CN105912958A - Method and device for controlling access to external equipment - Google Patents
Method and device for controlling access to external equipment Download PDFInfo
- Publication number
- CN105912958A CN105912958A CN201610202717.3A CN201610202717A CN105912958A CN 105912958 A CN105912958 A CN 105912958A CN 201610202717 A CN201610202717 A CN 201610202717A CN 105912958 A CN105912958 A CN 105912958A
- Authority
- CN
- China
- Prior art keywords
- external equipment
- instruction
- access
- mount
- system kernel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method and device for controlling access to external equipment. The method comprises following steps: pre-setting a switch for controlling access to external equipment and pre-setting the switch to be on or off; intercepting an instruction of external equipment; determining whether the switch is on or off and controlling a system kernel to call an instruction with access to external equipment if is, accessing to the external equipment based on the instruction with access to external equipment, or otherwise, preventing the system kernel from calling an instruction with access to external equipment with the view of preventing access to the external equipment. The invention provides the method and device for controlling access to the external equipment so that access to external equipment can be achieved more easily.
Description
Technical field
The present invention relates to field of computer technology, particularly to a kind of control external equipment access method and
Device.
Background technology
When a physical equipment is deposited important information or important business data, how by controlling outside
It is technical problem urgently to be resolved hurrily that portion's equipment accesses the safety of the important information protected in physical equipment.
In prior art, typically controlled the access of external equipment by physics mode, specifically, should
The interface accessing external equipment on physical equipment is sealed by physical means, so that external equipment cannot be with this
Physical equipment is connected;The interface accessing external equipment on physical equipment is unsealed by physical means, with
Make external equipment can be connected with this physical equipment.
Visible by foregoing description, prior art realizes controlling external equipment by physical means and accesses,
More complicated.
Summary of the invention
Embodiments provide a kind of method and device controlling external equipment access, it is possible to simpler
Single realization controls external equipment and accesses.
On the one hand, embodiments provide a kind of method controlling external equipment access, including:
S0: pre-set control external equipment access switch, in advance described switch is set on or
Person closes;
S1: intercept the instruction accessing external equipment;
S2: judge whether described switch is opened, if it is, outside accessing described in control system kernel calls
The instruction of portion's equipment, accesses described external equipment, otherwise, resistance according to the instruction of described access external equipment
Only described system kernel calls the described instruction accessing outside setting, stops described external equipment to access.
Further, the instruction of described access external equipment, including: mount instructs;
Described S1, including: intercept mount instruction;
In described S2, described in described control system kernel calls, access the instruction of external equipment, including:
Control described system kernel and call described mount instruction, access described according to described mount instruction
External equipment;
In described S2, the described system kernel of described prevention calls the described instruction accessing outside setting, bag
Include: stop described system kernel to call described mount instruction.
Further, described instruction according to described mount accesses described external equipment, including:
Perform described mount instruction, external equipment described in carry.
Further, before described S1, also include: the described access outside receiving outside input sets
Standby instruction.
Further, before described S1, also include:
The instruction of described access external equipment is performed at client layer.
On the other hand, embodiments provide a kind of device controlling external equipment access, including:
Unit is set, controls, for arranging, the switch that external equipment accesses, described switch is set on
Or close;
Interception unit, for intercepting the instruction accessing external equipment;
Judging unit, is used for judging whether described switch is opened, if it is, control system kernel calls
The instruction of described access external equipment, accesses described external equipment according to the instruction of described access external equipment,
Otherwise, stop described system kernel to call the described instruction accessing outside setting, stop described external equipment
Access.
Further, the instruction of described access external equipment, including: mount instructs;
Described interception unit, is used for intercepting mount instruction;
Described judging unit, is performing to access described in described control system kernel calls the instruction of external equipment
Time, specifically for: control described system kernel and call described mount instruction, refer to according to described mount
Order accesses described external equipment;
Described judging unit, calls the outside setting of described access performing the described system kernel of described prevention
During instruction, specifically for: stop described system kernel to call described mount instruction.
Further, described judging unit, perform described according to described mount instruction access described outside
During portion's equipment, specifically for: perform described mount instruction, external equipment described in carry.
Further, also include: receive unit, for receiving the described access external equipment of outside input
Instruction.
Further, also include: performance element, for performing described access external equipment at client layer
Instruction.
In embodiments of the present invention, pre-set and control the switch that external equipment accesses, and in advance by described
Switch is set on or cuts out, and before accessing external equipment, intercepts the instruction accessing external equipment,
According to external equipment access switch on or close control whether to make system kernel call described in connect
Enter the instruction of external equipment, and then control whether to access external equipment, it is not necessary to controlled by physical means
The access of external equipment, simpler realization controls external equipment and accesses.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality
Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below,
Accompanying drawing in description is some embodiments of the present invention, for those of ordinary skill in the art, not
On the premise of paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of flow chart controlling the method that external equipment accesses that one embodiment of the invention provides;
Fig. 2 is the another kind of flow process controlling the method that external equipment accesses that one embodiment of the invention provides
Figure;
Fig. 3 is a kind of schematic diagram controlling the device that external equipment accesses that one embodiment of the invention provides;
Fig. 4 is the another kind of signal controlling the device that external equipment accesses that one embodiment of the invention provides
Figure.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with this
Accompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention,
Obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments, based on
Embodiment in the present invention, those of ordinary skill in the art are institute on the premise of not making creative work
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
As it is shown in figure 1, embodiments provide a kind of method controlling external equipment access, the party
Method may comprise steps of:
Step 101: pre-set and control the switch that external equipment accesses, in advance described switch is set to
It is turned on or off;
Step 102: intercept the instruction accessing external equipment;
Step 103: judge whether described switch is opened, if it is, perform step 104, otherwise, holds
Row step 105;
Step 104: access the instruction of external equipment described in control system kernel calls, according to described access
The instruction of external equipment accesses described external equipment;
Step 105: stop described system kernel to call the described instruction accessing outside setting, stop described
External equipment accesses.
In embodiments of the present invention, pre-set and control the switch that external equipment accesses, and in advance by described
Switch is set on or cuts out, and before accessing external equipment, intercepts the instruction accessing external equipment,
According to external equipment access switch on or close control whether to make system kernel call described in connect
Enter the instruction of external equipment, and then control whether to access external equipment, it is not necessary to controlled by physical means
The access of external equipment, simpler realization controls external equipment and accesses.
In a kind of possible implementation, the instruction of described access external equipment, including: mount refers to
Order;
Step 102, including: intercept mount instruction;
In step 104, described in described control system kernel calls, access the instruction of external equipment, including:
Control described system kernel and call described mount instruction, access described according to described mount instruction
External equipment;
In step 105, the described system kernel of described prevention calls the described instruction accessing outside setting, bag
Include: stop described system kernel to call described mount instruction.
It is in a kind of possible implementation, described according to the described mount instruction described external equipment of access,
Including: perform described mount instruction, external equipment described in carry.
In a kind of possible implementation, before step 102, also include: receive outside input
The instruction of described access external equipment.
In a kind of possible implementation, before step 102, also include: perform institute at client layer
State the instruction accessing external equipment.
During user's external equipment to be accessed, can perform to access the instruction of external equipment at client layer.
In Linux system, external equipment can be controlled by the method that the embodiment of the present invention provides
Access.In embodiments of the present invention, need to control external equipment and access the server installing Linux system.
Here external equipment includes: USB flash disk, portable hard drive, external CD-ROM drive etc..In this embodiment, outside
The switch that equipment accesses is mount switch, and the instruction accessing external equipment is mount instruction.
As in figure 2 it is shown, embodiments provide a kind of method controlling external equipment access, the party
Method may comprise steps of:
Step 201: pre-set mount switch, in advance mount switch is set on or closes
Close.
The state of switch can be configured by user, as required, arranges and switches on or close.
This switch is arranged and internal system.
Step 202: receive the mount instruction of outside input, perform mount instruction at client layer.
When user needs to access external equipment, can be instructed by mount and load this equipment.But
It is that in this embodiment, user can only perform mount instruction at client layer, it is impossible to adjusts from system kernel
Instruct with mount, it is thus impossible to load external equipment.
Step 203: intercept mount instruction.
In order to control the access of external equipment, need to intercept mount instruction, according to the open and-shut mode of switch
Determine whether to realize the function of mount instruction, and then control the access of external equipment.
Step 204: judge whether mount switch is opened, if it is, perform step 205, otherwise,
Perform step 206.
Step 205: control system kernel calls mount instructs, performs mount instruction, outside carry
Equipment.
When mount switch open, system kernel can instruct with normal call mount, it is, can
Direct carry external equipment is instructed with the mount according to client layer.
Step 206: stop system kernel to call mount instruction, stop external equipment to access.
When mount switch cuts out, system kernel can not instruct at mount by normal call, it is,
Even if performing mount instruction at client layer, external equipment can not be accessed.
As shown in Figure 3, Figure 4, a kind of device controlling external equipment access is embodiments provided.
Device embodiment can be realized by software, it is also possible to realizes by the way of hardware or software and hardware combining.
For hardware view, as it is shown on figure 3, a kind of external equipment that controls for embodiment of the present invention offer connects
A kind of hardware structure diagram of the device place equipment entered, except the processor shown in Fig. 3, internal memory, network
Outside interface and nonvolatile memory, in embodiment, the equipment at device place generally can also include
Other hardware, such as the forwarding chip etc. of responsible process message.As a example by implemented in software, as shown in Figure 4,
As the device on a logical meaning, it is that the CPU by its place equipment is by nonvolatile memory
Corresponding computer program instructions reads and runs formation in internal memory.A kind of control that the present embodiment provides
The device that external equipment accesses, including:
Unit 401 is set, controls, for arranging, the switch that external equipment accesses, described switch is set to
It is turned on or off;
Interception unit 402, for intercepting the instruction accessing external equipment;
Judging unit 403, is used for judging whether described switch is opened, if it is, control system kernel
Call the instruction of described access external equipment, access described outside according to the instruction of described access external equipment
Equipment, otherwise, stops described system kernel to call and described accesses the outside instruction arranged, stop described outside
Portion's equipment accesses.
In a kind of possible implementation, the instruction of described access external equipment, including: mount refers to
Order;
Described interception unit 402, is used for intercepting mount instruction;
Described judging unit 403, is performing to access described in described control system kernel calls external equipment
During instruction, specifically for: control described system kernel and call described mount instruction, according to described mount
Instruction accesses described external equipment;
Described judging unit 403, calls described outside of accessing at the execution described system kernel of described prevention and sets
During the instruction put, specifically for: stop described system kernel to call described mount instruction.
In a kind of possible implementation, described judging unit 403, performing described in described basis
When mount instruction accesses described external equipment, specifically for: perform described mount instruction, carry institute
State external equipment.
In a kind of possible implementation, this device also includes: receive unit, is used for receiving outside defeated
The instruction of the described access external equipment entered.
In a kind of possible implementation, this device also includes: performance element, for holding at client layer
The instruction of the described access external equipment of row.
The contents such as the information between each unit in said apparatus is mutual, execution process, due to the present invention
Embodiment of the method is based on same design, and particular content can be found in the narration in the inventive method embodiment, this
Place repeats no more.
The embodiment of the present invention provide a kind of control external equipment access method and device, at least have as
Lower beneficial effect:
1, in embodiments of the present invention, pre-set and control the switch that external equipment accesses, and in advance by institute
State switch be set on or close, before accessing external equipment, intercept the finger accessing external equipment
Order, switches on or closes control whether to make system kernel call institute according to what external equipment accessed
State the instruction accessing external equipment, and then control whether to access external equipment, it is not necessary to come by physical means
Controlling the access of external equipment, simpler realization controls external equipment and accesses.
2, in embodiments of the present invention, the realization of the instruction accessing external equipment by control controls outside
The access of equipment, it is ensured that information security.
It should be noted that in this article, the relational terms of such as first and second etc be used merely to by
One entity or operation separate with another entity or operating space, and not necessarily require or imply this
Relation or the order of any this reality is there is between a little entities or operation.And, term " includes ",
" comprise " or its any other variant is intended to comprising of nonexcludability, so that include that one is
The process of row key element, method, article or equipment not only include those key elements, but also include the brightest
Other key elements really listed, or also include intrinsic for this process, method, article or equipment
Key element.In the case of there is no more restriction, statement " including ... " limit
Key element, it is not excluded that there is also another in including the process of described key element, method, article or equipment
Outer same factor.
One of ordinary skill in the art will appreciate that: realize all or part of step of said method embodiment
Can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in embodied on computer readable
Storage medium in, this program upon execution, performs to include the step of said method embodiment;And it is aforementioned
Storage medium include: various Jie that can store program code such as ROM, RAM, magnetic disc or CD
In matter.
Last it should be understood that the foregoing is only presently preferred embodiments of the present invention, it is merely to illustrate this
The technical scheme of invention, is not intended to limit protection scope of the present invention.All spirit in the present invention and former
Any modification, equivalent substitution and improvement etc. done within then, are all contained in protection scope of the present invention.
Claims (10)
1. one kind controls the method that external equipment accesses, it is characterised in that including:
S0: pre-set control external equipment access switch, in advance described switch is set on or
Person closes;
S1: intercept the instruction accessing external equipment;
S2: judge whether described switch is opened, if it is, outside accessing described in control system kernel calls
The instruction of portion's equipment, accesses described external equipment, otherwise, resistance according to the instruction of described access external equipment
Only described system kernel calls the described instruction accessing outside setting, stops described external equipment to access.
Method the most according to claim 1, it is characterised in that the instruction of described access external equipment,
Including: mount instructs;
Described S1, including: intercept mount instruction;
In described S2, described in described control system kernel calls, access the instruction of external equipment, including:
Control described system kernel and call described mount instruction, access described according to described mount instruction
External equipment;
In described S2, the described system kernel of described prevention calls the described instruction accessing outside setting, bag
Include: stop described system kernel to call described mount instruction.
Method the most according to claim 2, it is characterised in that described refer to according to described mount
Order accesses described external equipment, including:
Perform described mount instruction, external equipment described in carry.
Method the most according to claim 1, it is characterised in that before described S1, also include:
Receive the instruction of the described access external equipment of outside input.
Method the most according to claim 1, it is characterised in that before described S1, also include:
The instruction of described access external equipment is performed at client layer.
6. one kind controls the device that external equipment accesses, it is characterised in that including:
Unit is set, controls, for arranging, the switch that external equipment accesses, described switch is set on
Or close;
Interception unit, for intercepting the instruction accessing external equipment;
Judging unit, is used for judging whether described switch is opened, if it is, control system kernel calls
The instruction of described access external equipment, accesses described external equipment according to the instruction of described access external equipment,
Otherwise, stop described system kernel to call the described instruction accessing outside setting, stop described external equipment
Access.
Device the most according to claim 6, it is characterised in that the instruction of described access external equipment,
Including: mount instructs;
Described interception unit, is used for intercepting mount instruction;
Described judging unit, is performing to access described in described control system kernel calls the instruction of external equipment
Time, specifically for: control described system kernel and call described mount instruction, refer to according to described mount
Order accesses described external equipment;
Described judging unit, calls the outside setting of described access performing the described system kernel of described prevention
During instruction, specifically for: stop described system kernel to call described mount instruction.
Device the most according to claim 7, it is characterised in that described judging unit, is performing institute
When stating according to the described mount instruction described external equipment of access, specifically for: perform described mount and refer to
Make, external equipment described in carry.
9. according to described device arbitrary in claim 6-8, it is characterised in that also include: receive single
Unit, for receiving the instruction of the described access external equipment of outside input.
10. according to described device arbitrary in claim 6-8, it is characterised in that also include: perform
Unit, for performing the instruction of described access external equipment at client layer.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610202717.3A CN105912958A (en) | 2016-04-01 | 2016-04-01 | Method and device for controlling access to external equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610202717.3A CN105912958A (en) | 2016-04-01 | 2016-04-01 | Method and device for controlling access to external equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105912958A true CN105912958A (en) | 2016-08-31 |
Family
ID=56744491
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610202717.3A Pending CN105912958A (en) | 2016-04-01 | 2016-04-01 | Method and device for controlling access to external equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105912958A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101772761A (en) * | 2007-07-31 | 2010-07-07 | 惠普开发有限公司 | Electronic device interface control system |
CN101901559A (en) * | 2010-07-30 | 2010-12-01 | 中国船舶重工集团公司第七○九研究所 | Safety control method for USB (Universal Serial Bus) interface |
US20110173351A1 (en) * | 2010-01-14 | 2011-07-14 | Microsoft Corporation | Extensions for usb driver interface functions |
CN103778081A (en) * | 2014-02-11 | 2014-05-07 | 成都卫士通信息安全技术有限公司 | USB peripheral access control method |
CN104598400A (en) * | 2014-12-15 | 2015-05-06 | 北京奇虎科技有限公司 | Peripheral equipment management method, device and system |
-
2016
- 2016-04-01 CN CN201610202717.3A patent/CN105912958A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101772761A (en) * | 2007-07-31 | 2010-07-07 | 惠普开发有限公司 | Electronic device interface control system |
US20110173351A1 (en) * | 2010-01-14 | 2011-07-14 | Microsoft Corporation | Extensions for usb driver interface functions |
CN101901559A (en) * | 2010-07-30 | 2010-12-01 | 中国船舶重工集团公司第七○九研究所 | Safety control method for USB (Universal Serial Bus) interface |
CN103778081A (en) * | 2014-02-11 | 2014-05-07 | 成都卫士通信息安全技术有限公司 | USB peripheral access control method |
CN104598400A (en) * | 2014-12-15 | 2015-05-06 | 北京奇虎科技有限公司 | Peripheral equipment management method, device and system |
Non-Patent Citations (1)
Title |
---|
龚演: "基于LSM框架的USB存储设备数据泄漏防护研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019095563A1 (en) | Screen watermark display method and apparatus, computer device, and storage medium | |
US9589139B2 (en) | Method and device for altering a unified extensible firmware interface (UEFI) secure boot process in a computing device | |
EP2659421B1 (en) | Application execution in a restricted application execution environment | |
ES2343623B5 (en) | SECURE MOBILE WIRELESS DEVICE. | |
EP3370449B1 (en) | Method and device for configuring security indication information | |
US10754953B2 (en) | TrustZone-based security isolation method for shared library and system thereof | |
EP1512057B1 (en) | Trusted user interface for a secure mobile wireless device | |
US20100235881A1 (en) | Enabling Sharing of Mobile Communication Device | |
US8656487B2 (en) | System and method for filtering write requests to selected output ports | |
US11113387B2 (en) | Method and apparatus for improving security of Java sandbox | |
EP2784714B1 (en) | Method of preventing access to sensitive data of a computing device | |
US10706171B2 (en) | Method for providing a secure mode for mobile device applications | |
US20210089684A1 (en) | Controlled access to data stored in a secure partition | |
WO2019100897A1 (en) | Application program starting method and starting apparatus, and computer readable storage medium | |
CN107944292B (en) | Privacy data protection method and system | |
US11003798B1 (en) | Systems and methods for enforcing age-based application constraints | |
US10803167B1 (en) | Systems and methods for executing application launchers | |
JP2019532405A (en) | System and method for detecting malicious processes on computing devices | |
CN105205412B (en) | Interprocess communication hold-up interception method and device | |
CN107066872A (en) | Plug-in right control method and device, plug-in system | |
US10719456B2 (en) | Method and apparatus for accessing private data in physical memory of electronic device | |
CN113486413A (en) | Anti-screenshot processing method, computing device and readable storage medium | |
US10817600B2 (en) | Protecting stack memory in computer systems | |
CN112464182A (en) | Safety management and control method, device, medium and equipment for mobile equipment management | |
CN108985096B (en) | Security enhancement and security operation method and device for Android SQLite database |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160831 |
|
WD01 | Invention patent application deemed withdrawn after publication |