CN1266228A - Dynamic monitoring and controlling method for files system - Google Patents
Dynamic monitoring and controlling method for files system Download PDFInfo
- Publication number
- CN1266228A CN1266228A CN 99102482 CN99102482A CN1266228A CN 1266228 A CN1266228 A CN 1266228A CN 99102482 CN99102482 CN 99102482 CN 99102482 A CN99102482 A CN 99102482A CN 1266228 A CN1266228 A CN 1266228A
- Authority
- CN
- China
- Prior art keywords
- monitoring
- file
- file system
- controlling method
- condition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The dynamic monitoring method of file system includes the following steps: A). analyzing file type; B). utilizing related dyanmic chained library to make detection of monitoring condition, if it meets requirements of user, the next step can be implemented, if it hasno need of monitoring, the step G can be implemented; C).making related treatment; D). automatically inquiring that it has need of monitoring or not, if it has need of monitoring, the next step can be implemented, if it has no need of monitoring, the step H can be implemented; E). recording application program related information, then making next step; F). changing program into preparatory stage; G). if the condition tested result is not met the detection condition reqired by user, the monitoring can be given up, and next step can be implemented and H). calling next hook-connected function.
Description
The present invention relates to a kind of dynamic monitoring and controlling method of file system.
At present, in order to realize that file system is dynamically monitored, analyze the operation of user to file system, so that the system failure that reduces to greatest extent even avoid user misoperation to cause, the common instrument that adopts, Cybermedia Uninstaller for example, Norton Uninstall, Clean Sweep and Magic Folder (to encrypted directory) etc., the common ground of the technology that monitoring is adopted is: before installation and after installing system is carried out snapshot (snapshot) respectively and handle, the state that register system is current, compare then, after finding difference, produce record report, its shortcoming is:
1. with the whole records of current all systems, without analyse and accept or reject, such as the user has carried out the operation of the other types beyond the policer operation during this period, its operating process also can be got off by above-mentioned tool records, so, both waste the time, wasted a large amount of system resources again;
2. prior art compare operation record statically just, by the processing of mode such as compare of the difference of forward and backward twice snapshot of policer operation relatively, therefore operation does not possess instantaneity, and the running time is long, misregister, even system had side effects.
The object of the present invention is to provide a kind of dynamic monitoring and controlling method of file system, it can be dynamically, immediately file system is carried out policer operation, and speed is fast, and takies system resource seldom.
Another object of the present invention is to provide a kind of dynamic monitoring and controlling method of file system, its monitoring at file system provides the filter interface of a standard, and the user can realize the orientation of file system monitoring function is expanded by public interface.
The object of the present invention is achieved like this, and a kind of dynamic monitoring and controlling method of file system promptly is provided, and comprises the following steps: (i) file request according to application program, calls corresponding filtrator, file carried out monitoring condition detect; (ii) whether inquiry needs to monitor automatically, if the customer requirements monitoring then proceeds to next step, otherwise proceeds to step (vi); (iii) write down the relevant information of this application program; (iv) next program transfers the preparatory stage to, the next application program of preparation monitoring; If (v) the result of condition detection does not meet the testing conditions of user's request, then abandons monitoring, and proceeds to step (vi); And (vi) call next clasp joint function.
The present invention also provides a kind of dynamic monitoring and controlling method of file system, comprise the following steps: after some application programs are sent file operation requests, operating system nucleus in storer is docked with the supervisory routine of installable file system with it, call first documentor by its inner chained list then, file is monitored, spread all over whole chained list then successively, to finish the monitor service of application programs.
The extremely wonderful monitoring performance that utilization of the present invention provided, have only when the user relates to predefined responsive place (sensitive) to the operation of file system, just can start this monitoring processing procedure, and handled file request will take is that system assignment is given in order to produce the resource of this requestor, need not the extra resource of system assignment, therefore less for taking of system resource, its operation is also simple, only is identification and judgement and relevant treatment to user's operation.
Below in conjunction with accompanying drawing, describe embodiments of the invention in detail, wherein:
Fig. 1 is the functional block diagram of the dynamic monitoring of file system of the present invention;
Fig. 2 is the process flow diagram of the filtrator of the dynamic monitoring of file system of the present invention;
Fig. 3 is the process flow diagram of the dynamic monitoring of file system of the present invention;
Fig. 4 is the process flow diagram of the SFP of the dynamic monitoring of file system of the present invention;
The process flow diagram that Fig. 5 differentiates for the monitoring condition of the dynamic monitoring of file system of the present invention.
Application program 5a, 5b, 5c; Operating system OS kernel 10; The management system 11 of installable file system; Watchdog routine 12; Filter interface 14; Filtrator 18; System's file 16 decided at the higher level but not officially announced.
See also Fig. 1, it illustrates functional module of the present invention (module) figure, wherein, comprises in order to the module of the dynamic monitoring and controlling method of realizing file system of the present invention: operation OS kernel 10, watchdog routine 12 and filter interface 14.When the some application programs among several application programs (APP) 5a, 5b, the 5c produce a file request, the management system 11 (Installable File System Manager) of the installable file system of kernel (kernel) the meeting call operation internal system of operating system (OS) is finished service by this management system to file request then.But the present invention had added a watchdog routine 12 before this request of response (respond), before being implemented in file request response execution, and earlier detected purpose.Watchdog routine 12 is called the filter interface 14 of standard after be activated (activate).After file detects with filtrator 18 by watchdog routine 12, if satisfy the condition that detects, the system that then is output as (default) decided at the higher level but not officially announced file 16.
Corresponding to filter interface 14; the user can peg graft (plug in) reach the filtrator 18 of various objectives, as shown in Figure 1, for example in order to realize the filtrator 18a of SFP; reach filtrator 18b for anti-installation the (uninstall) record, or the filtrator 18c of other purposes etc.
Above-mentioned filtrator 18 is to cooperate software to be realized that its process flow diagram comprises the following steps: (i) step 20 as shown in Figure 2, at first by the monitor call filter interface with computer in the present embodiment; (ii) step 22 is followed associated dynamic link storehouse DLL file is discerned; (iii) step 24 judges whether this document satisfies monitored condition, if satisfy, then proceeds to next step, otherwise gets back to step 20, calls out program response service thereafter, until finishing this requested service; (iv) step 26 is provided with sign and record current information, gets back to step 20 then, and in the original file management circulation of the system that turns back to, and the above-mentioned file that satisfies condition will be handled according to user's requirement.
See also Fig. 3, techniqueflow of the present invention comprises the following steps: (i) step 32, at first carries out the file type analysis, for example the analysis of filename; (ii) step 34 is then utilized relevant dynamic link library (DLL), carries out monitoring condition and detects, and sees the demand condition that whether meets the user, if meet, then proceeds to next step, if the user does not need monitoring, then proceeds to step 44; (iii) step 36; Carry out relevant treatment, comprise sign is set, start monitoring; (iv) step 38, whether inquiry needs to monitor automatically, if the customer requirements monitoring then proceeds to next step, otherwise proceeds to step 46; (v) step 40 writes down the relevant information of this application program, proceeds to step 42 then; (vi) step 42, next program transfers the preparatory stage to, the next application program of preparation monitoring; (vii) step 44 if the result that condition detects does not meet the testing conditions of user's request, is then abandoned monitoring, and is proceeded to step 46; (viii) step 46 is called next clasp joint function (HOOK).
That is to say, after some application programs are sent file operation requests, operating system nucleus is docked with the supervisory routine of installable file system with it, call first documentor by its inner chained list (chained list) then, spread all over whole chained list then successively, finish the monitor service of application programs, in this process, the watchdog routine that is inserted into is after obtaining administrative power, at first, by calling a dynamic link library, to the file request of importing into, if satisfied monitoring condition then correlating markings be set, carry out relevant treatment, for example, if file has installation procedure filename (file name) feature, then watchdog routine starts the installation writing function, if filename satisfies executable program file name characteristic condition, then watchdog routine starts, and will be under an embargo at write operation, whether the system that can know is satisfied this request by the dynamic link library rreturn value, if response request is then noted current processing procedure record mark is set, begin this application program is monitored, after finishing the desired task of monitoring, change the file request of going to handle other.
In order to specify technology implementation method of the present invention; below especially exemplified by the example of SFP; in monitor procedure to SFP; need to judge whether file is executable file or system file; because the file of this two type is the sensitive document type of SFP; in case deletion or change above two types file, even can cause the parameter transmission of file system to damage.Therefore the user is when calling certain file system, in order to prevent to be revised or the malicious sabotage file system by other people, and sets watchdog routine, by the password form to limit user's modification authority, to reach the protection of file system.
As shown in Figure 4, it is the motion flow of SFP V * D, comprises the following steps: (i) step 52, by the systems communicate parameter; (ii) step 54 is called out (call) outer 16 dynamic link libraries (DLL); (iii) step 56, the content in the file table compares, and judges whether to be system file, if then carry out next step, otherwise proceed to step 62; (iv) step 58 judges whether, then to proceed to next step, otherwise proceed to step 62 if desire is revised system file into the property revised operation; (v) step 60, watchdog routine will not respond, and confirms that file operation is illegal, returns beginning; (vi) step 62 is transmitted parameter downwards, calls out next program.
See also Fig. 5, it is the flow process of outer 16 dynamic link libraries action, whether satisfies monitoring condition in order to judge file request, comprise the following steps: (i) step 72, after receiving a file request, call standard filter provided by the present invention, import parameter into; (ii) step 74, the locating file table; (iii) whether step 76 is differentiated this file request and is listed in the table, if in table, monitoring condition is satisfied in then definite this document request, proceeds to next step, otherwise proceeds to step 86; (iv) step 78 continues to judge whether this document request is write operation, if then proceed to next step, otherwise proceed to step 86; (v) step 80 ejects the warning dialog box automatically, the web-privilege password Web of inquiry file modification; (vi) step 82 confirms whether password is correct, if password is correct, then proceeds to step, otherwise proceeds to step 88; (vii) step 84; Allow operation (deletion, modification etc.), and continue next file request of response; (viii) step 86, retrieval system is transferred control to next supervisory routine; (ix) step 88, interrupt response, and return.
Above-mentioned steps 76, file request are that monitoring condition is not satisfied in the request of expression this document not in the file table, thus need retrieval system, and transfer control to next supervisory routine.And in the step 78, when this document request is not write operation, can not have influence on the safety of file system, thus monitoring also need not be continued, and only need retrieval system, transfer control to next supervisory routine.
Claims (8)
1. the dynamic monitoring and controlling method of a file system is characterized in that, comprises the following steps:
(i) according to the file request of application program, call corresponding filtrator, file is carried out monitoring condition detect;
(ii) whether inquiry needs to monitor automatically, if the customer requirements monitoring then proceeds to next step, otherwise proceeds to step (vi);
(iii) write down the relevant information of this application program;
(iv) next program transfers the preparatory stage to, the next application program of preparation monitoring;
If (v) the result of condition detection does not meet the testing conditions of user's request, then abandons monitoring, and proceeds to step (vi); And
(vi) call next clasp joint function.
2. the dynamic monitoring and controlling method of file system as claimed in claim 1 is characterized in that, the flow process that described filtrator is monitored comprises the following steps:
(1) carries out the file type analysis;
(2) utilize relevant dynamic link library, carry out monitoring condition and detect, see the demand condition that whether meets the user,, then proceed to next step,, then proceed to above-mentioned steps (v) if the user does not need monitoring if meet;
(3) sign is set, starts monitoring.
3. the dynamic monitoring and controlling method of file system as claimed in claim 1 is characterized in that, described filtrator comprises the filtrator of realizing SFP, for the anti-filtrator that record is installed, or the filtrator of other purposes etc.
4. the dynamic monitoring and controlling method of file system as claimed in claim 2 is characterized in that, is the analysis of carrying out filename in the described step (i).
5. the dynamic monitoring and controlling method of a file system, it is characterized in that, comprise the following steps: after some application programs are sent file operation requests, operating system nucleus in storer is docked with the supervisory routine of installable file system with it, call first documentor by its inner chained list then, file is monitored, and the whole chained list of overvoltage successively then is to finish the monitor service of application programs.
6. the dynamic monitoring and controlling method of file system as claimed in claim 5, it is characterized in that, in the described inferior process that file is monitored, the watchdog routine that is inserted into is after obtaining administrative power, at first, by calling a dynamic link library, to the file request of importing into,, carry out relevant treatment if satisfied monitoring condition then correlating markings is set, whether the system that can know is satisfied this request by the dynamic link library rreturn value, if response request is then noted current processing procedure record mark is set, begin this application program is monitored, after finishing the desired task of monitoring, change the file request of going to handle other.
7. the dynamic monitoring and controlling method of file system as claimed in claim 6 is characterized in that, described relevant treatment is when file has installation procedure filename feature, and then watchdog routine starts the installation writing function.
8. the dynamic monitoring and controlling method of file system as claimed in claim 6 is characterized in that, described relevant treatment is when filename satisfies executable program file name characteristic condition, and then watchdog routine starts, and will be under an embargo to write operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN99102482A CN1117322C (en) | 1999-03-04 | 1999-03-04 | Dynamic monitoring and controlling method for files system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN99102482A CN1117322C (en) | 1999-03-04 | 1999-03-04 | Dynamic monitoring and controlling method for files system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1266228A true CN1266228A (en) | 2000-09-13 |
| CN1117322C CN1117322C (en) | 2003-08-06 |
Family
ID=5270836
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN99102482A Expired - Fee Related CN1117322C (en) | 1999-03-04 | 1999-03-04 | Dynamic monitoring and controlling method for files system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1117322C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100367230C (en) * | 2004-01-19 | 2008-02-06 | 中国人民解放军理工大学 | Action control method based on LSM programme |
| CN100388234C (en) * | 2005-12-09 | 2008-05-14 | 中兴通讯股份有限公司 | Method for monitoring internal memory varible rewrite based on finite-state-machine |
| CN101866407A (en) * | 2010-06-18 | 2010-10-20 | 北京九合创胜网络科技有限公司 | Method and device for realizing security of operating system platform |
| CN107958152A (en) * | 2017-12-04 | 2018-04-24 | 山东中创软件商用中间件股份有限公司 | Tamper resistant method, device and equipment based on Virtual File System |
| CN108573596A (en) * | 2012-12-28 | 2018-09-25 | 松下电器(美国)知识产权公司 | Control method |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7607176B2 (en) * | 2004-11-12 | 2009-10-20 | International Business Machines Corporation | Trainable rule-based computer file usage auditing system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1021089C (en) * | 1990-04-05 | 1993-06-02 | 杨筑平 | Protecting mechanism for stored information |
-
1999
- 1999-03-04 CN CN99102482A patent/CN1117322C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100367230C (en) * | 2004-01-19 | 2008-02-06 | 中国人民解放军理工大学 | Action control method based on LSM programme |
| CN100388234C (en) * | 2005-12-09 | 2008-05-14 | 中兴通讯股份有限公司 | Method for monitoring internal memory varible rewrite based on finite-state-machine |
| CN101866407A (en) * | 2010-06-18 | 2010-10-20 | 北京九合创胜网络科技有限公司 | Method and device for realizing security of operating system platform |
| CN108573596A (en) * | 2012-12-28 | 2018-09-25 | 松下电器(美国)知识产权公司 | Control method |
| CN108573596B (en) * | 2012-12-28 | 2020-10-16 | 松下电器(美国)知识产权公司 | Control method |
| CN107958152A (en) * | 2017-12-04 | 2018-04-24 | 山东中创软件商用中间件股份有限公司 | Tamper resistant method, device and equipment based on Virtual File System |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1117322C (en) | 2003-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6802025B1 (en) | Restoration of a computer to a previous working state | |
| US5491791A (en) | System and method for remote workstation monitoring within a distributed computing environment | |
| AU2001286605B2 (en) | Method and system for determining the use and non-use of software programs | |
| RU2163726C2 (en) | Computer system operating process | |
| US7114104B1 (en) | System and method of fault detection in a Unix environment | |
| CN103023984B (en) | Terminal application server and application log filtering method thereof | |
| CN104182288A (en) | Method for automatically testing power consumption of server cluster system | |
| CA2614267A1 (en) | Per-user and system granular audit policy implementation | |
| WO2003107220B1 (en) | Layered computing systems and methods for insecure environments | |
| CN111813646B (en) | Method and device for injecting application probe in docker container environment | |
| CN112346829A (en) | Method and equipment for task scheduling | |
| US6519637B1 (en) | Method and apparatus for managing a memory shortage situation in a data processing system | |
| CN1117322C (en) | Dynamic monitoring and controlling method for files system | |
| CN101894033A (en) | Installation system and method capable of selecting operating system to be run on client computer automatically | |
| CN107357809B (en) | Mass platform Highsoon real-time library measurement data access system | |
| CN112328366A (en) | Efficient cloud platform host protection method and system | |
| EP1865412B1 (en) | Control of a multifunctional device | |
| US20100049749A1 (en) | System of synchronizing data between storage devices and method thereof | |
| US20050102505A1 (en) | Method for dynamically changing intrusion detection rule in kernel level intrusion detection system | |
| US7979238B2 (en) | System, method and computer program product for evaluating a test of an alternative system | |
| US5559726A (en) | Method and system for detecting whether a parameter is set appropriately in a computer system | |
| US7103783B1 (en) | Method and system for providing data security in a file system monitor with stack positioning | |
| CN101714092A (en) | Method for controlling boot sequence of server | |
| CN1310395A (en) | Register base dynamic monitoring method | |
| US20070130379A1 (en) | Method for data processing based on an operation route in peripheral equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20030806 Termination date: 20110304 |