Summary of the invention
For solving the problem, the invention provides a kind of method and device of data protection.
The method of a kind of data protection provided by the invention, comprises the following steps:
When user is opened file by I/O event request, the I/O event that initialization requests opens file;
Judge that whether I/O event that described request opens file is the operation before file reads in, and judge whether the file destination that will open belongs to the file of needs protection, when judging all as being, then performs next step, otherwise, undo;
Record the fileinfo that will open file;
When user preserves file by I/O event request, initialization requests preserves the I/O event of file;
Judge that whether described I/O event is the operation before file write, and judge the file whether file destination that will preserve belongs to needs and protect, when judging all as being, then further judge, otherwise do not carry out any operation;
According to the fileinfo recorded when opening file, judge whether the file that will preserve meets the file Writing condition preset, if meet Writing condition, then preserves the file that will preserve; Otherwise, refusal data write disk.
Preferably, as a kind of embodiment, the fileinfo recorded when described basis opens file, judges whether the file that will preserve meets the file Writing condition preset, if meet Writing condition, then preserves the file that will preserve; Otherwise refusal data write disk, comprises the following steps:
Search the fileinfo will preserving file, the fileinfo will preserving file if described exists, then judge further; Otherwise refusal data write disk;
Whether the legacy data in the file that judgement will be preserved remains unchanged, and if so, then further judges; Otherwise refusal data write disk;
Whether there is the content newly increased in the file that judgement will be preserved, if so, then preserve the file that will preserve; Otherwise refusal data write disk.
Preferably, as a kind of embodiment, in step according to the fileinfo recorded when opening file, judge whether the file that will preserve meets the file Writing condition preset, if meet Writing condition, then preserves the file that will preserve; Otherwise, refusal data write disk, before further comprising the steps of:
Operating system checks whether user has write permission, if had, then perform next step operation, otherwise operating system forbids that user processes file.
Preferably, as a kind of embodiment, described refusal data write disk, comprises the following steps:
The relevant information arranging the I/O event of described request preservation file is denied access;
File system controller performs denied access operation.
Preferably, as a kind of embodiment, described fileinfo comprises the file size and duplicate of the document that will open file.
Based on the device of a kind of data protection of same inventive concept, comprise the first initialization module, the first judge module, logging modle, the second initialization module, the second judge module and the first processing module, wherein:
Described first initialization module, for when user is opened file by I/O event request, the I/O event that initialization requests opens file;
Described first judge module, for judging that whether I/O event that described request opens file is the operation before file reads in, and judge whether the file destination that will open belongs to the file of needs protection, when judging all as being, logging modle is then utilized to perform further operation, otherwise, undo;
Described logging modle, for recording the fileinfo that will open file;
Described second initialization module, for when user preserves file by I/O event request, initialization requests preserves the I/O event of file;
Described second judge module, for judging that whether described I/O event is the operation before file write, and judge the file whether file destination that will preserve belongs to needs and protect, when judging all as being, then utilize the first processing module to perform further operation, otherwise do not carry out any operation;
Described first processing module, for according to the fileinfo recorded when opening file, judges whether the file that will preserve meets the file Writing condition preset, if meet Writing condition, then preserves the file that will preserve; Otherwise, refusal data write disk.
Preferably, as a kind of embodiment, described first processing module comprises fileinfo and searches submodule, and legacy data judges that submodule and new content judge submodule, wherein:
Described fileinfo searches submodule, and for searching the fileinfo will preserving file, the fileinfo will preserving file if described exists, then utilize legacy data to judge that submodule further judges; Otherwise refusal data write disk;
Described legacy data judges submodule, for judging whether the legacy data in the file that will preserve remains unchanged, and if so, then utilizes new content to judge that submodule further judges; Otherwise refusal data write disk;
Described new content judges submodule, for judging whether there is the content newly increased in the file that will preserve, if so, then preserves the file that will preserve; Otherwise refusal data write disk.
Preferably, as a kind of embodiment, in the device of described data protection, also comprise denied access and module is set, wherein:
Described denied access arranges module, is connected with file system controller, and the relevant information of preserving the I/O event of file for arranging described request is denied access, and is operated by described file system controller control execution denied access.
Beneficial effect of the present invention comprises:
The method of a kind of data protection provided by the invention and device, by comparing data after the inspection of user right and write and raw data, effectively prevent disabled user to the amendment of file raw data, avoid the loss of existing data in text; Meanwhile, allow user's new content preserving on the basis of file raw data, thus effectively ensureing, on the basis that urtext file data is not modified or deletes, to realize the expansion to legacy data.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with accompanying drawing, the method for the data protection of the embodiment of the present invention and the embodiment of device are described.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The method of the data protection of the embodiment of the present invention, as shown in Figure 1, comprises the following steps:
S100, when user is opened file by I/O event request, the I/O event that initialization requests opens file;
When user will read certain file stored in computing machine, first the I/O event opened file can be sent request, the I/O event that described request opens file is sent to file system controller, by the I/O event that file system controller acquisition described request opens file, and I/O event described in initialization.
S200, judges that whether I/O event that described request opens file is the operation before file reads in, and judges whether the file destination that will open belongs to the file of needs protection, when judging all as being, then performs next step, otherwise, undo;
Judge that whether I/O event that described request opens file is the operation before file reads in, when the I/O event judging that described request opens file is not the operation before file reads in, then do not carry out any operation; When the I/O event judging that described request opens file is the operation before file reads in; continue to judge whether the file destination that will open belongs to the file of needs protection; when judging to be the file needing protection; then perform next step; do further operation; when judging not to be the file needing protection, then normally open file, do not do other operation bidirectionals.
It should be noted that, the described file needing protection is some text set as required herein.If text a is the file needing protection, the legacy data in file does not wish to be changed, and so when a file is opened in user's request, belongs to the operation to wanting protected file, then performs next step.
S300, records the fileinfo that will open file;
When operating needing the text of protection, then the original file information of first recording text file.
Preferably, as a kind of embodiment, described fileinfo comprises size and the duplicate of the document of file.
The copy of the file that preservation will be opened and the size of file in the assigned address of local disk so that follow-up when user preserves file by and the comparison of file clean copy determine whether file meets the condition of preserving.
S400, when user preserves file by I/O event request, initialization requests preserves the I/O event of file;
Similar with step S100, when user will preserve file to local disk, send request the I/O event of preserving file, the I/O event that described request preserves file is sent to file system controller, obtain by file system controller the I/O event that described request preserves file, and initialization described request preserves the I/O event of file.
S500, judges that whether described I/O event is the operation before file write, and judges the file whether file destination that will preserve belongs to needs and protect, and when judging all as being, then further judges, otherwise does not carry out any operation;
Judge that whether I/O event that described request opens file is the operation before file write, when judge I/O event that described request opens file be not file write before operation time, then do not carry out any operation; When the I/O event judging that described request opens file is the operation before file writes; continue to judge whether the file destination that will open belongs to the file of needs protection; when judging to be the file needing protection; then perform next step; do further operation; when judging not to be the file needing protection, then normally open file, do not do other operation bidirectionals.
S600, according to the fileinfo recorded when opening file, judges whether the file that will preserve meets the file Writing condition preset, if meet Writing condition, then preserves the file that will preserve; Otherwise, refusal data write disk.
For the file that will preserve, judge whether its file that will preserve meets the condition write with the file preset, if described file meets default Writing condition, then preserves file, otherwise refusal data write disk.
Described default Writing condition refers to that the legacy data in the file that will preserve remains unchanged, and has the content newly increased in the file that will preserve.
Preferably, as a kind of embodiment, step S600, comprises the following steps:
S610, searches the fileinfo will preserving file, and the fileinfo will preserving file if described exists, then judge further; Otherwise refusal data write disk;
Described fileinfo is the fileinfo being kept at local disk assigned address when opening file, search in the assigned address of described local disk and whether have the described fileinfo that will preserve, if have, then according to found fileinfo, further judgement is done to the file that will preserve, if no, then refuse data write disk.
It should be noted that herein; through step S500; judge that described file is in the catalogue of the file that will protect; if local disk assigned address will not preserve the fileinfo of file; then illustrate the operation that file is opened be not through standard I/O event perform, therefore, the information of original is not preserved; can not judge whether the file that will preserve meets the condition of file write according to original text, so refusal data write disk.Thus effectively avoid by input modifying of order text.
During by effective I/O event reading, preservation file, the preservation of text likely by checking, could be saved in local disk.
S620, judges whether the legacy data in the file that will preserve remains unchanged, if so, then further judges; Otherwise refusal data write disk;
According to the found fileinfo will preserving file, whether the legacy data in the file that judgement will be preserved remains unchanged, the file that will preserve and the fileinfo found compare, the all the elements in found fileinfo are comprised in file to preservation, namely prove that in the text that will preserve, legacy data remains unchanged, therefore can the file that will preserve further be judged, the all the elements in found fileinfo are not comprised in file to preservation, or content changes, then prove that the text that will preserve is edited the original contents in file, change, data write disk then after refusal change.Ensure that accuracy and the integrality of raw data in text.
S630, judges whether there is the content newly increased in the file that will preserve, the file will preserved described in if so, then preserving; Otherwise refusal data write disk.
According to the judgement of step S620, determine to contain whole raw data in the file that will preserve, then judge whether add new content in the file that will preserve further, the content newly increased is had in text to preservation, preserve the new text comprising the content newly increased, the content do not newly not increased in text to preservation, then refuse data write disk, the i.e. raw data of text.
Preferably, as a kind of embodiment, judge the described data message comprised in the file that will preserve in original in a previous step, then determined in the file that will preserve, whether there is the content newly increased by the size of source document in the size comparing the text that will preserve and the fileinfo found in this step.Size to the file preserved is greater than the size of source document, then illustrate in the text that will preserve have the content newly increased, then preserve the file that will preserve; Otherwise refusal data write disk.
Preferably, as a kind of embodiment, before step S600, also comprise step following steps:
S060, operating system checks whether user has write permission, if had, then perform next step operation, otherwise operating system forbids that user processes file.
The I/O event of preserving file is asked according to user, operating system checks whether user has the authority write, if have, then perform step S600, whether the file that judgement will be preserved meets the file Writing condition preset, otherwise illustrates that user does not have write permission, and namely user is not to the authority that file is changed, then operating system directly forbids that user processes file, namely refuses user to the operation such as change, preservation of file.
Preferably, as a kind of embodiment, described refusal data write disk, comprises the following steps:
S6001, the relevant information arranging the I/O event of described request preservation file is denied access;
The relevant information arranging the I/O event of described request preservation file is denied access, and feedback-related information is to file system controller.
S6002, file system controller performs denied access operation.
File system controller operates according to the information and executing denied access of set denied access, and namely refusal preserves file.
Preferably, as shown in Figure 2, in another embodiment of the invention, comprise the following steps:
S700, user's request opens file, and system initialization I/O event, enters step S701;
S701, judges that whether this I/O event is that file reads in front action and file destination belongs to the monitored catalogue of needs, if so, enters step S702;
Step S702, the size that record request opens file, and the copy preserving file;
Step S703, user asks to preserve file, and system initialization I/O event, enters step S704;
Step S704, judge whether this I/O event is action before file write, and file destination belongs to the monitored catalogue of needs, then enter step S705;
Step S705, operating system checks whether user has write permission, if so, then enters step S706, otherwise enters step S712;
Step S706, searches the size information of this file, if do not find the size content information about this file, then enters step S709; If find effective information, then enter step S707;
Step S707, judges that whether constant the content before file write keeps, if so, then enters step S708, otherwise enter step S709;
Step S708, judges whether file has new content, if so, then enters step S711, otherwise enter step S709;
Step S709, the relevant information arranging I/O event is denied access, enters step S710;
Step S710, file system performs denied access;
Described file system performs denied access, namely refuses file write disk, does not preserve file.
Step S711, allows data write disk;
Allow data write disk, namely preserve file.
Step S712, system performs denied access.
Based on same inventive concept; the device of a kind of data protection of the embodiment of the present invention, the principle of dealing with problems due to this device is similar to the method for aforementioned a kind of data protection, therefore; the enforcement of this device can realize according to the step of preceding method, repeats part and repeats no more.
A device for data protection, as shown in Figure 3, comprises the first initialization module 100, first judge module 200, logging modle 300, the second initialization module 400, second judge module 500 and the first processing module 600, wherein:
Described first initialization module 100, for when user is opened file by I/O event request, the I/O event that initialization requests opens file;
Described first judge module 200, for judging that whether I/O event that described request opens file is the operation before file reads in, and judge whether the file destination that will open belongs to the file of needs protection, when judging all as being, logging modle is then utilized to perform further operation, otherwise, undo;
Judge that whether I/O event that described request opens file is the operation before file reads in, when the I/O event judging that described request opens file is not the operation before file reads in, then do not carry out any operation; When the I/O event judging that described request opens file is the operation before file reads in; continue to judge whether the file destination that will open belongs to the file of needs protection; when judging to be the file needing protection; then perform next step; do further operation; when judging not to be the file needing protection, then normally open file, do not do other operation bidirectionals.
Described logging modle 300, for recording the fileinfo that will open file;
Described fileinfo comprises the size that will open file and the duplicate of the document that will open file.
Described second initialization module 400, for when user preserves file by I/O event request, initialization requests preserves the I/O event of file;
Described second judge module 500, for judging that whether described I/O event is the operation before file write, and judge the file whether file destination that will preserve belongs to needs and protect, when judging all as being, then utilize the first processing module to perform further operation, otherwise do not carry out any operation;
Described first processing module 600, for according to the fileinfo recorded when opening file, judges whether the file that will preserve meets the file Writing condition preset, if meet Writing condition, then preserves the file that will preserve; Otherwise, refusal data write disk.
Preferably, as a kind of embodiment, described first processing module 600 comprises fileinfo and searches submodule 610, and legacy data judges that submodule 620 and new content judge submodule 630, wherein:
Described fileinfo searches submodule 610, and for searching the fileinfo will preserving file, the fileinfo will preserving file if described exists, then utilize legacy data to judge that submodule further judges; Otherwise refusal data write disk;
Described legacy data judges submodule 620, for judging whether the legacy data in the file that will preserve remains unchanged, and if so, then utilizes new content to judge that submodule further judges; Otherwise refusal data write disk;
Described new content judges submodule 630, for judging whether there is the content newly increased in the file that will preserve, if so, then preserves the file that will preserve; Otherwise refusal data write disk.
Preferably, as a kind of embodiment, the device of a kind of data protection of the present embodiment, also comprises denied access and arranges module 700, wherein:
Described denied access arranges module 700, is connected with file system controller, and the relevant information of preserving the I/O event of file for arranging described request is denied access, and is operated by described file system controller control execution denied access.
The above embodiment only have expressed several embodiment of the present invention, and it describes comparatively concrete and detailed, but therefore can not be interpreted as the restriction to the scope of the claims of the present invention.It should be pointed out that for the person of ordinary skill of the art, without departing from the inventive concept of the premise, can also make some distortion and improvement, these all belong to protection scope of the present invention.Therefore, the protection domain of patent of the present invention should be as the criterion with claims.