Based on the system protection method of data security
Technical field
The present invention relates to the programmed control field of computing machine, particularly relate to a kind of system protection method based on data security.
Background technology
First the technical term relating in literary composition is made an explanation:
NTFS:New Technology File System is the file system of WindowsNT operating environment and Windows NT advanced server network operating system environment.
FAT32:File Allocation Table 32, is the one of Windows system disk zoned format, and this form adopts the file allocation table of 32.
Interrupt for No. 13H: be that the disk read-write using in booting operating system process interrupts.
Data stream: be one section of binary data, use n bit representation certain sense (n > 0, n is integer).
Bit data stream: be step-by-step active data stream, the specific meaning of every bit representation.
Windows PE:Windows PreInstallation Environment, Windows WindowsPE, is the minimum Win32 subsystem with limited service, based on the Windows XP Professional kernel with protected mode operation.
GHOST:General Hardware Oriented System Transfer, towards universal hardware system forwarder, is the hard disk backup reduction instrument under Symantec Corporation of the U.S..
For the safety of protection calculation machine system, general approach has following two kinds:
(1) analyze the valid data of subregion of needing protection; and after being compressed, valid data backup in a hidden partition or file; when partition data destroyed; for example, while destroyed by virus; by by the data decompression of backup, return to protected subregion, to recover the data of subregion; if the subregion backing up is system partitioning, can reach the object of system protection.This way of realization is taking GHOST software as representative.
(2) write operation of monitoring to hard disk, is all mapped in the buffer zone of opening up in advance the write operation in the valid data district to hard disk, to reach the object of protection valid data, for the later stage does restoring operation and prepares.Partial reduction software and protection card are to adopt the object that reaches in this way system protection.
The relative merits of above-mentioned two kinds of methods are as follows:
The advantage of first method is: ensureing on the basis of secure user data, do not need the write operation of supervisory system to hard disk, can not have any impact to the travelling speed of custom system, and data can backup to miscellaneous equipment, for example, on portable hard drive or USB flash disk.Shortcoming is: not only need to take larger space and back up the valid data in subregion, and in the time realizing backup and recover, all need to take the longer time.
The advantage of second method is: while carrying out recovery operation, without data are moved, speed is very fast.Shortcoming is: in the time that valid data are carried out to write operation, the up-to-date data that write are always mapped in other hard disk areas, in the time occurring that mapping relations are lost, will cause user data forever to lose, and cannot reduce.
Summary of the invention
The object of the invention is the deficiency in order to overcome above-mentioned background technology; a kind of system protection method based on data security is provided; no matter wreck or when mapping relations are lost in system; can not cause the loss of user data; ensure the safety of user data; and reduction speed, also less on the read-write impact of hard disk.
System protection method based on data security provided by the invention, comprise the following steps: the valid data of S1, analysis hard-disk system subregion, set up sector valid data bit data stream, sector in fdisk is divided into some sectors piece, set up sector block protection status data stream according to sector valid data bit data stream, sector, place, the sector piece that is labeled as valid data in the valid data bit data stream of sector is labeled as to protected, and all the other are labeled as free block, S2, tackle all write operations to hard disk, when intercept system partitioning write operation time, inquiry sector block protection status data stream, if sector, place, current sector to be written piece is protected, find according to sector block protection status data stream the sector piece that is labeled as free block, read the data of current sector to be written piece from hard disk, these data are backuped in free block, record the backup information of these data, and revise sector block protection status data and flow, this free block is labeled as to buffer stopper, sector to be written piece is labeled as and is backed up piece, then complete the write operation to sector to be written piece, S3, wreck when protected computer operating system, while causing system to guide, if having significant data file in system partitioning need to give for change, articulate as the system vectoring computer from dish from other hard disk from Windows PE vectoring computer or by hard disk, first by the data Replica on hard disk to other storage mediums, and then restoring system, if do not have data to give for change, direct-reduction system, according to the state of sector piece and the data backup information of record of record in sector block protection status data stream, re-writes the original present position of data by Backup Data.
In technique scheme, the valid data bit data stream of sector described in step S1 is one and is used for representing whether the sector in fdisk comprises the bit data stream of valid data, 1 byte=8,1 bit representation 1 sector.
In technique scheme, if sector comprises valid data, correspondence position is labeled as to 1; Otherwise be labeled as 0.
In technique scheme, in step S1, be that a sector piece carries out piecemeal by the An Mei128 sector, sector in fdisk.
In technique scheme, backup information described in step S2 refers to which sector piece is former data be backed up to.
In technique scheme, while carrying out restoring operation in step S3, if judge and be labeled as protected, buffer stopper or free block in Kuai sector, sector block protection status data stream, do not process; If be labeled as and be backed up piece in Kuai sector, sector block protection status data stream,, according to the backup information of record, the data of backup are re-write to the original residing hard disk of data position.
In technique scheme, further comprising the steps of after step S3: to re-establish sector block protection status data stream according to step S1, and remove all backup informations that record in step S2, state when fdisk data are returned to software installation.
In technique scheme, when interception is to the write operation of system disk in step S2, by articulating 13H interrupt vector and hard disk filtration drive being installed, realize the interception to system disk write operation.
In technique scheme, the file system of described fdisk is NTFS or FAT32.
Compared with prior art, advantage of the present invention is as follows:
(1) the present invention can ensure the safety of user data, when system wrecks or the backup information that records is lost the loss that can not cause user data.
(2) when restoring system of the present invention; the sector piece only changing for system recovers, and in ensureing secure user data, has improved greatly the speed of system reducing; read-write impact on hard disk is less, compares traditional system protection software and has obvious superiority.
Brief description of the drawings
Fig. 1 is the process flow diagram of system protection method in the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
System protection method based on data security shown in Figure 1, the embodiment of the present invention provides, comprises the following steps:
Step 101: the valid data of analytic system subregion, set up sector valid data bit data stream, sector valid data bit data stream is one and is used for representing whether sector, fdisk is the data stream of valid data, 1 byte=8, wherein every 1 bit representation 1 sector, if sector is valid data, correspondence position is labeled as to 1; Otherwise be labeled as 0.
Step 102: in order to improve running efficiency of system, be that a sector piece carries out piecemeal to the An Mei128 sector, sector in fdisk, 0~127 sector in subregion is a sector piece, and 128~255 sectors are a sector piece, and the rest may be inferred afterwards.
According to the sector valid data bit data stream of setting up in step 101, set up sector block protection status data stream, sector block protection status data stream is a data stream that records all sectors block protection state, the guard mode of sector piece comprises protected state, idle condition, buffer status and be backed up state, these sector pieces are known as respectively protected according to state, free block, buffer stopper and be backed up piece, the sector piece that is wherein labeled as the place, sector of valid data in sector valid data bit data stream is all labeled as protected, other sector piece is all labeled as free block.
Step 103: tackle all write operations to hard disk, when intercept system partitioning write operation time, inquiry sector block protection status data stream, if the sector piece at place, current sector to be written is marked as protected, find according to sector block protection status data stream the sector piece that is labeled as free block, read the data of current sector to be written piece from hard disk, and back up data in the free block finding, the backup information of record data, be which sector piece is former data be backed up to, and revise sector block protection status data stream: this free block is labeled as to buffer stopper, sector to be written piece is labeled as and is backed up piece, then complete the amendment to sector to be written piece.
Step 104: when protected computer operating system wrecks, while causing system to guide, if having significant data file in system partitioning need to give for change, articulate as the system vectoring computer from dish from other hard disk from Windows PE vectoring computer or by hard disk, first by the data Replica on hard disk to other storage mediums, and then restoring system; If do not have data to give for change, direct-reduction system, according to the state of sector piece and the data backup information of record of record in sector block protection status data stream, re-writes the original present position of data by Backup Data.
Step 105: in the time carrying out restoring operation, according to various states and the data backup information of record in sector block protection status data stream, if be labeled as protected, buffer stopper or free block in Kuai sector, sector block protection status data stream, do not need to process; If be labeled as and be backed up piece in Kuai sector, sector block protection status data stream; according to the backup information of record; the data that backed up are re-write to the original residing hard disk of data position; finally re-establish sector block protection status data stream according to step 101 and 102; and remove all data backup information recording in step 103, state fdisk data can be returned to software installation time.
The fdisk file system of supporting in the embodiment of the present invention is NTFS or FAT32.
The system partitioning that hypothesis will be protected is below C dish, and the file system of subregion is NTFS, realizes the protection to C dish by following step.
(1) set up the sector valid data bit data stream of C dish subregion.Analyze new technology file system, find NTFS bunch to take file, and obtain every bunch of sector number comprising, bunch taking file is to represent bunch bit data stream whether taking, according to bunch taking file and every bunch of sector number comprising, can Rapid Establishment sector valid data bit data stream.
(2) set up C dish sector block protection mode bit data stream.Piecemeal is carried out by 128 sectors in all sectors to C dish: the 0-127 sector in subregion is a piece, and 128-255 sector is a piece, afterwards the like.The sector piece that is labeled as the place, sector of valid data in the valid data bit data stream of sector is all labeled as to protected, and other sector piece is all labeled as free block, can set up the sector block protection bit data stream of C dish.
(3) tackle all hard disk operation of writing to C dish: by articulating 13H interrupt vector and hard disk filtration drive being installed, to reach the object of intercepting and capturing C dish read-write operation.In the time intercepting the write operation that C is coiled, inquiry C dish sector block protection status data stream, if the sector piece at the place, sector being modified current is marked as protected, find according to C dish sector block protection status data stream the sector piece that is labeled as free block, read the data of the current sector piece that is just being modified data from hard disk, and these data are backuped in the free block finding above, the backup information of record data, be which sector piece is former data be backed up to, and revise C dish sector block protection status data stream: this free block is labeled as to buffer stopper, the sector piece of revising is labeled as and is backed up piece, then complete the amendment to being backed up piece.
(4) when C dish data wreck, while causing system to guide, if there is significant data file to give for change, can use after other system vectoring computer, first by the data Replica on hard disk to other storage mediums, and then restoring system.If do not have data to give for change, can direct-reduction system.
(5) C dish is destroyed, and C dish is carried out to restoring operation.Carrying out when restoring operation, according to various states and the data backup information of record in the block protection status data stream of C dish sector, if be labeled as protected, buffer stopper or free block in Kuai sector, sector block protection status data stream, do not need to process; If be labeled as and be backed up piece in Kuai sector, sector block protection status data stream; according to the data backup information of record; the data of backup are re-write to the original residing hard disk of data position; finally re-establish C dish sector block protection status data stream according to step (1) (2); and remove all data backup information of record in step (3), C can be coiled to the state of data when returning to software and installing.
Obviously, those skilled in the art can carry out various changes and modification and not depart from the spirit and scope of the present invention the present invention.Like this, if these amendments of the present invention and within modification belongs to the scope of the claims in the present invention and equivalent technologies thereof, the present invention is also intended to comprise these changes and modification interior.The content not being described in detail in this instructions belongs to the known prior art of professional and technical personnel in the field.