Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A file auditing and protection method based on linux security module

A security module and file technology, applied in computer security devices, computing, digital data protection, etc., can solve the problems of inability to protect files, lack of stability and system version compatibility, and achieve outstanding substantive features and reliable design principles. , the effect of good system compatibility

Active Publication Date: 2022-02-22
中孚安全技术有限公司 +2
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] File auditing and protection functions under Linux, currently implemented methods mainly include iNotify and InlineHook, etc., but there are some problems in these methods: iNotify is a tool for detecting changes in the file system, and the function of file auditing can be realized with this tool, but the file Protection (such as file anti-deletion, anti-modification, file hiding, etc.) functions cannot be achieved, and the number of files it can monitor has an upper limit, and files exceeding this threshold will not be monitored
[0003] InlineHook is a technique for hooking system functions. By replacing the head instruction of the target function, it can jump to other instruction areas before the function is executed. After execution, it jumps back to the original function and jumps to the instruction area. Usually it is a function written by ourselves to complete the file audit and protection function according to the security policy. Since this technology requires operations such as instruction modification and jumping, it is insufficient in terms of stability and system version compatibility.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A file auditing and protection method based on linux security module
  • A file auditing and protection method based on linux security module

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] Such as Figure 1-2 Shown, a kind of file auditing, protection method based on Linux security module, comprises the steps:

[0061]S1: The security module defines hook functions related to file operations;

[0062] S2: Register the hook function into the LSM framework;

[0063] S3: Compile it into a kernel ko module, and implement security access control in the form of a Linux kernel ko module.

[0064] Step S1, including:

[0065] S11: define a global table and specify a list of hook functions to be implemented therein;

[0066] S12: In the specified hook function, perform file operation audit;

[0067] S13: Set the return value of the hook function to realize file protection.

[0068] In step S11, the global table of the security_operations structure is defined, and the specified hook functions include:

[0069] File copy / creation judgment function, file deletion judgment function, directory copy / creation judgment function, directory deletion judgment function, ...

Embodiment 2

[0102] A kind of file auditing, protection method based on Linux security module, comprises the steps:

[0103] (1) Define the global table of the security_operations structure, specify the list of hook functions we want to implement, including: inode_create function, inode_unlink function, inode_mkdir function, inode_rmdir function, inode_rename function, inode_setattr function, file_open function, file_permission function

[0104] In the hook function specified above, file operation audit is performed: obtain the complete name of the operated file through the function parameter, and identify the type of file operation through the hook function type. Some file operations are special and involve multiple hook functions, which need to be combined Hook function to identify.

[0105] A: The file operation type identification process is as follows:

[0106] The following two file operations are judged in the inode_create hook function:

[0107] a: file copy operation

[0108] W...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a file auditing and protection method based on a Linux security module, comprising the following steps: the security module defines a hook function related to file operation; the hook function is registered in the LSM framework; the kernel ko module is compiled into the Linux kernel ko module form to achieve security access control. Step The security module defines hook functions related to file operations, including: defining a global table and specifying a list of hook functions to be implemented in it; performing file operation audit in the specified hook functions; setting the return value of the hook functions to realize file protection.

Description

technical field [0001] The invention relates to the technical field of file auditing and protection under Linux, in particular to a file auditing and protection method based on a Linux security module. Background technique [0002] File auditing and protection functions under Linux, currently implemented methods mainly include iNotify and InlineHook, etc., but there are some problems in these methods: iNotify is a tool for detecting changes in the file system, and the file auditing function can be realized with this tool, but the file Protection (such as file anti-deletion, anti-modification, file hiding, etc.) functions cannot be achieved, and the number of files it can monitor has an upper limit, and files exceeding this threshold will not be monitored. [0003] InlineHook is a technique for hooking system functions. By replacing the head instruction of the target function, it can jump to other instruction areas before the function is executed. After execution, it jumps ba...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/62G06F8/41
CPCG06F8/41G06F21/6218
Inventor 张雷袁浩苗功勋
Owner 中孚安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com