CN116244752A - File management method based on FPGA - Google Patents

File management method based on FPGA Download PDF

Info

Publication number
CN116244752A
CN116244752A CN202310507233.XA CN202310507233A CN116244752A CN 116244752 A CN116244752 A CN 116244752A CN 202310507233 A CN202310507233 A CN 202310507233A CN 116244752 A CN116244752 A CN 116244752A
Authority
CN
China
Prior art keywords
visitor
fpga
file
memory
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310507233.XA
Other languages
Chinese (zh)
Inventor
黄晓杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Dahe Intelligent Technology Co ltd
Original Assignee
Xi'an Dahe Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Dahe Intelligent Technology Co ltd filed Critical Xi'an Dahe Intelligent Technology Co ltd
Priority to CN202310507233.XA priority Critical patent/CN116244752A/en
Publication of CN116244752A publication Critical patent/CN116244752A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/172Caching, prefetching or hoarding of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/76Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file management method based on an FPGA, which relates to the technical field of file management, and comprises the following steps: setting a memory in an FPGA through file storage requirements, establishing a file checking permission mechanism for the memory, enabling a visitor to enter the memory for reading, writing, storing or transmitting files after the visitor needs to pass the file checking permission mechanism, sending out an alarm signal by a file management system and locking a computer if the visitor does not pass the file checking permission mechanism for more than a certain number of times, enabling a supervisor to carry out real-person verification on the visitor through a computer camera when receiving the alarm signal, enabling the supervisor to send out an alarm to the visitor if the visitor enters the memory for reading, writing, storing or transmitting files if the visitor passes the verification, and enabling the supervisor to send out an alarm if the visitor does not pass the verification. The invention not only ensures the safety of the storage files of the internal memory of the FPGA, but also does not need the supervision of a supervisor in real time, thereby reducing the labor cost.

Description

File management method based on FPGA
Technical Field
The invention relates to the technical field of file management, in particular to a file management method based on an FPGA.
Background
A file management system is a piece of software used to organize, store, find and access computer files, which is a core component in a computer operating system to manage all files and directories stored on a computer, and is one of the most common tools used by computer users, almost every computer user needs to use the file management system to manage their files and folders.
The prior art has the following defects:
in different enterprises, some confidential files or business secret files usually exist, a file management system set by the enterprises usually realizes the safe management of the confidential files or business secret files by setting a startup password and setting a supervisor, however, the startup password is easy to obtain, after a visitor obtains the startup password, the file management system has no other verification mode on a memory, thus the file is easy to be leaked, and in addition, the cost of file management is increased and the workload of the supervisor is increased by the mode of real-time supervision of the supervisor;
in view of this, the present invention proposes a file management method based on FPGA, which is used to solve the above-mentioned problems by setting a verification mechanism for a memory separately after setting the memory in the FPGA.
Disclosure of Invention
The invention aims to provide a file management method based on an FPGA, which aims to solve the defects in the background technology.
In order to achieve the above object, the present invention provides the following technical solutions: a file management method based on an FPGA, the management method comprising the steps of:
s1: setting a memory in the FPGA according to file storage requirements, and generating the FPGA memory for storing and managing file data;
s2: establishing a file checking and permitting mechanism for the FPGA memory, and allowing a visitor to enter the FPGA memory to read, write, store or transmit files after being verified by the file checking and permitting mechanism;
s3: when the file is transmitted, the file in the FPGA memory is transmitted to external equipment through a data transmission interface;
s4: if the visitor does not pass the verification of the file checking permission mechanism for more than a certain number of times, the file management system sends out an alarm signal and locks the computer;
s5: when the supervisor receives the warning signal, the supervisor carries out real-person verification on the visitor through the computer camera, if the verification is passed, the visitor enters the FPGA memory to read, write, store or transmit files, and if the verification is not passed, the supervisor gives out a warning and alarms to the visitor.
In a preferred embodiment, in step S2, establishing a file view permission mechanism for the FPGA memory includes the steps of:
s2.1: when a visitor enters an FPGA memory through a computer, a file management system acquires a plurality of parameters of the current running environment;
s2.2: the multiple parameters comprise operation parameters and network parameters, wherein the operation parameters comprise the input time of a starting password of a visitor and the abnormal times of the safety software for detecting the external equipment of the visitor, and the network parameters comprise the abnormal attack frequency of the computer network.
In a preferred embodiment, in step S2, establishing a file view permission mechanism for the FPGA memory further comprises the steps of:
s2.3: calculating verification coefficients by using a formula according to the input time of the starting password of the visitor, the abnormal times of the security software for detecting the external equipment of the visitor and the abnormal attack frequency of the computer network, wherein the expression is as follows:
Figure SMS_1
in the method, in the process of the invention,
Figure SMS_4
for verifying the coefficient +.>
Figure SMS_6
Is an error correction coefficient, and->
Figure SMS_8
The value is 2.553%>
Figure SMS_3
Inputting time length for starting up password for visitor, +.>
Figure SMS_5
Detecting abnormality number of visitor external device for security software, < >>
Figure SMS_7
For the frequency of computer network anomaly attacks, +.>
Figure SMS_9
The method comprises the steps of respectively inputting time length of a starting password of a visitor, detecting abnormal times of external equipment of the visitor and proportionality coefficient of abnormal attack frequency of a computer network by security software, and +.>
Figure SMS_2
S2.4: obtaining verification coefficients
Figure SMS_10
After that, verify coefficient->
Figure SMS_11
And verification threshold->
Figure SMS_12
And comparing, and completing the establishment of a file viewing permission mechanism.
In a preferred embodiment, the computer network anomaly attack frequency
Figure SMS_13
: wherein i is a computer network abnormal attack class number library, and i= {1, 2, 3, & gt, n }, n is a positive integer greater than 0, ">
Figure SMS_14
For the total number of computer network abnormal attack times, +.>
Figure SMS_15
The running time after the password is correctly input for the computer.
In a preferred embodiment, the network anomaly attacks include malware attacks, phishing attacks, and network intrusion attacks, n=3, updated metricsComputer network anomaly attack frequency
Figure SMS_16
The expression is:
Figure SMS_17
in the method, in the process of the invention,
Figure SMS_18
for the sum of malware attacks, +.>
Figure SMS_19
For the sum of phishing attacks->
Figure SMS_20
For the total number of network intrusion attacks, < >>
Figure SMS_21
The running time after the password is correctly input to the computer is in minutes.
In a preferred embodiment, the visitor is powered on for a password entry duration
Figure SMS_22
Acquiring through a computer log; the security software detects the abnormality number +.>
Figure SMS_23
And (5) online monitoring and obtaining through computer security software.
In a preferred embodiment, the document viewing permissions mechanism verifies the visitor comprising the steps of:
if verify the coefficient
Figure SMS_24
Verification threshold->
Figure SMS_25
The file management system determines that the visitor is authenticated by the file viewing permission mechanism, and the visitor can access the FPGA memoryThe files of the part are read, written, stored or transmitted;
if verify the coefficient
Figure SMS_26
Verification threshold->
Figure SMS_27
The file management system automatically refreshes the computer and then performs verification again, when the verification coefficient +.>
Figure SMS_28
Verification threshold->
Figure SMS_29
When the file management system judges that the visitor fails to pass the verification of the file checking permission mechanism, the file management system sends out an alarm signal and locks the computer. />
In a preferred embodiment, in step S1, setting the FPGA memory in the FPGA according to the file storage requirement includes the following steps:
s1.1: determining capacity requirements, access speed requirements and power consumption requirements of file storage;
s1.2: selecting a memory type according to the file storage requirement and the limitation of FPGA hardware resources;
s1.3: designing a memory interface circuit according to the limitation of the memory type and the FPGA hardware resource;
s1.4: according to the capacity of the memory and the requirements of the interface circuit, the layout and wiring of the FPGA memory are carried out on the FPGA chip;
s1.5: the FPGA memory is integrated into the management system to store and read files.
In the technical scheme, the invention has the technical effects and advantages that:
1. according to the invention, a memory is arranged in the FPGA through file storage requirements, a file checking permission mechanism is established for the FPGA memory, a visitor needs to enter the FPGA memory for reading, writing, storing or transmitting files after being verified through the file checking permission mechanism, if the visitor does not pass the file checking permission mechanism for verification for more than a certain number of times, a file management system sends out a warning signal and locks a computer, when a supervisor receives the warning signal, the visitor is subjected to real-time verification through a computer camera, if the visitor passes the verification, the visitor enters the FPGA memory for reading, writing, storing or transmitting the files, and if the visitor does not pass the verification, the supervisor sends out a warning and an alarm to the visitor, so that the safety of the stored files of the FPGA memory in the FPGA is ensured, and the supervisor does not need to supervise in real time, thereby reducing the labor cost;
2. according to the method, the verification coefficient is calculated through a formula by inputting the starting password of the visitor, detecting the abnormal times of the external equipment of the visitor and the abnormal attack frequency of the computer network by the safety software, the data is comprehensively processed, the processing efficiency of the data is effectively improved, the visitor is authenticated again before entering the FPGA memory, and the safe storage of the internal files of the FPGA memory is further ensured.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of the method of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, the file management method based on the FPGA according to the embodiment includes the following steps:
setting an FPGA memory in the FPGA according to file storage requirements, wherein the file storage requirements comprise capacity requirements, access speed requirements and power consumption requirements, the set FPGA memory comprises ROM, RAM, flash, the FPGA memory is used for storing and managing file data, a file checking permission mechanism is established for the FPGA memory, a visitor needs to enter the FPGA memory for reading, writing, storing or transmitting files after verification through the file checking permission mechanism, when the files are transmitted, the files in the FPGA are transmitted to external equipment through a data transmission interface, the external equipment comprises a PC, an SD card and a U disk, if the visitor does not pass the file checking permission mechanism for verification for more than a certain number of times, a file management system sends out a warning signal and locks a computer, when a supervisor receives the warning signal, the supervisor performs real-person verification on the visitor through a computer camera, if the verification passes the verification, the visitor enters the FPGA memory for reading, storing or transmitting the files, and if the verification fails, the supervisor sends warning and alarms to the visitor;
according to the method, the FPGA memory is arranged in the FPGA through file storage requirements, a file checking permission mechanism is built for the FPGA memory, a visitor needs to enter the FPGA memory for reading, writing, storing or transmitting files after being verified through the file checking permission mechanism, if the visitor does not pass through the file checking permission mechanism for verification for more than a certain number of times, the file management system sends out warning signals and locks the computer, when receiving the warning signals, a supervisor performs real-time verification on the visitor through the computer camera, if the visitor passes through the verification, the visitor enters the FPGA memory for reading, writing, storing or transmitting the files, if the visitor does not pass through the verification, the supervisor sends out warning and alarming to the visitor, so that the safety of the FPGA memory for storing the files in the FPGA is guaranteed, and the supervisor does not need to supervise in real time, so that labor cost is reduced.
In this embodiment, a memory is set in the FPGA according to a file storage requirement, where the file storage requirement includes a capacity requirement, an access speed requirement, and a power consumption requirement, and the method includes the following steps:
A. determining file storage requirements: firstly, determining capacity requirement, access speed requirement and power consumption requirement of file storage, which are the basis for designing an FPGA memory;
B. selecting an appropriate memory type: selecting an appropriate memory type, such as BRAM, DDR, SDRAM, and the like, according to file storage requirements and limitation of FPGA hardware resources;
C. designing a memory interface: according to the limitation of the memory type and FPGA hardware resources, an FPGA memory interface circuit is designed, and comprises an address line, a data line, a read-write control signal and the like;
D. layout and wiring of the FPGA memory are carried out: according to the capacity of the FPGA memory and the requirements of the interface circuit, the layout and the wiring of the FPGA memory are carried out on an FPGA chip;
E. performing FPGA memory test: performing FPGA memory tests on an FPGA development board, including read-write tests and stability tests, so as to ensure that the reliability and performance of the FPGA memory meet the requirements;
F. and (3) performing power consumption optimization: according to the power consumption requirement and the actual power consumption condition of the FPGA memory, performing power consumption optimization, including power management, circuit design optimization and the like;
G. integrated into the system: and integrating the FPGA memory into a system, and performing software development and debugging according to actual requirements to realize file storage and reading functions.
During file transmission, the file in the FPGA is transmitted to the external equipment through the data transmission interface, and the method comprises the following steps of:
A. determining the type of a data transmission interface: selecting a proper data transmission interface type, such as USB, ethernet, SPI, according to the interface type of the external device and the hardware resource of the FPGA;
B. designing a data transmission interface circuit: according to the type of the data transmission interface, an interface circuit is designed, including a transmission protocol, a data format, a signal level and the like;
C. layout and wiring of interface circuits are performed: according to the requirements of the interface circuit, carrying out layout and wiring, and realizing a data transmission interface on the FPGA chip;
D. realize the file transfer function: according to the requirements of a data transmission interface and the receiving capability of external equipment, the file transmission function is realized, including the packaging and unpacking of files, the realization of a transmission protocol and the like;
E. and (3) carrying out transmission performance test: in practical application, transmission performance tests are carried out, including tests on transmission speed, stability and the like, so that the reliability and performance of data transmission are ensured to meet the requirements;
F. and (3) performing power consumption optimization: and carrying out power consumption optimization according to the power consumption requirement and actual conditions, including power management, circuit design optimization and the like.
When the supervisor receives the warning signal, the supervisor carries out real-person verification on the visitor through the computer camera, if the verification is passed, the visitor enters the FPGA memory to read, write, store or transmit files, and if the verification is not passed, the supervisor gives out a warning to the visitor and gives an alarm, and the method comprises the following steps:
A. the computer camera carries out face recognition: the computer camera performs real-person verification by using a face recognition technology, and the camera automatically recognizes and collects facial features;
B. feature matching and recognition: after the facial features of the visitor are collected, the computer needs to perform feature matching and recognition, and the process comprises the steps of matching the collected facial features with the pre-stored facial features and recognizing the identity of the visitor;
C. visitor identity verification: after face recognition, the computer needs to verify the identity of the visitor, and the process comprises the steps of comparing the facial features of the visitor with the identity information in the FPGA memory to judge whether the visitor has access rights;
D. access authorization: if the visitor passes the authentication, the supervisor authorizes the visitor to access the FPGA memory to read, write, store or transmit files;
E. warning and alarm: if the visitor identity verification is not passed, the supervisor needs to give a warning to the visitor, ask the visitor to leave the FPGA memory entrance, and if the visitor does not hear the warning, the supervisor needs to give an alarm to the upper level to ensure the safety of the FPGA memory.
Example 2
In the above embodiment 1, a file viewing permission mechanism is established for the FPGA memory, and a visitor needs to enter the FPGA memory to read, write, store or transmit a file after verifying through the file viewing permission mechanism.
Wherein:
establishing a file view permission mechanism for the FPGA memory comprises the following steps:
when a visitor enters an FPGA memory through a computer, a file management system acquires a plurality of parameters of a current running environment, wherein the plurality of parameters comprise operation parameters and network parameters, the operation parameters comprise the input time of a startup password of the visitor and the abnormal times of the safety software for detecting the external equipment of the visitor, and the network parameters comprise the abnormal attack frequency of a computer network;
calculating verification coefficients by using a formula according to the input time of the starting password of the visitor, the abnormal times of the security software for detecting the external equipment of the visitor and the abnormal attack frequency of the computer network, wherein the expression is as follows:
Figure SMS_30
in the method, in the process of the invention,
Figure SMS_33
for verifying the coefficient +.>
Figure SMS_35
Is an error correction coefficient, and->
Figure SMS_37
The value is 2.553%>
Figure SMS_31
Inputting time length for starting up password for visitor, +.>
Figure SMS_34
Detecting abnormality number of visitor external device for security software, < >>
Figure SMS_36
For the frequency of computer network anomaly attacks, +.>
Figure SMS_38
The method comprises the steps of respectively inputting time length for starting up a password of a visitor and detecting abnormal times of external equipment of the visitor by safety softwareAnd the scaling factor of the abnormal attack frequency of the computer network, and +.>
Figure SMS_32
。/>
Computer network anomaly attack frequency
Figure SMS_39
: wherein i is a computer network abnormal attack class number library, and i= {1, 2, 3, & gt, n }, n is a positive integer greater than 0, ">
Figure SMS_40
For the total number of computer network abnormal attack times, +.>
Figure SMS_41
The running time after the password is correctly input for the computer.
Because of the diversity of network attacks in the network, the network attacks comprise distributed denial of service attacks, malicious software attacks, phishing attacks, network intrusion attacks, hacking attacks and the like, and the subsequent reply to the attack mode is facilitated by classifying different attack modes;
specifically, if the computer runs after the password is correctly input, the network is mainly attacked by malware, phishing and network intrusion, n=3, and the updated abnormal attack frequency of the computer network is the same as that of the network
Figure SMS_42
The expression is:
Figure SMS_43
in the method, in the process of the invention,
Figure SMS_44
for the sum of malware attacks, +.>
Figure SMS_45
For the sum of phishing attacks->
Figure SMS_46
For the total number of network intrusion attacks, < >>
Figure SMS_47
The running time after the password is correctly input to the computer is in minutes.
Visitor startup password input duration
Figure SMS_48
Acquiring through a computer log;
security software detects abnormality times of visitor external equipment
Figure SMS_49
And (5) online monitoring and obtaining through computer security software.
Obtaining verification coefficients
Figure SMS_50
After that, verify coefficient->
Figure SMS_51
And verification threshold->
Figure SMS_52
Comparing, and completing establishment of a file viewing permission mechanism;
the visitor needs to enter the FPGA memory to read, write, store or transmit the file after being verified by the file checking permission mechanism, specifically:
if verify the coefficient
Figure SMS_53
Verification threshold->
Figure SMS_54
The file management system judges that a visitor is verified through a file checking permission mechanism, and the visitor can read, write, store or transmit files in the FPGA memory at the moment;
if verify the coefficient
Figure SMS_55
Verification threshold->
Figure SMS_56
The file management system automatically refreshes the computer and then performs verification again, when the verification coefficient +.>
Figure SMS_57
Verification threshold->
Figure SMS_58
When the file management system judges that the visitor fails to pass the verification of the file checking permission mechanism, the file management system sends out an alarm signal and locks the computer.
According to the method and the device, the verification coefficient is calculated through a formula by inputting the starting password of the visitor, detecting the abnormal times of the external equipment of the visitor and the abnormal attack frequency of the computer network through the safety software, the data is comprehensively processed, the processing efficiency of the data is effectively improved, the visitor is authenticated again before entering the FPGA memory, and the safe storage of the internal files of the FPGA memory is further ensured.
Example 3
Referring to fig. 1, the file management system based on the FPGA according to the present embodiment includes an FPGA storage module, a verification module, a transmission module, a control module, and a secondary verification module;
and the FPGA storage module is as follows: after a designer sets an FPGA memory in an FPGA according to file storage requirements, generating an FPGA memory module, wherein the file storage requirements comprise capacity requirements, access speed requirements and power consumption requirements, the set FPGA memory comprises ROM, RAM, flash, and the FPGA memory module is used for storing and managing file data;
and (3) a verification module: the method comprises the steps that a file checking and permitting mechanism is established for an FPGA memory, and a visitor enters the FPGA memory to read, write, store or transmit files after being verified by the file checking and permitting mechanism;
and a transmission module: when the file is transmitted, the file in the FPGA is transmitted to external equipment through a transmission module, and the external equipment comprises a PC (personal computer), an SD (secure digital) card and a U disk;
and the control module is used for: if the visitor does not pass the verification of the file checking permission mechanism for more than a certain number of times, the file management system sends out an alarm signal and locks the computer;
and a secondary verification module: when the supervisor receives the warning signal, the supervisor performs real-person verification on the visitor through the secondary verification module, if the verification is passed, the visitor enters the FPGA memory to read, write, store or transmit files, and if the verification is not passed, the supervisor gives out a warning and alarms to the visitor.
The verification module calculates a verification coefficient by using a formula according to the input time of the starting password of the visitor, the abnormal times of the safety software for detecting the external equipment of the visitor and the abnormal attack frequency of the computer network, wherein the expression is as follows:
Figure SMS_59
in the method, in the process of the invention,
Figure SMS_62
for verifying the coefficient +.>
Figure SMS_64
Is an error correction coefficient, and->
Figure SMS_66
The value is 2.553%>
Figure SMS_60
Inputting time length for starting up password for visitor, +.>
Figure SMS_63
Detecting abnormality number of visitor external device for security software, < >>
Figure SMS_65
For the frequency of computer network anomaly attacks, +.>
Figure SMS_67
The method comprises the steps of respectively inputting time length of a starting password of a visitor, detecting abnormal times of external equipment of the visitor and proportionality coefficient of abnormal attack frequency of a computer network by security software, and +.>
Figure SMS_61
Computer network anomaly attack frequency
Figure SMS_68
: wherein i is a computer network abnormal attack class number library, and i= {1, 2, 3, & gt, n }, n is a positive integer greater than 0, ">
Figure SMS_69
For the total number of computer network abnormal attack times, +.>
Figure SMS_70
The running time after the password is correctly input for the computer.
Because of the diversity of network attacks in the network, the network attacks comprise distributed denial of service attacks, malicious software attacks, phishing attacks, network intrusion attacks, hacking attacks and the like, and the subsequent reply to the attack mode is facilitated by classifying different attack modes;
specifically, if the computer runs after the password is correctly input, the network is mainly attacked by malware, phishing and network intrusion, n=3, and the updated abnormal attack frequency of the computer network is the same as that of the network
Figure SMS_71
The expression is:
Figure SMS_72
in the method, in the process of the invention,
Figure SMS_73
for the sum of malware attacks, +.>
Figure SMS_74
For the sum of phishing attacks->
Figure SMS_75
For the total number of network intrusion attacks, < >>
Figure SMS_76
The running time after the password is correctly input to the computer is in minutes. />
Visitor startup password input duration
Figure SMS_77
Acquiring through a computer log;
security software detects abnormality times of visitor external equipment
Figure SMS_78
And (5) online monitoring and obtaining through computer security software.
Obtaining verification coefficients
Figure SMS_79
After that, verify coefficient->
Figure SMS_80
And verification threshold->
Figure SMS_81
Comparing, and completing establishment of a file viewing permission mechanism;
the visitor needs to enter the FPGA memory to read, write, store or transmit the file after being verified by the file checking permission mechanism, specifically:
if verify the coefficient
Figure SMS_82
Verification threshold->
Figure SMS_83
The file management system judges that a visitor is verified through a file checking permission mechanism, and the visitor can read, write, store or transmit files in the FPGA memory at the moment;
if verify the coefficient
Figure SMS_84
Verification threshold->
Figure SMS_85
The file management system automatically refreshes the computer and then performs verification again, when the verification coefficient +.>
Figure SMS_86
Verification threshold->
Figure SMS_87
When the file management system judges that the visitor fails to pass the verification of the file checking permission mechanism, the file management system sends out an alarm signal and locks the computer.
According to the method and the device, the verification coefficient is calculated through a formula by inputting the starting password of the visitor, detecting the abnormal times of the external equipment of the visitor and the abnormal attack frequency of the computer network through the safety software, the data is comprehensively processed, the processing efficiency of the data is effectively improved, the visitor is authenticated again before entering the FPGA memory, and the safe storage of the internal files of the FPGA memory is further ensured.
The above formulas are all formulas with dimensions removed and numerical values calculated, the formulas are formulas with a large amount of data collected for software simulation to obtain the latest real situation, and preset parameters in the formulas are set by those skilled in the art according to the actual situation.
The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any other combination. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. When the computer instructions or computer program are loaded or executed on a computer, the processes or functions described in accordance with the embodiments of the present application are all or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center by wired or wireless means (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more sets of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: there are three cases, a alone, a and B together, and B alone, wherein a, B may be singular or plural. In addition, the character "/" herein generally indicates that the associated object is an "or" relationship, but may also indicate an "and/or" relationship, and may be understood by referring to the context.
In the present application, "at least one" means one or more, and "a plurality" means two or more. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
It should be understood that, in various embodiments of the present application, the sequence numbers of the foregoing processes do not mean the order of execution, and the order of execution of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, and are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes and substitutions are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (8)

1. A file management method based on FPGA is characterized in that: the management method comprises the following steps:
s1: setting a memory in the FPGA according to file storage requirements, and generating the FPGA memory for storing and managing file data;
s2: establishing a file checking and permitting mechanism for the FPGA memory, and allowing a visitor to enter the FPGA memory to read, write, store or transmit files after being verified by the file checking and permitting mechanism;
s3: when the file is transmitted, the file in the FPGA memory is transmitted to external equipment through a data transmission interface;
s4: if the visitor does not pass the verification of the file checking permission mechanism for more than a certain number of times, the file management system sends out an alarm signal and locks the computer;
s5: when the supervisor receives the warning signal, the supervisor carries out real-person verification on the visitor through the computer camera, if the verification is passed, the visitor enters the FPGA memory to read, write, store or transmit files, and if the verification is not passed, the supervisor gives out a warning and alarms to the visitor.
2. The method for managing files based on the FPGA according to claim 1, wherein: in step S2, establishing a file view permission mechanism for the FPGA memory includes the following steps:
s2.1: when a visitor enters an FPGA memory through a computer, a file management system acquires a plurality of parameters of the current running environment;
s2.2: the multiple parameters comprise operation parameters and network parameters, wherein the operation parameters comprise the input time of a starting password of a visitor and the abnormal times of the safety software for detecting the external equipment of the visitor, and the network parameters comprise the abnormal attack frequency of the computer network.
3. The method for managing files based on the FPGA according to claim 2, wherein: in step S2, establishing a file view permission mechanism for the FPGA memory further includes the following steps:
s2.3: calculating verification coefficients by using a formula according to the input time of the starting password of the visitor, the abnormal times of the security software for detecting the external equipment of the visitor and the abnormal attack frequency of the computer network, wherein the expression is as follows:
Figure QLYQS_1
in the method, in the process of the invention,
Figure QLYQS_3
for verifying the coefficient +.>
Figure QLYQS_5
Is an error correction coefficient, and->
Figure QLYQS_7
The value is 2.553%>
Figure QLYQS_4
Inputting time length for starting up password for visitor, +.>
Figure QLYQS_6
Detecting abnormality number of visitor external device for security software, < >>
Figure QLYQS_8
For the frequency of computer network anomaly attacks, +.>
Figure QLYQS_9
The method comprises the steps of respectively inputting time length of a starting password of a visitor, detecting abnormal times of external equipment of the visitor and proportionality coefficient of abnormal attack frequency of a computer network by security software, and +.>
Figure QLYQS_2
S2.4: obtaining verification coefficients
Figure QLYQS_10
After that, verify coefficient->
Figure QLYQS_11
And verification threshold->
Figure QLYQS_12
And comparing, and completing the establishment of a file viewing permission mechanism.
4. A method for FPGA-based file management according to claim 3, wherein: the abnormal attack frequency of the computer network
Figure QLYQS_13
I is a computer network anomaly attack class number library, and i= {1, 2, 3,..and n }, n is a positive integer greater than 0, ">
Figure QLYQS_14
For the total number of computer network abnormal attack times, +.>
Figure QLYQS_15
The running time after the password is correctly input for the computer.
5. The method for managing files based on the FPGA according to claim 4, wherein: the network anomaly attack comprises a malicious software attack, a phishing attack and a network intrusion attack, wherein n=3, and the updated computer network anomaly attack frequency
Figure QLYQS_16
The expression is: />
Figure QLYQS_17
In the method, in the process of the invention,
Figure QLYQS_18
for the sum of malware attacks, +.>
Figure QLYQS_19
For the sum of phishing attacks->
Figure QLYQS_20
For the total number of network intrusion attacks, < >>
Figure QLYQS_21
The running time after the password is correctly input to the computer is in minutes.
6. The method for managing files based on the FPGA according to claim 5, wherein: the visitor startup password input time length
Figure QLYQS_22
Acquiring through a computer log; the security software detects the abnormality number +.>
Figure QLYQS_23
And (5) online monitoring and obtaining through computer security software.
7. The method for managing files based on the FPGA according to claim 6, wherein: the file view permission mechanism verifies the visitor comprising the steps of:
if verify the coefficient
Figure QLYQS_24
Verification threshold->
Figure QLYQS_25
The file management system judges that a visitor is verified through a file checking permission mechanism, and the visitor can read, write, store or transmit files in the FPGA memory at the moment;
if verify the coefficient
Figure QLYQS_26
Verification threshold->
Figure QLYQS_27
The file management system automatically refreshes the computer and then performs verification again, when the verification coefficient +.>
Figure QLYQS_28
Verification threshold->
Figure QLYQS_29
When the file management system judges that the visitor fails to pass the verification of the file checking permission mechanism, the file management system sends out an alarm signal and locks the computer.
8. An FPGA-based file management method according to any one of claims 1-7, wherein: in step S1, setting a memory in the FPGA according to the file storage requirement includes the following steps:
s1.1: determining capacity requirements, access speed requirements and power consumption requirements of file storage;
s1.2: selecting a memory type according to the file storage requirement and the limitation of FPGA hardware resources;
s1.3: designing a memory interface circuit according to the limitation of the memory type and the FPGA hardware resource;
s1.4: according to the capacity of the memory and the requirements of the interface circuit, the layout and wiring of the FPGA memory are carried out on the FPGA chip;
s1.5: the FPGA memory is integrated into the management system to store and read files.
CN202310507233.XA 2023-05-08 2023-05-08 File management method based on FPGA Pending CN116244752A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310507233.XA CN116244752A (en) 2023-05-08 2023-05-08 File management method based on FPGA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310507233.XA CN116244752A (en) 2023-05-08 2023-05-08 File management method based on FPGA

Publications (1)

Publication Number Publication Date
CN116244752A true CN116244752A (en) 2023-06-09

Family

ID=86624584

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310507233.XA Pending CN116244752A (en) 2023-05-08 2023-05-08 File management method based on FPGA

Country Status (1)

Country Link
CN (1) CN116244752A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010044823A (en) * 2001-03-29 2001-06-05 이종우 Method and System for Protecting Data Requiring User's Authentication at Computer
CN104580344A (en) * 2013-10-10 2015-04-29 国际商业机器公司 method and system for generating resource access control desition
CN110084011A (en) * 2019-05-08 2019-08-02 北京芯盾时代科技有限公司 A kind of method and device of the verifying of user's operation
CN112202773A (en) * 2020-09-29 2021-01-08 安徽斯跑特科技有限公司 Computer network information security monitoring and protection system based on internet
CN113536258A (en) * 2021-07-29 2021-10-22 中国建设银行股份有限公司 Terminal access control method and device, storage medium and electronic equipment
CN114900369A (en) * 2022-06-02 2022-08-12 深圳日晨物联科技有限公司 Chip access security supervision system based on Internet of things
CN115935415A (en) * 2022-12-05 2023-04-07 万申科技股份有限公司 Data safety early warning system based on industrial internet multi-factor perception
CN116032540A (en) * 2022-12-05 2023-04-28 杭州思律舟到科技有限公司 Network security management method and system based on data processing

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010044823A (en) * 2001-03-29 2001-06-05 이종우 Method and System for Protecting Data Requiring User's Authentication at Computer
CN104580344A (en) * 2013-10-10 2015-04-29 国际商业机器公司 method and system for generating resource access control desition
CN110084011A (en) * 2019-05-08 2019-08-02 北京芯盾时代科技有限公司 A kind of method and device of the verifying of user's operation
CN112202773A (en) * 2020-09-29 2021-01-08 安徽斯跑特科技有限公司 Computer network information security monitoring and protection system based on internet
CN113536258A (en) * 2021-07-29 2021-10-22 中国建设银行股份有限公司 Terminal access control method and device, storage medium and electronic equipment
CN114900369A (en) * 2022-06-02 2022-08-12 深圳日晨物联科技有限公司 Chip access security supervision system based on Internet of things
CN115935415A (en) * 2022-12-05 2023-04-07 万申科技股份有限公司 Data safety early warning system based on industrial internet multi-factor perception
CN116032540A (en) * 2022-12-05 2023-04-28 杭州思律舟到科技有限公司 Network security management method and system based on data processing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘向东;: "数据库***身份证明安全方法应用研究", 数字技术与应用, no. 03 *

Similar Documents

Publication Publication Date Title
EP3029593B1 (en) System and method of limiting the operation of trusted applications in the presence of suspicious programs
Parno Bootstrapping Trust in a" Trusted" Platform.
CN103905451B (en) System and method for trapping network attack of embedded device of smart power grid
Tedeschi et al. Secure IoT devices for the maintenance of machine tools
RU2680736C1 (en) Malware files in network traffic detection server and method
US10073980B1 (en) System for assuring security of sensitive data on a host
CN113660224B (en) Situation awareness defense method, device and system based on network vulnerability scanning
US20160246957A1 (en) Method and Apparatus for Controlling Debug Port of Terminal Device
CN104903911B (en) One-time programmable integrated circuit security
CN110268406B (en) Password security
RU2634174C1 (en) System and method of bank transaction execution
CN102289622A (en) Trusted startup method based on authentication policy file and hardware information collection
CN108234506B (en) Unidirectional isolation network gate and data transmission method
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
CN110768947B (en) Penetration test password sending method and device, storage medium and electronic device
CN112434270B (en) Method and system for enhancing data security of computer system
CN113660268A (en) Login authorization management method, system, device and medium
CN107277040A (en) A kind of method for carrying out terminal Access Control in Intranet
CN104361298A (en) Method and device for information safety and confidentiality
CN107273725A (en) A kind of data back up method and system for classified information
CN116244752A (en) File management method based on FPGA
CN113132310A (en) Safe access method and system for power distribution terminal and power distribution master station
CN114257404B (en) Abnormal external connection statistical alarm method, device, computer equipment and storage medium
CN115883170A (en) Network flow data monitoring and analyzing method and device, electronic equipment and storage medium
KR101659226B1 (en) Method and system for remote biometric verification using fully homomorphic encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20230609

RJ01 Rejection of invention patent application after publication