Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

File access filtering method

A filtering method and file access technology, applied in the field of network security, can solve the problems of decreased efficiency, consumption of memory and CPU resources, and illegal operations without recording files, so as to improve the speed and speed up the comparison efficiency.

Active Publication Date: 2011-09-21
北京思创银联科技股份有限公司
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The disadvantages of the above implementation methods are: 1. The efficiency is relatively low: since the access of files and folders must pass through the ZwCreateFile function, the comparison of many paths is actually for the comparison of device and folder paths
Due to the relatively long white list, the efficiency will naturally drop a lot if you want to do a complete comparison, and these comparisons will bring about redundant memory and CPU resource consumption, increasing the risk of system instability
2. There is no record of those files that have been illegally operated: the user’s files have been illegally operated, and the product is used to protect them, but the user does not know that those files have been illegally operated by that process, so this process will have the opportunity to operate the file again

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File access filtering method
  • File access filtering method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The specific implementation manners of the present invention will be described in further detail below in conjunction with the accompanying drawings and examples. The following examples are used to illustrate the present invention, but are not intended to limit the scope of the present invention.

[0022] Such as figure 1 As shown, the file access filtering method of the present invention comprises the following steps:

[0023] S1, process the I / O request packet IRP request category and exit the driver request DriverUnload, and install the corresponding dispatch function;

[0024] S2, process the user layer call, and send a call command to the kernel layer, for example: when the user layer sends a start command, the kernel layer starts to search for the address of the Windows kernel function ZwCreateFile in the system service description table SSDT, and converts this address into a custom The address of the function MyCreateFile, so as to complete the HOOK action;

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a file access filtering method which belongs to the technical field of network safety. The file access filtering method comprises the following steps: S1) processing an IRP (input / output request package) request category and a request of withdrawing from drive, and mounting a corresponding dispatch function; S2) processing calling of a user layer, and emitting a calling command to an inner nuclear layer; S3) getting an afferent Handle through a parameter when calling a Windows inner nuclear function in user-defined functions, and inquiring whether a path corresponding to the Handle is a file folder path or not by calling the inner nuclear function of a system, if the path is the file holder path and does not contain a magnetic disk drive, not performing contrast, if the path is a file path, comparing in a white list; and S4) notifying an application program of the user layer of retrieving illegal access file information recorded in a BackList through a shared event created between the user layer and the inner nuclear layer, and using the application program of the user layer to write the illegal access file information into a log file. By adopting the file access filtering method, a user can conveniently further adopt measures for protecting personal files.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a file access filtering method. Background technique [0002] As computers and the Internet have increasingly become an indispensable part of people's lives, personal file security issues have received more and more attention. Many malicious programs or Trojan horses secretly scan the user's files without the user's knowledge, and even upload the files to the designated server. [0003] Under the Windows platform, the operating system is divided into two parts: the user layer (also called Ring3 layer) and the kernel layer (also called Ring0 layer). The API interfaces provided by Windows all call the kernel functions of the Ring0 layer from the Ring3 layer to realize the functions. It can be said that if you want to protect your computer and files, it is essential to take measures at the Ring0 layer. [0004] Currently, file protection products developed on the market ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/22G06F9/46G06F21/10
Inventor 于晓军万雪松赵辰清
Owner 北京思创银联科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com