of such protection measures is too large. A file is ei

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File system operation intercepting method based on event monitoring mechanism
  • File system operation intercepting method based on event monitoring mechanism
  • File system operation intercepting method based on event monitoring mechanism

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments:

[0022] The file system operation interception method based on the event monitoring mechanism described in the present invention comprises the following steps:

[0023] 1) A user-trusted management program calls iauth_init to start an interception service. The process calling this function must have administrator privileges. This function will return a file descriptor.

[0024] 2) The management program calls iauth_add_watch to monitor the key parts of the system. When calling this function, the management program must specify a callback function to judge whether an access is legal.

[0025] 3) If necessary, the management program can call iauth_remove_watch to remove the watch.

[0026] 4) When other applications try to read and write...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a file system operation intercepting method based on an event monitoring mechanism. The method comprises the following steps: a supervisor program which is trusted by a user calls function iauth_init to start the intercept service, and the function returns a file descriptor; the supervisor program calls function iauth_add_watch to monitor the key part of a system, and when the function is called, the supervisor program is required to specify a call back function so as to judge whether an access is illegal; when other application programs try to read and write monitored files, the call back function provided by the supervisor program can be called and decides the validity of the reading and writing so as to judge whether to let the reading and writing to pass or reject the reading and writing, and the action can lead the file operation of the application program which is tried to be read and written to be successful or failed. The invention has the advantages that the method provides user-friendly system call to lead a system manager to arbitrarily add monitoring, intercepting and preventing functions to the file system operation of the computer. The function can provide convenience for the application software on the system security aspect.

Description

technical field [0001] The invention relates to system monitoring and system security technology, in particular to a file system operation interception method based on an event monitoring mechanism. Background technique [0002] File system operation interception means that when the user's application program attempts to access the file system, the system management program first intercepts the access behavior, checks the legitimacy of the access, and makes a decision to allow or prohibit access based on this. [0003] File system security is an important part of system security. Most applications (malware, Trojan horses, viruses, etc.) that endanger system security achieve the purpose of destroying the system by writing illegal data in the file system. Therefore, tracking and intercepting the operation of the application program on the file system is of great significance to system security. [0004] In the 2.6 kernel version of Linux, there are already file system monitor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F17/30G06F21/02G06F21/56
Inventor 石凡陈纯卜佳俊陈华金涛褚力行
Owner INSIGMA TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap