WO2011019177A2 - 가상 환경을 이용한 데이터 보호 방법과 장치 - Google Patents
가상 환경을 이용한 데이터 보호 방법과 장치 Download PDFInfo
- Publication number
- WO2011019177A2 WO2011019177A2 PCT/KR2010/005215 KR2010005215W WO2011019177A2 WO 2011019177 A2 WO2011019177 A2 WO 2011019177A2 KR 2010005215 W KR2010005215 W KR 2010005215W WO 2011019177 A2 WO2011019177 A2 WO 2011019177A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- virtual environment
- virtual
- computer
- environment
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Definitions
- the present invention relates to data protection using a virtual environment, and more particularly, to process data input or output inside a virtual environment that supports the execution of an application running on a computer, thereby protecting the data from an accident.
- the present invention relates to a data protection method and apparatus using a virtual environment.
- Patent Document 1 US Patent Publication No. 2008-0072000
- the present invention has been proposed to solve the problems of the prior art, and by processing the input or output in the virtual environment that can support the execution of the application running on the computer for the data generated in a specific process, the corresponding data It is possible to protect the data from leakage accidents by preventing unauthorized export to the computer's local environment.
- a data protection method using a virtual environment includes: establishing a virtual environment that supports execution of an application program running on a computer; and wherein a process generated by the application program meets preset conditions.
- the method may include driving the process in the virtual environment, and processing an input request or an output request of data generated in the driven process in the virtual environment.
- the establishing of the virtual environment may include establishing a virtual data store in the virtual environment that is accessible by a process running inside the virtual environment but inaccessible to a process running outside the virtual environment. Can be.
- the virtual data storage may include a virtual image file residing on a local disk of the computer, an external storage device connected to the computer, a file server connected to the computer by a network, a web hard that can be accessed by the computer, and a computer that can be accessed by the computer. It may include at least one of the FTP (File Transfer Protocol) host.
- FTP File Transfer Protocol
- the driving may include monitoring the creation of the process, determining whether the process is permitted access to the virtual environment based on a result of comparing the monitored process with the preset condition, A process that determines to be allowed to run inside the virtual environment, but a process that determines that access is not allowed may include driving outside of the virtual environment.
- the input request or output request of the data may be processed using the virtual data store.
- the virtual data store When displaying the state information of the local disk, the virtual data store may be mapped to the local disk, and may be displayed by merging with the state information of the virtual data store.
- the data may be stored in the virtual data store after an encryption process according to a predetermined security rule.
- a decryption process that follows a predetermined security rule may be performed.
- the data When there is a data export request from the virtual environment to the local environment, the data may be encrypted according to the predefined security rule and stored on the local disk of the local environment according to the data export request.
- the data When there is a data import request from the local environment to the virtual environment, the data may be decrypted and read according to a predetermined security rule according to the data import request.
- a data protection device using a virtual environment includes a process monitoring unit that monitors a process by an application program running on a computer, and a virtual environment that supports execution of the application program.
- the virtualization driving unit may include a virtual data store in the virtual environment that can access a process running inside the virtual environment but cannot access a process running outside the virtual environment.
- the virtual data storage may include a virtual image file residing on a local disk of the computer, an external storage device connected to the computer, a file server connected to the computer by a network, a web hard that can be accessed by the computer, and a computer that can be accessed by the computer. It may include at least one of the FTP (File Transfer Protocol) host.
- FTP File Transfer Protocol
- the virtualization driver may include a virtualization component for supporting the execution of the application program in the virtual environment.
- the data processor may process an input request or an output request of the data by using the virtual data store.
- the data processor may map the virtual data store to the local disk and merge and display the state information of the virtual data store.
- the data may be stored in the virtual data store through an encryption process according to a predetermined security rule.
- the data may be read from the virtual data store through a decryption process according to a predetermined security rule.
- the data processor may encrypt the data according to a predetermined security rule according to the data export request and store the data on a local disk of the local environment.
- the data processor may decrypt and read the data according to a predetermined security rule according to the data import request.
- a secure virtual environment that can support the execution of an application running on a computer is created, and important data is processed only by the input or output inside the virtual environment to access the data outside of the virtual environment, that is, in the local environment.
- FIG. 1 is a block diagram of an exemplary computer suitable for operating a data protection device using a virtual environment according to an embodiment of the present invention.
- FIG. 2 is a block diagram of a data protection device according to an embodiment of the present invention.
- FIG. 3 is a flowchart illustrating a data protection method using a virtual environment according to an embodiment of the present invention.
- FIG. 4 is a flowchart illustrating a data protection mode by a data protection method using a virtual environment according to an embodiment of the present invention.
- FIG. 1 is a block diagram of an exemplary computer suitable for operating a data protection device using a virtual environment according to an embodiment of the present invention.
- the computer 1 may include a hardware layer 10, an operating system layer 20, an application program layer 30, a data protection device 40, and the like.
- the hardware layer 10 may include components such as a processor, memory, mass storage (such as hard drives, optical drives, etc.), graphical display subsystems, and the like.
- the operating system layer 20 may include an operating system supporting an application program of the application program layer 30, and the operating system performs a user's preferred environment setting and a program setting for an application program of the application program layer 30. can do.
- the application layer 30 may include an application program, support files, user-generated data, and the like, and the application program may include various components including a code module, a text module, a data file, a resource, a configuration file, and the like. have.
- the user-generated data may mean a data file generated as a result of using an application program.
- the data protection device 40 establishes a virtual environment capable of supporting the execution of an application running on the computer 1, and drives a process meeting a preset condition among the processes by the application program inside the virtual environment,
- the input request or output request of data generated by the running process can be selectively processed inside the virtual environment to prevent unauthorized leakage of the data.
- the data protection device 40 may be mounted on the computer 1 as shown in the drawing, and may be separately installed externally and connected to the computer 1 through a communication interface to interoperate with each other.
- the virtual environment refers to resources necessary or available for a process to operate in an operating system, and may include various kinds of hardware such as files, a registry, memory, and various computing environments such as a network. That is, the aforementioned various computing environments are actually present, but they are virtualized as if the same or similar computing environments exist.
- FIG. 2 is a block diagram of a data protection device 40 according to an embodiment of the present invention.
- the data protection device 40 may include a process detector 410, a virtualization driver 420, and a data processor 430.
- the process detecting unit 410 may monitor a process generated by an application program operated by a computer. In other words, it is possible to monitor the creation of a process by the execution of an application program.
- the virtualization driver 420 establishes a virtual environment 440 supporting the execution of the application 441, and processes a process meeting the preset condition among the processes monitored by the process monitor 410 of the virtual environment 440. It can be driven internally.
- the preset condition refers to identification information of a process to be monitored for data protection or identification information of an application program. The identification information of the process generated by the execution of the application program and the identification information according to the preset condition may be compared to determine whether the corresponding process or the application program is included in the monitoring target. The determination may be performed by the process monitoring unit 410 or may be performed by the virtualization driving unit 420.
- the virtualization driver 420 may access a process driven inside the virtual environment 440, but may not access a process driven outside the virtual environment 440. 440) to build.
- the virtual data store 445 may include a virtual image file existing on a local disk of a computer, an external storage device connected to the computer, a file server connected to the computer, a web hard drive connected to the computer, and an FTP host accessible to the computer. At least one can be used.
- the virtualization driver 420 may include a virtualization component 443 included in the virtual environment 440 to support the execution of the application 441 in the virtual environment 440.
- the data processor 430 may perform an input request or an output request in the virtual environment 440 that requires internal processing occurring in a process driven in the virtual environment 440. That is, the data is stored in the virtual data store 445 included in the virtual environment 440 or the required data is read from the virtual data store 445.
- the data processing unit 430 may perform encryption according to a predetermined security rule and store the data.
- the data processing unit 430 may read the contracted security when reading data from the virtual data store 445. Can be read by decoding according to the rules.
- the virtual data store 445 may be merged with the state information of the virtual data store 445.
- the data processor 430 may export the data of the local environment to the virtual environment 440 so that the data of the virtual environment 440 may be stored on the local disk of the local environment.
- You can provide a data import function that can be imported.
- the data may be stored on a local disk through a data export function, and the stored data may be transferred to another virtual environment for use.
- data transferred from another virtual environment and stored in the local disk may be used in the virtual environment 440 through a data import function.
- a data export or data import When a data export or data import is requested, it can provide status information of the local disk that actually exists in the local environment, and encrypt it according to the contracted security rules when exporting data to the local disk, that is, when storing data on the local disk.
- the encrypted data is read and decrypted according to the predetermined security rules.
- the virtualization driver 420 of the data protection device 40 builds a virtual environment 440 that can support execution of an application program included in the application program layer 30 (S501).
- the virtual environment 440 is constructed to include a virtual data store 445.
- the virtual data store 445 may be accessed by a process running inside the virtual environment 440, that is, a process generated by the application 441, but may be driven outside the virtual environment 440. It is not accessible in the process.
- the virtual data store 440 is a virtual image file existing on a local disk included in the hardware layer 10 of the computer 1, an external storage device connected to the computer 1, and a network to the computer 1.
- At least one of a connected file server, a web hard drive that can be connected to the computer 1, and an FTP host that can be connected to the computer 1 can be used.
- the virtualization driver 420 includes a virtualization component 443 included in the virtual environment 440 for supporting the execution of the application 441 in the virtual environment 440.
- the process monitoring unit 410 monitors the generation of the process by the execution of the application program on the application program layer 30 (S503).
- the process monitoring unit 410 or the virtualization driving unit 420 compares the identification information of the process generated by the execution of the application program with the preset identification information, and the identification information of the currently generated process corresponds to the predetermined identification information.
- the process is determined as a monitoring target (S505).
- the identification information of the process or application to block data leakage is set in advance and stored, and the predetermined identification information is compared with the identification information of the generated process to determine whether the corresponding process is accessible to the virtual environment. To judge.
- the virtualization driver 420 may execute the application 441 in the virtual environment 440. Drive (S507).
- the virtualization driving unit 420 determines whether an input request or an output request of data occurs by a process of the application program 441 running in the virtual environment 440 (S509), and the data processing unit 430 determines the determined data.
- the input request or output request of the input request or output request of the internal security processing is required in the virtual environment 440. That is, a data protection operation is performed to process the input or output of data by using the virtual data storage 445 included in the virtual environment 440 so that the corresponding data cannot be leaked to the outside (S511).
- step S505 if the current process does not meet the preset condition in step S505, that is, the process is not allowed to run in the virtual environment 440, the process or the corresponding application is run in the actual local environment (S513).
- step S511 the data protection operation according to step S511 described above will be described in more detail with reference to FIG. 4.
- the data processing unit 430 determines the input or output request of the data by the step S509 shown in FIG. 3, the data processing unit 430 enters the data protection mode (S601), and determines whether the data is an input request or an output of the data (S603). ).
- the data processing unit 430 maps the virtual data store 445 to the local disk included in the hardware layer 10 of the computer 1 to display the state information of the local disk.
- the display is merged with the information (S611, S621).
- the design program is an application program that allows access to the virtual environment 440 by a preset condition
- the design program is driven inside the virtual environment 440.
- the schematic creation program 441 running in the virtual environment 440, for example, when the user requests to save a file to a local recording medium such as a hard disk or a removable disk of the local environment, the schematic creation program 441 A data output request is issued.
- the data processor 430 maps the virtual environment 440 and the local environment, and displays the folder list by merging the state information of the virtual data store 445 and the state information of the local disk (S621).
- the user requests a list of folders formed in a local recording medium of a local environment, but actually provides a list of folders formed in the virtual data store 445.
- the user selects a specific folder in the folder list through the user interface of the schematic drawing program (S623), the user provides a function of storing data in the selected folder. At this time, the data is stored after the encryption process according to the predetermined security rules (S625).
- step S603 when a data input request is generated by the schematic drawing program, for example, when a user requests reading of a file targeting a local recording medium such as a hard disk or a removable disk of a local environment, the data processing unit 430 may be virtual.
- the environment 440 and the local environment are mapped to display a list of folders and files (S611). That is, the user requests a list of folders and files stored in a local recording medium of the local environment, but actually provides a list of folders and files stored in the virtual data storage 445.
- the folder and file list are provided when the folder is created in the virtual data store 445. That is, if a folder is not created in the root directory and a file is stored in the root directory, a file list is provided.
- a function of reading the selected file is provided.
- the data is read after the decryption process according to the predetermined security rules (S615).
- the data processing unit 430 performs input or output processing only inside the virtual environment 440, and the user uses a local recording medium in the local environment as if the computer 1 is used in a general local environment. It is recognizable but in practice uses the virtual data store 445 included in the virtual environment 440. Therefore, in the data protection mode, unauthorized leakage of data to the outside of the computer 1 is essentially blocked. For example, if a navigation program capable of browsing a file or folder at the application layer 30 is set to not allow access to the virtual environment 440, the process by the navigation program may be a virtual data store of the virtual environment 440. 445 may not be accessed, and only a local recording medium of a local environment may be searched so that the user may not leak data of the virtual data store 445 to the outside.
- a data export function for storing data of the virtual environment 440 on a local disk of a local environment and data capable of importing data of the local environment into the virtual environment 440. Let's take a closer look at the import function.
- the data processing unit 430 displays a folder list based on the state information of the local disk. do.
- the data file is stored in the selected folder after the encryption process is performed according to a predetermined security rule. Since the data file stored in the local environment is encrypted, it cannot be viewed in the general local environment, but only in the virtual environment or the compatible virtual environment in which the data file was originally created.
- the data processing unit 430 determines that the local disk of the local disk. List folders and files based on status information.
- the user selects a specific file in the file list through the user interface of the application program 441, a function of reading the selected file is provided.
- the data is encrypted data, it is read after going through the decryption process according to the predetermined security rules.
- Embodiments within the scope of the present invention may include a computer readable medium storing computer executable instructions or data structures.
- the computer readable medium may be a computer controllable medium having general functions or special functions.
- the computer readable media may include, for example, random-access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), CD-ROM and optical disks, magnetic disks, and magnetic storage devices. Include.
- the computer-readable medium may also include, in addition to the above-described medium, a medium capable of storing program code in the form of computer-executable instructions or data structures.
Abstract
Description
Claims (20)
- 컴퓨터에서 운용하는 응용 프로그램의 실행을 지원하는 가상 환경을 구축하는 단계와,상기 응용 프로그램에 의해 생성된 프로세스가 기 설정 조건에 부합하는 경우 상기 프로세스를 상기 가상 환경의 내부에서 구동하는 단계와,구동한 상기 프로세스에서 발생하는 데이터의 입력 요청 또는 출력 요청을 상기 가상 환경의 내부에서 처리하는 단계를 포함하는가상 환경을 이용한 데이터 보호 방법.
- 제 1 항에 있어서,상기 가상 환경을 구축하는 단계는, 상기 가상 환경의 내부에서 구동하는 프로세스는 접근할 수 있으나 상기 가상 환경의 외부에서 구동하는 프로세스는 접근할 수 없는 가상 데이터 저장소를 상기 가상 환경에 내에 구축하는 단계를 포함하는가상 환경을 이용한 데이터 보호 방법.
- 제 2 항에 있어서,상기 가상 데이터 저장소는, 상기 컴퓨터의 로컬 디스크에 존재하는 가상 이미지 파일, 상기 컴퓨터에 연결된 외부 저장장치, 상기 컴퓨터에 네트워크로 연결된 파일 서버, 상기 컴퓨터로 접속할 수 있는 웹하드, 상기 컴퓨터로 접속할 수 있는 FTP(File Transfer Protocol) 호스트 중에서 적어도 어느 하나를 포함하는가상 환경을 이용한 데이터 보호 방법.
- 제 1 항에 있어서,상기 구동하는 단계는,상기 프로세스의 생성을 감시하는 단계와,감시한 상기 프로세스와 상기 기 설정 조건을 비교한 결과에 의거하여 상기 가상 환경에 접근이 허용된 프로세스인가를 판정하는 단계와,상기 접근이 허용된 것으로 판정한 프로세스는 상기 가상 환경의 내부에서 구동하되 상기 접근이 허용되지 않은 것으로 판정한 프로세스는 상기 가상 환경의 외부에서 구동하는 단계를 포함하는가상 환경을 이용한 데이터 보호 방법.
- 제 2 항에 있어서,상기 데이터의 입력 요청 또는 출력 요청은 상기 가상 데이터 저장소를 이용하여 처리되는가상 환경을 이용한 데이터 보호 방법.
- 제 5 항에 있어서,상기 로컬 디스크의 상태 정보를 표시할 때에 상기 가상 데이터 저장소를 로컬 디스크에 맵핑시켜서, 상기 가상 데이터 저장소의 상태 정보와 머지(merge)하여 표시하는가상 환경을 이용한 데이터 보호 방법.
- 제 5 항에 있어서,상기 출력 요청시에, 상기 데이터는 기 약정된 보안 규칙에 따른 암호화 과정을 거치고 상기 가상 데이터 저장소에 저장되는가상 환경을 이용한 데이터 보호 방법.
- 제 5 항에 있어서,상기 입력 요청시에, 상기 가상 데이터 저장소로부터 상기 데이터를 읽어 들일 때에 기 약정된 보안규칙을 따르는 복호화 과정을 거치는가상 환경을 이용한 데이터 보호 방법.
- 제 1 항에 있어서,상기 가상 환경에서 로컬 환경으로의 데이터 내보내기 요청이 있는 경우에, 상기 데이터 내보내기 요청에 따라 상기 데이터를 기 약정된 보안규칙에 따라 암호화하여 상기 로컬 환경의 로컬 디스크에 저장하는 단계를 더 포함하는가상 환경을 이용한 데이터 보호 방법.
- 제 1 항에 있어서,로컬 환경에서 상기 가상 환경으로의 데이터 가져오기 요청이 있는 경우에, 상기 데이터 가져오기 요청에 따라 상기 데이터를 기 약정된 보안규칙에 따라 복호화하여 읽어 들이는가상 환경을 이용한 데이터 보호 방법.
- 컴퓨터에서 운용하는 응용 프로그램에 의한 프로세스를 감시하는 프로세스 감시부와,상기 응용 프로그램의 실행을 지원하는 가상 환경을 구축하여 상기 프로세스가 기 설정 조건에 부합하는 경우 상기 프로세스를 상기 가상 환경의 내부에서 구동하는 가상화 구동부와,상기 가상 환경의 내부에서 구동한 상기 프로세스에서 발생하는 데이터의 입력 요청 또는 출력 요청을 상기 가상 환경의 내부에서 처리하는 데이터 처리부를 포함하는가상 환경을 이용한 데이터 보호 장치.
- 제 11 항에 있어서,상기 가상화 구동부는, 상기 가상 환경의 내부에서 구동하는 프로세스는 접근할 수 있으나 상기 가상 환경의 외부에서 구동하는 프로세스는 접근할 수 없는 가상 데이터 저장소를 상기 가상 환경에 포함하여 구축하는가상 환경을 이용한 데이터 보호 장치.
- 제 12 항에 있어서,상기 가상 데이터 저장소는, 상기 컴퓨터의 로컬 디스크에 존재하는 가상 이미지 파일, 상기 컴퓨터에 연결된 외부 저장장치, 상기 컴퓨터에 네트워크로 연결된 파일 서버, 상기 컴퓨터로 접속할 수 있는 웹하드, 상기 컴퓨터로 접속할 수 있는 FTP(File Transfer Protocol) 호스트 중에서 적어도 어느 하나를 포함하는가상 환경을 이용한 데이터 보호 장치.
- 제 12 항에 있어서,상기 가상화 구동부는, 상기 응용 프로그램의 실행을 지원하기 위한 가상화 컴포넌트를 상기 가상 환경에 포함하여 구축하는가상 환경을 이용한 데이터 보호 장치.
- 제 12 항에 있어서,상기 데이터 처리부는, 상기 가상 데이터 저장소를 이용하여 상기 데이터의 입력 요청 또는 출력 요청을 처리하는가상 환경을 이용한 데이터 보호 장치.
- 제 12 항에 있어서,상기 데이터 처리부는, 상기 로컬 디스크의 상태 정보를 표시할 때에 상기 가상 데이터 저장소를 로컬 디스크에 맵핑시켜서 상기 가상 데이터 저장소의 상태 정보와 머지(merge)하여 표시하는가상 환경을 이용한 데이터 보호 장치.
- 제 15 항에 있어서,상기 출력 요청 시에, 기 약정된 보안규칙에 따른 암호화 과정을 거치서 상기 가상 데이터 저장소에 상기 데이터를 저장하는가상 환경을 이용한 데이터 보호 장치.
- 제 15 항에 있어서,상기 입력 요청시에, 기 약정된 보안규칙에 따른 복호화 과정을 거쳐서 상기 가상 데이터 저장소로부터 상기 데이터를 읽어 들이는가상 환경을 이용한 데이터 보호 장치.
- 제 11 항에 있어서,상기 데이터 처리부는, 상기 가상 환경에서 로컬 환경으로의 데이터 내보내기 요청이 있는 경우에, 상기 데이터 내보내기 요청에 따라 상기 데이터를 기 약정된 보안규칙에 따라 암호화하여 상기 로컬 환경의 로컬 디스크에 저장하는가상 환경을 이용한 데이터 보호 장치.
- 제 11 항에 있어서,상기 데이터 처리부는, 상기 가상 환경으로의 데이터 가져오기 요청이 있는 경우에, 상기 데이터 가져오기 요청에 따라 상기 데이터를 기 약정된 보안규칙에 따라 복호화하여 읽어 들이는가상 환경을 이용한 데이터 보호 장치.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/389,883 US8782798B2 (en) | 2009-08-11 | 2010-08-10 | Method and apparatus for protecting data using a virtual environment |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2009-0073831 | 2009-08-11 | ||
KR1020090073831A KR101047884B1 (ko) | 2009-08-11 | 2009-08-11 | 가상 환경을 이용한 데이터 보호 방법과 장치 및 이 방법을 수행하는 프로그램이 기록된 컴퓨터로 읽을 수 있는 기록매체 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2011019177A2 true WO2011019177A2 (ko) | 2011-02-17 |
WO2011019177A3 WO2011019177A3 (ko) | 2011-05-19 |
Family
ID=43586626
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2010/005215 WO2011019177A2 (ko) | 2009-08-11 | 2010-08-10 | 가상 환경을 이용한 데이터 보호 방법과 장치 |
Country Status (3)
Country | Link |
---|---|
US (1) | US8782798B2 (ko) |
KR (1) | KR101047884B1 (ko) |
WO (1) | WO2011019177A2 (ko) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102314373A (zh) * | 2011-07-07 | 2012-01-11 | 李鹏 | 一种基于虚拟化技术实现安全工作环境的方法 |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101394369B1 (ko) * | 2012-11-13 | 2014-05-13 | 주식회사 파수닷컴 | 가상 폴더를 이용한 보안 콘텐츠 관리 장치 및 방법 |
TW201427366A (zh) * | 2012-12-28 | 2014-07-01 | Ibm | 企業網路中為了資料外洩保護而解密檔案的方法與資訊裝置 |
JP6106805B2 (ja) | 2013-04-18 | 2017-04-05 | フェイスコン カンパニーリミテッドFacecon Co.,Ltd. | ファイルセキュリティー方法及びそのための装置 |
KR101599740B1 (ko) | 2014-07-17 | 2016-03-04 | 한국전자통신연구원 | 전자문서 불법 유출 방지 방법 및 장치 |
CN107392062A (zh) * | 2017-07-28 | 2017-11-24 | 宣以政 | 一种为普通移动存储设备增加数据泄漏防护功能的方法、系统和装置 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5555385A (en) * | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
KR20010109271A (ko) * | 1999-10-01 | 2001-12-08 | 추후제출 | 데이터보안 제공을 위한 시스템과 방법 |
US6725289B1 (en) * | 2002-04-17 | 2004-04-20 | Vmware, Inc. | Transparent address remapping for high-speed I/O |
KR20050085015A (ko) * | 2002-11-18 | 2005-08-29 | 에이알엠 리미티드 | 보안 도메인과 비보안 도메인을 갖는 시스템 내에서 가상메모리 어드레스의 물리적 메모리 어드레스로의 매핑 |
US20070067435A1 (en) * | 2003-10-08 | 2007-03-22 | Landis John A | Virtual data center that allocates and manages system resources across multiple nodes |
KR20070049885A (ko) * | 2005-11-09 | 2007-05-14 | 삼성전자주식회사 | 가상 메모리를 제어하는 장치 및 방법 |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6553466B1 (en) | 1999-10-01 | 2003-04-22 | Infraworks Corporation | Shared memory blocking method and system |
US6922774B2 (en) * | 2001-05-14 | 2005-07-26 | The United States Of America As Represented By The National Security Agency | Device for and method of secure computing using virtual machines |
EP1349033B1 (en) * | 2002-03-26 | 2004-03-31 | Soteres GmbH | A method of protecting the integrity of a computer program |
US7117284B2 (en) | 2002-11-18 | 2006-10-03 | Arm Limited | Vectored interrupt control within a system having a secure domain and a non-secure domain |
EP1760619A1 (en) * | 2005-08-19 | 2007-03-07 | STMicroelectronics Ltd. | System for restricting data access |
US8046837B2 (en) * | 2005-08-26 | 2011-10-25 | Sony Corporation | Information processing device, information recording medium, information processing method, and computer program |
US7594072B2 (en) | 2006-09-15 | 2009-09-22 | Hitachi, Ltd. | Method and apparatus incorporating virtualization for data storage and protection |
US8458695B2 (en) * | 2006-10-17 | 2013-06-04 | Manageiq, Inc. | Automatic optimization for virtual systems |
JP2008187338A (ja) * | 2007-01-29 | 2008-08-14 | Hewlett-Packard Development Co Lp | 制御システムおよびその方法。 |
US7840839B2 (en) * | 2007-11-06 | 2010-11-23 | Vmware, Inc. | Storage handling for fault tolerance in virtual machines |
US8799892B2 (en) * | 2008-06-09 | 2014-08-05 | International Business Machines Corporation | Selective memory donation in virtual real memory environment |
CN101414277B (zh) * | 2008-11-06 | 2010-06-09 | 清华大学 | 一种基于虚拟机的按需增量恢复容灾系统及方法 |
US20100199351A1 (en) * | 2009-01-02 | 2010-08-05 | Andre Protas | Method and system for securing virtual machines by restricting access in connection with a vulnerability audit |
US8391494B1 (en) * | 2009-02-26 | 2013-03-05 | Symantec Corporation | Systems and methods for protecting enterprise rights management keys |
-
2009
- 2009-08-11 KR KR1020090073831A patent/KR101047884B1/ko active IP Right Grant
-
2010
- 2010-08-10 WO PCT/KR2010/005215 patent/WO2011019177A2/ko active Application Filing
- 2010-08-10 US US13/389,883 patent/US8782798B2/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5555385A (en) * | 1993-10-27 | 1996-09-10 | International Business Machines Corporation | Allocation of address spaces within virtual machine compute system |
KR20010109271A (ko) * | 1999-10-01 | 2001-12-08 | 추후제출 | 데이터보안 제공을 위한 시스템과 방법 |
US6725289B1 (en) * | 2002-04-17 | 2004-04-20 | Vmware, Inc. | Transparent address remapping for high-speed I/O |
KR20050085015A (ko) * | 2002-11-18 | 2005-08-29 | 에이알엠 리미티드 | 보안 도메인과 비보안 도메인을 갖는 시스템 내에서 가상메모리 어드레스의 물리적 메모리 어드레스로의 매핑 |
US20070067435A1 (en) * | 2003-10-08 | 2007-03-22 | Landis John A | Virtual data center that allocates and manages system resources across multiple nodes |
KR20070049885A (ko) * | 2005-11-09 | 2007-05-14 | 삼성전자주식회사 | 가상 메모리를 제어하는 장치 및 방법 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102314373A (zh) * | 2011-07-07 | 2012-01-11 | 李鹏 | 一种基于虚拟化技术实现安全工作环境的方法 |
Also Published As
Publication number | Publication date |
---|---|
US20120144500A1 (en) | 2012-06-07 |
US8782798B2 (en) | 2014-07-15 |
WO2011019177A3 (ko) | 2011-05-19 |
KR20110016227A (ko) | 2011-02-17 |
KR101047884B1 (ko) | 2011-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108632284B (zh) | 基于区块链的用户数据授权方法、介质、装置和计算设备 | |
WO2011019177A2 (ko) | 가상 환경을 이용한 데이터 보호 방법과 장치 | |
EP3435271B1 (en) | Access management method, information processing device, program, and recording medium | |
WO2013055029A1 (ko) | 워터마크를 화면상에 표시하는 장치 및 방법 | |
JP5572834B2 (ja) | 仮想化を用いた動画コンテンツの保護 | |
US20140258733A1 (en) | Roots-of-trust for measurement of virtual machines | |
WO2011031093A2 (ko) | 가상화 기술을 이용한 디지털 저작권 관리 장치 및 방법 | |
Czeskis et al. | Defeating Encrypted and Deniable File Systems: TrueCrypt v5. 1a and the Case of the Tattling OS and Applications. | |
JP2016523421A (ja) | ハイパーバイザに制御されるシステムにおいてゲスト・イベントを処理するための方法、データ処理プログラム、コンピュータ・プログラム製品、およびデータ処理システム | |
JP6580138B2 (ja) | セキュア・オブジェクトをサポートするプロセッサ、方法およびコンピュータ・プログラム | |
CN102034039B (zh) | 用于处理单体加密的媒体流的方法和装置 | |
US20090119513A1 (en) | Method and System for Remotely Debugging A Failed Computer Machine | |
CN110955888B (zh) | 应用程序数据保护方法、装置、设备、存储介质 | |
Chu et al. | Ocram-assisted sensitive data protection on arm-based platform | |
CN113918999B (zh) | 安全摆渡通道的建立方法、装置、网盘及存储介质 | |
CN103605934B (zh) | 一种可执行文件的保护方法及装置 | |
JP2009064055A (ja) | 計算機システム及びセキュリティ管理方法 | |
CN104182691A (zh) | 数据保密方法及装置 | |
CN107330336A (zh) | Linux操作系统内存页面即时加解密方法和系统 | |
WO2016190485A1 (ko) | 데이터 무단 엑세스 차단 방법 및 그 기능이 구비된 컴퓨팅 장치 | |
JP2004272816A (ja) | マルチタスク実行システム及びマルチタスク実行方法 | |
CN113656817A (zh) | 数据加密方法 | |
CN114528545A (zh) | 一种数据保护方法、装置、设备和存储介质 | |
WO2014030978A1 (ko) | 이동식 저장매체 보안시스템 및 그 방법 | |
CN106778349B (zh) | 一种基于虚拟磁盘的atm安全防护系统及方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10808326 Country of ref document: EP Kind code of ref document: A2 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13389883 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 22/05/2012) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10808326 Country of ref document: EP Kind code of ref document: A2 |