CN114239047B - File protection method, apparatus, device, storage medium, and program product - Google Patents
File protection method, apparatus, device, storage medium, and program productInfo
- Publication number
- CN114239047B CN114239047B CN202111296102.9A CN202111296102A CN114239047B CN 114239047 B CN114239047 B CN 114239047B CN 202111296102 A CN202111296102 A CN 202111296102A CN 114239047 B CN114239047 B CN 114239047B
- Authority
- CN
- China
- Prior art keywords
- file
- path
- tree structure
- node
- file path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Library & Information Science (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
本发明实施例提供一种文件保护方法、装置、设备、存储介质和程序产品。该方法包括:若当前操作的第一文件为具有硬链接的文件,则确定所述第一文件路径对应的树结构中是否包含所述第一文件的节点;若所述第一文件路径对应的树结构中包含所述第一文件的节点,则对所述当前操作进行目标处理;所述树结构中的节点均为具有硬链接的文件节点。本发明实施例的方法,针对具有硬链接的文件的操作进行安全防护,安全性较高。
Embodiments of the present invention provide a file protection method, apparatus, device, storage medium, and program product. The method includes: if the first file currently being operated on is a file with a hard link, determining whether a tree structure corresponding to the first file path contains a node for the first file; if the tree structure corresponding to the first file path contains a node for the first file, performing target processing on the current operation; all nodes in the tree structure are file nodes with hard links. The method of the embodiments of the present invention provides security protection for operations on files with hard links, resulting in a high level of security.
Description
Technical Field
The present invention relates to the field of computer technology, and in particular, to a file protection method, apparatus, device, storage medium, and program product.
Background
The rapid development of computer networks and mobile internet applications has brought great convenience to social work and life, but the threat and loss caused by various network security problems have also become greater and greater. For example, the lux virus may destroy or encrypt the file by a write operation.
The inventor finds that the Leucavirus can write the file in a hard link mode in the process of implementing the scheme of the invention. Therefore, how to protect against the above-mentioned hard-linked write operation is a technical problem that needs to be solved by those skilled in the art.
Disclosure of Invention
In view of the problems in the prior art, embodiments of the present invention provide a file protection method, apparatus, device, storage medium, and program product.
Specifically, the embodiment of the invention provides the following technical scheme:
in a first aspect, an embodiment of the present invention provides a file protection method, including:
If the first file operated currently is a file with hard link, determining whether a tree structure corresponding to the first file path contains nodes of the first file or not;
and if the tree structure corresponding to the first file path contains the nodes of the first file, performing target processing on the current operation, wherein the nodes in the tree structure are all file nodes with hard links.
Further, the determining whether the tree structure corresponding to the first file path includes the node of the first file includes:
Matching the node identification of the first file with the node identification of the node in the tree structure corresponding to the first file path;
And if the node identification of the first file is matched with the node identification of a node in the tree structure, determining that the node containing the first file in the tree structure.
Further, before determining whether the tree structure corresponding to the first file path of the first file includes the node of the first file, the method further includes:
Determining whether a first file path of the first file is matched with at least one preset second file path;
If a second file path matched with the first file path exists, performing target processing on the current operation;
If not, it is determined whether the first file is a file with a hard link.
Further, before the target processing is performed on the current operation, the method further includes:
Determining whether the path of the current operation corresponding process is matched with the path of the access subject in the second file path corresponding preset rule;
and if not, carrying out target processing on the current operation.
Further, the performing target processing on the current operation includes:
And reporting or intercepting the current operation according to a preset strategy.
Further, the method further comprises:
under the condition that the hard link identification of the second file is changed, determining a third file path corresponding to the second file;
and adding or deleting the nodes of the second file in the tree structure corresponding to the third file path.
Further, the adding or deleting the node of the second file in the tree structure corresponding to the third file path includes:
if the hard link identifier of the second file is larger than a preset value, adding nodes of the second file in a tree structure corresponding to the third file path;
And if the hard link identifier of the second file is equal to a preset value, deleting the node of the second file in the tree structure corresponding to the third file path.
Further, before determining whether the tree structure corresponding to the first file path of the first file includes the node of the first file, the method further includes:
acquiring a file with a hard link under the first file path;
and establishing a tree structure corresponding to the first file path according to the file with the hard link under the first file path.
In a second aspect, an embodiment of the present invention further provides a file protection device, including:
the determining module is used for determining whether the tree structure corresponding to the first file path contains nodes of the first file or not if the first file which is currently operated is a file with hard links;
and the processing module is used for carrying out target processing on the current operation if the tree structure corresponding to the first file path contains the nodes of the first file, wherein the nodes in the tree structure are all file nodes with hard links.
In a third aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the file protection method according to the first aspect when the processor executes the program.
In a fourth aspect, embodiments of the present invention also provide a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the file protection method according to the first aspect.
In a fifth aspect, embodiments of the present invention also provide a computer program product having stored thereon executable instructions that when executed by a processor cause the processor to implement the steps of the file protection method according to the first aspect.
According to the file protection method, device, equipment, storage medium and program product, if the first file in the current operation is the file with the hard link and the tree structure corresponding to the first file path contains the node of the first file, the first file is limited by the rule corresponding to the first file path, and the current operation is subjected to target processing, and because the nodes in the tree structure are all the file nodes with the hard link, operations such as illegal modification on the first file can be prevented, and the safety of file protection is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a file protection method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a tree structure in an embodiment of the present invention;
FIG. 3 is a second flowchart of a method for protecting a document according to an embodiment of the present invention;
FIG. 4 is a third flowchart illustrating a method for protecting a file according to an embodiment of the present invention;
FIG. 5 is a flowchart illustrating a method for protecting a document according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of an embodiment of a document protection device according to the present invention;
fig. 7 is a schematic structural diagram of an embodiment of an electronic device according to the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
First, a description is given of a part of vocabulary and an application scenario according to an embodiment of the present invention.
And the inodes are used for recording file attributes, and one file corresponds to one inode. The inode corresponds to the identification ID of the file, and the content of the file can be read only after the inode is found when the file is searched.
A hard link is a file in which multiple files all point to the same inode, with the following features:
1. multiple files with the same inode are hard-linked files with each other, creating hard links is equivalent to more entries for file entities.
2. For a hard-linked file, only the source file and all corresponding hard-linked files are deleted, the file entity is deleted.
3. Whether the source file is modified or any of the hard linked files, the data of the other files is changed.
The method of the embodiment of the invention can be applied to safety protection scenes, particularly to protect files and ensure the safety of the files.
The objective of the Lesu protection is to prevent critical files from being modified and encrypted, the protection object is a specific file, and the commonly used protection scheme is to monitor the opening of the file at the kernel, so as to realize that only the protected file is opened to a specific main body, and for the file with the hard link, the file with the hard link is modified, and the source file and other hard link files are simultaneously modified.
In the file protection method of the embodiment of the invention, the protected file with the hard link is added in the node of the tree structure, if the file currently operated belongs to the tree structure, the file is subjected to safety protection, namely, the current operation is reported or intercepted, and the safety of the file protection is improved.
The following describes the technical scheme of the present invention in detail with reference to fig. 1 to 5. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Fig. 1 is a schematic flow chart of a file protection method according to an embodiment of the present invention. As shown in fig. 1, the method provided in this embodiment includes:
Step 101, if the first file currently operated is a file with a hard link, determining whether a tree structure corresponding to a first file path of the first file contains a node of the first file.
Specifically, the current operation includes a file open operation, a write operation, a delete operation, or the like. If the first file currently operated is a file with a hard link, it is highly likely to be a file requiring security protection.
The file with hard link to be protected may be recorded in advance, for example, the node with hard link is represented by a node in a tree structure, the identifier of the node may be an inode of the file, for convenience of processing, the node with hard link under the same file path may be recorded in the same tree structure, as shown in fig. 2, which is a tree structure corresponding to a certain file path, and the node with hard link is searched in the tree structure corresponding to the first file path by the identifier of the first file, where the tree structure includes the node of the first file.
The first file may be a source file or a hard link file.
102, If the tree structure corresponding to the first file path includes a node of the first file, performing target processing on the current operation, wherein the node in the tree structure is a file node with a hard link.
Specifically, if the tree structure corresponding to the first file path includes a node of the first file, it is indicated that the current first file is constrained by the current security protection rule, that is, the current operation needs to be subjected to target processing, for example, reporting or interception processing.
Alternatively, a tree structure may be created in advance for each file path, the nodes in the tree structure being file nodes with hard links, and the corresponding files being protected files. Each node in the tree structure is identified by a universal unique identification code (Universally Unique Identifier, UUID), including inodes and bdev.
The bdev file system is used for establishing the relevance between the external expression and the internal implementation of the block device file. bdev the file system is a "pseudo" file system that is used only by the kernel and does not need to be mounted to the global file system tree.
In the method of the embodiment, if the first file in the current operation is a file with a hard link and the tree structure corresponding to the first file path includes a node of the first file, it is indicated that the first file is constrained by the rule corresponding to the first file path, and the current operation is processed, and because the nodes in the tree structure are all file nodes with the hard link, operations such as illegal modification on the first file with the hard link can be prevented, and the security of file protection is improved.
In an embodiment, the following operations may be further performed before step 101:
determining whether a first file path of a first file is matched with at least one preset second file path;
If a second file path matched with the first file path exists, performing target processing on the current operation;
if not, it is determined whether the first file is a file with a hard link.
Specifically, at least one security protection rule may be preconfigured, and each security protection rule may specify at least one second file path that needs to be protected, that is, files under the second file paths need to be secured.
If the first file path of the first file of the current operation is matched with a certain second file path, the first file needs to be subjected to security protection, and target processing, such as reporting or interception processing, is performed on the current operation. If the files are not matched, the files are not protected by the current safety protection rules, whether the files are hard link files needing safety protection can be further judged, and if the files are hard link files needing safety protection, target processing is conducted.
In order to ensure efficiency, the inode number of the first file may be first matched with an inode number included in a file path to be protected by the security protection rule, and when the inode number is successfully matched, a file path matched with the first file may be obtained.
For example, a value of parameter i_count in an inode greater than 1 may be considered a file with a hard link.
In an embodiment, before the target processing is performed on the current operation, the method further includes:
Determining whether the path of the current operation corresponding process is matched with the path of the access subject in the preset rule corresponding to the second file path;
And if the current operation does not match, performing target processing on the current operation.
Specifically, the access subject may refer to a process of accessing the current first file, if a path of the process corresponding to the current operation is matched with a path of the access subject in a preset rule corresponding to the path of the second file, that is, the access subject allowed to access in the preset rule, the current operation is directly released, that is, the current operation is not required to be processed, and if the path of the process corresponding to the current operation is not matched, it is indicated that the process corresponding to the current operation is not the access subject allowed to access in the preset rule, and then target processing is performed.
In the above embodiment, by matching the first file path of the first file currently operated with the preset second file path, it is determined whether the first file is a protected file, so that the security of file protection can be improved.
Illustratively, as shown in FIG. 3, the method includes the steps of:
1. the current file matches a certain rule;
Specifically, assuming that the current file is file 1, a rule matching the file 1 is searched for by the UUID of the file 1 or an inode included in the UUID, and the rule is assumed to be rule 1.
2. The regular character fails to match the regular file path;
Specifically, the path of the access main body in the rule 1 is/usr/bin/vim, the file under the path/home/AAA.wps can be accessed, if the operation of the current file triggers the security protection, the file path of the current file to be opened is firstly obtained, the file path is matched with the file path which can be accessed and is specified in the rule, if the matching is successful, that is, the file path of the file 1 is/home/AAA.wps, whether the access path of the current operation corresponding process is the same as/usr/bin/vim is checked, if the access path is the same, the current operation is released, that is, the security protection is not needed for the file, if the access path is not the same, the target processing, such as reporting or interception, is needed, if the matching fails, the file 1 is not protected by the rule 1, and whether the access path of the current operation corresponding process is the protected hard link file is needed to be determined.
3. Determining whether the current file is a hard link file, namely whether the value of a parameter i_count in an inode is greater than 1, namely whether inode- > i_count is greater than 1;
4. If inode- > i_count >1, inquiring the tree structure of the file path according to the UUID of the current file;
5. if the node of the file exists in the tree structure, the current file is protected, namely the current operation is correspondingly processed by needing to carry out safety protection;
6. if the file is not hard-linked, or if there is no node in the tree structure for the file, the current operation is released.
In one embodiment, before step 101, the file protection method further includes:
acquiring a file with a hard link under a first file path;
And establishing a tree structure corresponding to the first file path according to the file with the hard link under the first file path.
Specifically, the first file path is a/b/c, and assuming that 1 file 1 in the plurality of files included in the path a is a file with a hard link, a root node of the tree structure is a node of the file 1, and the node of the file 1 is represented by a UUID of the file 1. and 2 files 2 and 3 in the plurality of files included in the a/b path are files with hard links, taking the nodes of the files 2 and 3 as leaf nodes of the root node of the tree structure, and the like to form the tree structure.
In the embodiment, the tree structure formed by the nodes with the hard-linked files can determine whether the files in the current operation are constrained by a certain protection rule, so that the current operation is correspondingly processed, and the security is higher.
In one embodiment, the step 102 may be specifically implemented by the following steps:
matching the node identification of the first file with the node identification of the node in the tree structure corresponding to the first file path;
if the node identification of the first file is matched with the node identification of a node in the tree structure, determining the node containing the first file in the tree structure.
Specifically, the node identifier uuid1 of the first file is matched with the node identifier of the node in the tree structure corresponding to the first file path, if the node identifier uuid1 of a certain node is included in the tree structure, the node containing the first file in the tree structure is determined, and the hard link file is constrained by the safety protection rule corresponding to the current first file path.
In the embodiment, the node identification of the first file is matched with the node identification in the tree structure, so that whether the tree structure contains the node of the first file or not is determined, the implementation mode is simple, and the efficiency is high.
In one embodiment, step 102 may be implemented as follows:
And reporting or intercepting the current operation according to a preset strategy.
Specifically, when the tree structure (or the security protection rule) is established, a corresponding policy may be configured, for example, under what condition to report, under what condition to intercept directly, for example, according to the priority of the file type, the file with high priority may intercept directly, or different paths may correspond to corresponding processing operations, that is, when it is determined that the first file in the current operation is a hard link file and is a node in the tree structure, corresponding processing is performed, for example, the priority of the current first file is higher, and then intercept processing is directly performed.
For example, the file on the file path a is reported, and the file on the file path b is intercepted.
In the embodiment, when the operation of the file is identified in the hard link mode, the security of file protection is improved by reporting or intercepting the current operation.
In an embodiment, the file protection method further includes:
under the condition that the hard link identification of the second file is changed, determining a third file path corresponding to the second file;
and adding or deleting the nodes of the second file in the tree structure corresponding to the third file path.
In particular, in the case that the hard link identification of the second file is changed, determining a third file path corresponding to the second file, wherein the hard link identification may be the number of hard links of the inode,
And adding or deleting the nodes of the second file in the tree structure corresponding to the third file path.
Specifically, if the hard link identifier of the second file, for example, the parameter i_count in the inode changes and becomes larger or smaller, it is indicated that the second file has a newly created hard link or a certain hard link is deleted, so that the tree structure corresponding to the third file path to which the second file belongs is processed, for example, a node is newly added or deleted, so that the subsequent use of the tree structure can be accurately judged, that is, if an operation is performed on a certain file under the third file path, whether the operation is correspondingly processed, that is, reported or intercepted, etc., can be accurately determined, and the security of file protection is improved.
Optionally, if the hard link identifier of the second file is greater than a preset value, adding a node of the second file in a tree structure corresponding to the third file path;
And if the hard link identifier of the second file is equal to a preset value, deleting the node of the second file in the tree structure corresponding to the third file path.
Specifically, if the hard link identifier of the second file, for example, the parameter i_count in the inode, and the value of the parameter is greater than a preset value, the node of the second file is added in the tree structure corresponding to the third file path, and if the hard link identifier of the second file, for example, the parameter i_count in the inode, and the value of the parameter is equal to the preset value, the node of the second file is deleted in the tree structure corresponding to the second file path, and the preset value is, for example, 1.
As shown in fig. 4, monitoring for a new hard link, the new UUID node inserts a red-black tree, comprising the steps of:
1. determining whether the value of the parameter i_count in the inode is changed from 1 to 2, namely, the inode- > i_count is changed from 1 to 2;
2. if yes, the hard link is a newly built hard link, and all file paths corresponding to the rules are traversed;
3. determining which rule corresponding file path the newly built hard link belongs to;
4. If the newly-built hard link is determined to belong to a certain file path, a node corresponding to the hard link is newly added into a tree structure corresponding to the file path.
As shown in fig. 5, monitoring for hard link removal, deleting nodes from UUID mangrove, comprising the steps of:
1. determining whether the value of the parameter i_count in the inode is changed from 2 to 1, namely, the inode- > i_count is changed from 2 to 1;
2. If yes, the hard link is a hard link to be deleted, and the file paths corresponding to all rules are traversed;
3. Determining which rule corresponding file path the hard link to be deleted belongs to;
4. If the hard link is determined to belong to a certain file path, deleting the node corresponding to the hard link from the tree structure corresponding to the file path.
The value of i_count may be changed from other value greater than 2 to 1.
In the above embodiment, by monitoring the hard link, that is, by monitoring the creation and deletion of the hard link, illegal operation of the file by means of the hard link is prevented, and the security of file protection is improved
The document protection device provided by the invention is described below, and the document protection device described below and the document protection method described above can be referred to correspondingly.
Fig. 6 is a schematic structural diagram of a file protection and identification device provided by the invention. As shown in fig. 6, the file protection device provided in this embodiment includes:
A determining module 210, configured to determine whether a tree structure corresponding to a first file path includes a node of the first file if the first file currently operated is a file with a hard link;
and the processing module 220 is configured to perform target processing on the current operation if the tree structure corresponding to the first file path includes nodes of the first file, where the nodes in the tree structure are all file nodes with hard links.
Optionally, the processing module 220 is further configured to:
Matching the node identification of the first file with the node identification in the tree structure corresponding to the first file path;
and if the node identification matched with the node identification of the first file exists in the tree structure, determining the node containing the first file in the tree structure.
Optionally, the determining module 210 is specifically configured to:
determining whether a first file path of the first file is matched with at least one preset second file path;
If a second file path is matched with the first file path, performing target processing on the current operation;
If not, it is determined whether the first file is a file with a hard link.
Optionally, the processing module 220 is specifically configured to:
Determining whether the path of the current operation corresponding process is matched with the path of the access subject in the second file path corresponding preset rule;
and if not, carrying out target processing on the current operation.
Optionally, the processing module 220 is specifically configured to:
And reporting or intercepting the current operation according to a preset strategy.
Optionally, the processing module 220 is further configured to:
under the condition that the hard link identification of the second file is changed, determining a third file path corresponding to the second file;
and adding or deleting the nodes of the second file in the tree structure corresponding to the third file path.
Optionally, the processing module 220 is specifically configured to:
if the hard link identifier of the second file is larger than a preset value, adding nodes of the second file in a tree structure corresponding to the third file path;
And if the hard link identifier of the second file is equal to a preset value, deleting the node of the second file in the tree structure corresponding to the third file path.
Optionally, the processing module 220 is further configured to:
acquiring a file with a hard link under the first file path;
and establishing a tree structure corresponding to the first file path according to the file with the hard link under the first file path.
The device of the embodiment of the present invention is configured to perform the method of any of the foregoing method embodiments, and its implementation principle and technical effects are similar, and are not described in detail herein.
Examples are as follows:
Fig. 7 illustrates a physical schematic diagram of an electronic device, which may include a processor 810, a communication interface (Communications Interface) 820, a memory 830, and a communication bus 840, as shown in fig. 7, where the processor 810, the communication interface 820, and the memory 830 perform communication with each other through the communication bus 840. The processor 810 may call a logic instruction in the memory 830 to execute a method of determining a first file path corresponding to a first file from at least one preset file path if the first file of a current operation is a file with a hard link, and performing target processing on the current operation if a tree structure corresponding to the first file path includes a node of the first file, where nodes in the tree structure are all file nodes with hard links.
Further, the logic instructions in the memory 830 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. The storage medium includes a U disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, an optical disk, or other various media capable of storing program codes.
On the other hand, the embodiment of the invention also provides a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor, implements the file protection method provided in the above embodiments, for example, includes determining a first file path corresponding to a first file from at least one preset file path if the first file in the current operation is a file with a hard link, and performing target processing on the current operation if a tree structure corresponding to the first file path includes a node of the first file, where the nodes in the tree structure are all file nodes with hard link.
On the other hand, the embodiment of the invention also provides a computer program product, wherein executable instructions are stored on the computer program product, and the instructions, when executed by a processor, cause the processor to implement the file protection method provided by the above embodiments, for example, the computer program product comprises the steps of determining a first file path corresponding to a first file from at least one preset file path if the first file of the current operation is a file with hard links, and performing target processing on the current operation if a tree structure corresponding to the first file path contains nodes of the first file, wherein the nodes in the tree structure are all file nodes with hard links.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
It should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention, and not for limiting the same, and although the present invention has been described in detail with reference to the above-mentioned embodiments, it should be understood by those skilled in the art that the technical solution described in the above-mentioned embodiments may be modified or some technical features may be equivalently replaced, and these modifications or substitutions do not make the essence of the corresponding technical solution deviate from the spirit and scope of the technical solution of the embodiments of the present invention.
Claims (11)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111296102.9A CN114239047B (en) | 2021-11-03 | 2021-11-03 | File protection method, apparatus, device, storage medium, and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111296102.9A CN114239047B (en) | 2021-11-03 | 2021-11-03 | File protection method, apparatus, device, storage medium, and program product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114239047A CN114239047A (en) | 2022-03-25 |
| CN114239047B true CN114239047B (en) | 2025-08-12 |
Family
ID=80743730
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111296102.9A Active CN114239047B (en) | 2021-11-03 | 2021-11-03 | File protection method, apparatus, device, storage medium, and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114239047B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9104675B1 (en) * | 2012-05-01 | 2015-08-11 | Emc Corporation | Inode to pathname support with a hard link database |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7260718B2 (en) * | 2001-04-26 | 2007-08-21 | International Business Machines Corporation | Method for adding external security to file system resources through symbolic link references |
| US9552367B2 (en) * | 2011-09-16 | 2017-01-24 | Ca, Inc. | System and method for network file system server replication using reverse path lookup |
| CN107180092B (en) * | 2017-05-15 | 2020-10-23 | 中国科学院上海微系统与信息技术研究所 | File system control method and device and terminal |
| US10685116B2 (en) * | 2018-02-23 | 2020-06-16 | Mcafee, Llc | Anti-ransomware systems and methods using a sinkhole at an electronic device |
| CN111881473B (en) * | 2020-07-22 | 2024-03-19 | 深圳市友杰智新科技有限公司 | Privacy file protection method, device, computer equipment and readable storage medium |
| CN112134880A (en) * | 2020-09-21 | 2020-12-25 | 南京工程学院 | Authorization protection method of lightweight XML (extensive Makeup language) in complex network environment |
| CN112597534B (en) * | 2020-12-15 | 2024-12-31 | 浙江大华技术股份有限公司 | File protection method, device, storage medium and electronic device |
-
2021
- 2021-11-03 CN CN202111296102.9A patent/CN114239047B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9104675B1 (en) * | 2012-05-01 | 2015-08-11 | Emc Corporation | Inode to pathname support with a hard link database |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114239047A (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109922075B (en) | Network security knowledge graph construction method and device and computer equipment | |
| US11122061B2 (en) | Method and server for determining malicious files in network traffic | |
| US11520889B2 (en) | Method and system for granting access to a file | |
| US11847223B2 (en) | Method and system for generating a list of indicators of compromise | |
| CN115242434B (en) | Application Programming Interface (API) Identification Method and Device | |
| US20230231885A1 (en) | Multi-perspective security context per actor | |
| US12086236B2 (en) | System and method for identifying a cryptor that encodes files of a computer system | |
| CN115758355A (en) | A ransomware defense method and system based on fine-grained access control | |
| CN113497797A (en) | Method and device for detecting abnormality of ICMP tunnel transmission data | |
| CN111885088A (en) | Log monitoring method and device based on block chain | |
| CN114239047B (en) | File protection method, apparatus, device, storage medium, and program product | |
| CN113852597A (en) | A network threat source tracing iterative analysis method, computer equipment and storage medium | |
| CN106856477B (en) | Threat processing method and device based on local area network | |
| CN115529145B (en) | Network security intrusion detection and protection system and method | |
| CN114676313B (en) | Problem solving method, device and storage medium | |
| CN112379923B (en) | Vulnerable code clone detection method, device, electronic device and storage medium | |
| CN115622802A (en) | Attack source tracing method, device, equipment and storage medium | |
| CN111158937B (en) | Kernel-driven software core file endogenous protection method and device | |
| CN111092886B (en) | Terminal defense method, system, equipment and computer readable storage medium | |
| CN116186698B (en) | A secure data processing method, medium and device based on machine learning | |
| US20240289457A1 (en) | System and method for identifying information security threats | |
| EP3588350B1 (en) | Method and system for generating a request for information on a file to perform an antivirus scan | |
| CN117648100B (en) | Application deployment method, device, equipment and storage medium | |
| EP4421668A1 (en) | System and method for identifying information security threats | |
| CN115758360A (en) | File management and storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |