The content of the invention
To solve the above problems, the invention provides a kind of method and device of data protection.
A kind of method of data protection that the present invention is provided, comprises the following steps:
When user opens file by I/O event requests, initialization requests open the I/O events of file;
Judge whether the I/O events that file is opened in the request are operation before file reads in, and judge what is opened
Whether file destination belongs to needs document to be protected, when judging all to be, then performs next step, otherwise, does not perform operation;
Record to be opened the fileinfo of file;
When user preserves file by I/O event requests, initialization requests preserve the I/O events of file;
Judge whether the I/O events are operation before file write-in, and judge whether the file destination to be preserved belongs to
In document to be protected is needed, when judging all to be, then further judged, any operation is not carried out otherwise;
According to the fileinfo recorded when opening file, judge whether the file to be preserved meets default file write-in
Condition, if meeting Writing condition, the file to be preserved;Otherwise, refusal data write-in disk.
It is preferred that used as a kind of embodiment, described according to the fileinfo recorded when opening file, judgement will be protected
Whether the file deposited meets default file Writing condition, if meeting Writing condition, the file to be preserved;Otherwise, refuse
Exhausted data write-in disk, comprises the following steps:
Lookup will preserve the fileinfo of file, if the fileinfo that preserve file is present, carry out further
Judge;Otherwise refusal data write disk;
Judge whether the legacy data in the file to be preserved keeps constant, if it is, further being judged;It is no
Then refusal data write disk;
Judge whether there is the content for newly increasing in the file to be preserved, if it is, the file to be preserved;Otherwise refuse
Exhausted data write-in disk.
It is preferred that used as a kind of embodiment, in step according to the fileinfo recorded when opening file, judging will
Whether the file of preservation meets default file Writing condition, if meeting Writing condition, the file to be preserved;Otherwise,
Refusal data write-in disk, it is before further comprising the steps of:
Operating system checks whether user has write permission, if it has, then performing next step operation, otherwise, operating system
User is forbidden to process file.
It is preferred that used as a kind of embodiment, the refusal data write disk, comprise the following steps:
The relevant information for setting the I/O events that the request preserves file is denied access;
File system controller performs denied access operation.
It is preferred that as a kind of embodiment, the fileinfo include the file size to be opened file and
Duplicate of the document.
A kind of device of the data protection based on same inventive concept, including the first initialization module, the first judge module,
Logging modle, the second initialization module, the second judge module and first processing module, wherein:
First initialization module, for when user opens file by I/O event requests, initialization requests to be opened
The I/O events of file;
First judge module, for judging whether the I/O events that file is opened in the request are before file reads in
Operating, and judge whether the file destination to be opened belongs to needs document to be protected, when judging all to be, then using record
Module performs further operation, otherwise, does not perform operation;
The logging modle, the fileinfo that file is opened for recording;
Second initialization module, for when user preserves file by I/O event requests, initialization requests to be preserved
The I/O events of file;
Second judge module, for judging whether the I/O events are operation before file write-in, and judges to want
Whether the file destination of preservation belongs to needs document to be protected, when judging all to be, then using first processing module perform into
The operation of one step, any operation is not carried out otherwise;
The first processing module, for according to the fileinfo recorded when opening file, judging the file to be preserved
Whether default file Writing condition is met, if meeting Writing condition, the file to be preserved;Otherwise, refusal data are write
Enter disk.
It is preferred that used as a kind of embodiment, the first processing module includes that fileinfo searches submodule, original
Data judging submodule and new content judging submodule, wherein:
The fileinfo searches submodule, the fileinfo of file is preserved for searching, if described will preserve file
Fileinfo exist, then further judged using legacy data judging submodule;Otherwise refusal data write disk;
The legacy data judging submodule, for judging whether the legacy data in the file to be preserved keeps constant,
If it is, further being judged using new content judging submodule;Otherwise refusal data write disk;
The new content judging submodule, for judging whether there is the content for newly increasing in the file to be preserved, if
It is, then the file to be preserved;Otherwise refusal data write disk.
It is preferred that as a kind of embodiment, in the device of the data protection, also setting mould including denied access
Block, wherein:
The denied access setup module, is connected with file system controller, and file is preserved for setting the request
The relevant information of I/O events is denied access, and is operated by file system controller control execution denied access.
Beneficial effects of the present invention include:
The method and device of a kind of data protection that the present invention is provided, by data after the inspection to user right and write-in
With the comparing of initial data, modification of the disabled user to file initial data is effectively prevented, it is to avoid existing data in text
Loss;Simultaneously, it is allowed to which user new content and is preserved on the basis of file initial data, so as to original is being effectively ensured
On the basis of beginning text data are not modified or delete, the expansion to legacy data is realized.
Specific embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing to of the invention real
The specific embodiment for applying the method and device of the data protection of example is illustrated.It should be appreciated that specific reality described herein
Apply example to be only used to explain the present invention, be not intended to limit the present invention.
The method of the data protection of the embodiment of the present invention, as shown in figure 1, comprising the following steps:
S100, when user opens file by I/O event requests, initialization requests open the I/O events of file;
When certain file stored during user will read computer, the I/O things that file is opened in request can be first sent
Part, the request opens the I/O event transmissions of file to file system controller, can obtain described by file system controller
The I/O events of file are opened in request, and initialize the I/O events.
S200, judges whether the I/O events that file is opened in the request are operation before file reads in, and judge to be beaten
Whether the file destination opened belongs to needs document to be protected, when judging all to be, then performs next step, otherwise, does not perform
Operation;
Judge whether the I/O events that file is opened in the request are operation before file reads in, when judging the request
When the I/O events for opening file are not the operations before file reads in, then any operation is not carried out;When judge it is described request open
When the I/O events of file are the operation before file reads in, continuation judges whether the file destination to be opened belongs to needs protection
File, when judging to need document to be protected, then perform next step, further operated, when judging not to be
It is when needing document to be protected, then normal to open file, other operation bidirectionals are not done.
Herein it should be noted that described to need document to be protected be some texts for setting as needed.Such as text
To need document to be protected, the legacy data in file is not intended to be changed presents a, then when user's request opens a files
When, belong to the operation to file to be protected, then perform next step.
S300, record to be opened the fileinfo of file;
During to needing text to be protected to operate, then the original file information of recording text file first.
It is preferred that used as a kind of embodiment, the fileinfo includes the size and duplicate of the document of file.
The copy of the file to be opened and the size of file are preserved in the specified location of local disk, so as to subsequently when using
When family preserves to file by and the comparing of file clean copy determine whether file meets the condition of preservation.
S400, when user preserves file by I/O event requests, initialization requests preserve the I/O events of file;
It is similar with step S100, when user will preserve file to local disk, send the I/O things that request preserves file
Part, the request preserves the I/O event transmissions of file to file system controller, and described asking is obtained by file system controller
The I/O events for preserving file are sought, and initializes the I/O events that the request preserves file.
S500, judges whether the I/O events are operation before file write-in, and judges that the file destination to be preserved is
It is no belong to need document to be protected, when judging all to be, then further judged, any operation is not carried out otherwise;
Judge whether the I/O events that file is opened in the request are operation before file write-in, when judging the request
When the I/O events for opening file are not the operations before file write-in, then any operation is not carried out;When judge it is described request open
When the I/O events of file are the operation before file write-in, continuation judges whether the file destination to be opened belongs to needs protection
File, when judging to need document to be protected, then perform next step, further operated, when judging not to be
It is when needing document to be protected, then normal to open file, other operation bidirectionals are not done.
S600, according to the fileinfo recorded when opening file, judges whether the file to be preserved meets default text
Part Writing condition, if meeting Writing condition, the file to be preserved;Otherwise, refusal data write-in disk.
For the file to be preserved, judge whether its file to be preserved meets the condition write with default file, if
The file meets default Writing condition, then preserve file, otherwise refuses data write-in disk.
The default Writing condition refers to that the legacy data in the file to be preserved keeps constant, and the file to be preserved
In have the content for newly increasing.
It is preferred that used as a kind of embodiment, step S600 is comprised the following steps:
S610, lookup will preserve the fileinfo of file, if the fileinfo that preserve file is present, enter to advance
One step judges;Otherwise refusal data write disk;
The fileinfo is the fileinfo that local disk specified location is stored in when file is opened, and searches described
Whether the fileinfo to be preserved is had in the specified location of local disk, if so, then according to the fileinfo for being found to wanting
The file of preservation is further judged, if not having, refusal data write-in disk.
Herein it should be noted that by step S500, having determined that catalogue of the file in document to be protected
In, if local disk specified location will not preserve the fileinfo of file, illustrate that the operation opened to file is not
Performed by the I/O events of standard, therefore, the information of original is not preserved, it is impossible to judged to protect according to original text
Whether the file deposited meets the condition of file write-in, so refusal data write-in disk.So as to be prevented effectively from by input instruction
Modification text.
When being read by effective I/O events, preserving file, to the preservation of text could possibly through inspection,
It is saved in local disk.
S620, judges whether the legacy data in the file to be preserved keeps constant, if it is, further being sentenced
It is disconnected;Otherwise refusal data write disk;
According to the fileinfo that preserve file for being found, judge whether the legacy data in the file to be preserved is protected
Hold constant, the file that will be preserved and the fileinfo for being found are compared, searched to be included in the file of preservation
To fileinfo in all the elements, that is, prove the text to be preserved in legacy data be to maintain it is constant, therefore
The file to be preserved can further be judged, in the file that preserves not comprising in found fileinfo
All the elements, or content is changed, then prove the text to be preserved to the original contents in file carried out editor, more
Change, then the data write-in disk after refusal change.Ensure that the accuracy and integrality of initial data in text.
Whether S630, judges there is the content for newly increasing in the file to be preserved, if so, the text to be preserved described in then preserving
Part;Otherwise refusal data write disk.
According to the judgement of step S620, it has been determined that whole initial data are contained in the file to be preserved, then further
Judge whether increased new content in the file to be preserved, to have the content for newly increasing in the text of preservation, preserve
Including the new text including the content that newly increases, to the content not newly increased in the text that preserves, then refuse
Exhausted data write the initial data of disk, i.e. text.
It is preferred that as a kind of embodiment, have determined that in a previous step in the file to be preserved comprising original
The data message in file, then in this step can be by comparing the size of the text to be preserved and being found
Fileinfo in original document size determine the file to be preserved in whether have the content for newly increasing.To the file for preserving
Size more than original document size, then illustrate the text to be preserved in have the content for newly increasing, then preserve to preserve
File;Otherwise refusal data write disk.
It is preferred that as a kind of embodiment, step following steps were also included before step S600:
S060, operating system checks whether user has write permission, if it has, then performing next step operation, otherwise, operation
System forbids user to process file.
The I/O events of file are preserved according to user's request, operating system checks whether user has the authority write, if so,
Step S600 is then performed, judges whether the file to be preserved meets default file Writing condition, otherwise illustrate that user does not write
The authority that authority, i.e. user are not modified to file, then operating system directly forbid user to process file, that is, refuse
Exhausted user operates to change, preservations of file etc..
It is preferred that used as a kind of embodiment, the refusal data write disk, comprise the following steps:
S6001, the relevant information for setting the I/O events that the request preserves file is denied access;
The relevant information for setting the I/O events that the request preserves file is denied access, and feedback-related information is to literary
Part system controller.
S6002, file system controller performs denied access operation.
The information of denied access of the file system controller according to set by performs denied access operation, i.e. refusal and preserves text
Part.
It is preferred that as shown in Fig. 2 in another embodiment of the invention, comprising the following steps:
S700, user's request opens file, system initialization I/O events, into step S701;
S701, judges whether the I/O events are that file reads in preceding action and file destination belongs to the monitored catalogue of needs,
If it is, into step S702;
The size of file is opened in step S702, record request, and preserves the copy of file;
Step S703, user's request preserves file, system initialization I/O events, into step S704;
Step S704, judges that whether the I/O events are action before file write-in, and file destination belongs to what needs were monitored
Catalogue, then into step S705;
Step S705, operating system checks whether user has write permission, if it is, into step S706, otherwise entering
Enter step S712;
Step S706, searches the size information of this document, if not finding the size content information on this document, enters
Enter step S709;If finding effective information, into step S707;
Step S707, judges that whether constant the content before file write-in keeps, if it is, into step S708, otherwise
Into step S709;
Step S708, judges whether file has new content, if it is, into step S711, otherwise into step
S709;
Step S709, the relevant information for setting I/O events is denied access, into step S710;
Step S710, file system performs denied access;
The file system performs denied access, that is, refuse file write-in disk, file is not preserved.
Step S711, it is allowed to which data write disk;
Allow data to write disk, that is, preserve file.
Step S712, system performs denied access.
Based on same inventive concept, a kind of device of data protection of the embodiment of the present invention, due to this device solve problem
Principle is similar to a kind of foregoing method of data protection, therefore, the implementation of the device can according to preceding method the step of realize,
Part is repeated to repeat no more.
A kind of device of data protection, as shown in figure 3, including the first initialization module 100, the first judge module 200, note
Record module 300, the second initialization module 400, the second judge module 500 and first processing module 600, wherein:
First initialization module 100, for when user by I/O event requests open file when, initialization requests
Open the I/O events of file;
First judge module 200, for judging whether the I/O events that file is opened in the request are before file reads in
Operation, and judge whether the file destination to be opened belongs to and need document to be protected, when judging all to be, then using note
Record module performs further operation, otherwise, does not perform operation;
Judge whether the I/O events that file is opened in the request are operation before file reads in, when judging the request
When the I/O events for opening file are not the operations before file reads in, then any operation is not carried out;When judge it is described request open
When the I/O events of file are the operation before file reads in, continuation judges whether the file destination to be opened belongs to needs protection
File, when judging to need document to be protected, then perform next step, further operated, when judging not to be
It is when needing document to be protected, then normal to open file, other operation bidirectionals are not done.
The logging modle 300, the fileinfo that file is opened for recording;
The fileinfo includes opening the size of file and opening the duplicate of the document of file.
Second initialization module 400, for when user by I/O event requests preserve file when, initialization requests
Preserve the I/O events of file;
Second judge module 500, for judging whether the I/O events are operation before file write-in, and judges
Whether the file destination to be preserved belongs to needs document to be protected, when judging all to be, is then held using first processing module
The further operation of row, any operation is not carried out otherwise;
The first processing module 600, for according to the fileinfo recorded when opening file, judging the text to be preserved
Whether part meets default file Writing condition, if meeting Writing condition, the file to be preserved;Otherwise, data are refused
Write-in disk.
It is preferred that used as a kind of embodiment, the first processing module 600 includes that fileinfo searches submodule
610, legacy data judging submodule 620 and new content judging submodule 630, wherein:
The fileinfo searches submodule 610, the fileinfo of file is preserved for searching, if described will preserve text
The fileinfo of part is present, then further judged using legacy data judging submodule;Otherwise refusal data write magnetic
Disk;
The legacy data judging submodule 620, for judging whether the legacy data in the file to be preserved keeps not
Become, if it is, further being judged using new content judging submodule;Otherwise refusal data write disk;
The new content judging submodule 630, for judging whether there is the content for newly increasing in the file to be preserved, such as
It is really, then the file to be preserved;Otherwise refusal data write disk.
It is preferred that as a kind of embodiment, the device of a kind of data protection of the present embodiment, also including denied access
Setup module 700, wherein:
The denied access setup module 700, is connected with file system controller, and file is preserved for setting the request
I/O events relevant information be denied access, and by the file system controller control perform denied access operate.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, but simultaneously
Therefore the limitation to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that for one of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Shield scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.