There are various kinds of file systems used in electronic computers. A file system is controlled and managed by a file system driver of an OS (Operating System) used in an electronic computer. Files downloaded from Internet and so forth are used after being stored in an auxiliary storage device, e.g. a hard disk, of the electronic computer. The stored files are hardly deleted except as consciously deleted by the user.
(Configuration of Electronic Computer)
An electronic computer comprises many hardware resources such as a central processing unit (CPU), storage devices (a memory, a hard disk, etc.), input devices (a keyboard, a mouse, etc.), output devices (a display, etc.), and peripheral devices (a printer, a scanner, etc.) that are connected through card slots. These hardware devices operate under the control of an OS (Operating System) stored in a storage device.
Various application programs used in the electronic computer run under the OS. The OS controls all the operations of the electronic computer and absorbs differences in specifications of different hardware to provide an environment common to the application programs. In other words, the OS is software that provides basic functions used mutually by many application programs, e.g. input/output functions such as keyboard entry and screen output, and management of the disk and memory, and controls the whole system of the electronic computer. The OS is also known as “basic software”.
The hardware devices of the electronic computer are produced by a plurality of manufacturers, and the specifications thereof may differ among manufacturers. It is desirable for developers of programs using electronic computers to develop application programs without noticing the differences in specifications of the hardware. The OS absorbs the differences in specifications of the hardware to provide an environment common to the application programs.
The developers of the application programs can save the time and labor for development and unify the operability of the application programs by making use of the function provided by the OS. An application program developed for a certain OS can basically be used in any electronic computer in which the OS can run.
There are a large number of different kinds of OS, represented by MS-DOS (registered trademark), UNIX (registered trademark), Linux, FreeBSD (registered trademark), etc. Among them, the Windows series available from Microsoft is the most popular OS for use by corporations and general home users. Mac OS (registered trademark) available from Apple is widely used in the DTP industry and the multimedia industry. Servers of corporations and scientific institutions often use UNIX-based OS's developed by various companies and UNIX-based OS's such as Linux and FreeBSD, which are distributed without charge. In recent years, Windows NT/2000 (registered trademark) available from Microsoft has been increasing the share of the market as an OS for servers.
[Conventional Architecture]
FIG. 12 outlines the architecture of Windows NT/2000 (registered trademark) as a typical OS. As will be understood from FIG. 12, Windows NT/2000 has generally a hierarchical structure comprising hardware 2, an OS 3, and an application program 4 that implements a function requested by the actual user. A microkernel 51 is a program for performing general management of the OS 3. Various software programs (kernel mode software) that run in layers above the layer of the microkernel 51 constitute a kernel mode 8 (see the description given later). The application program 4 in the topmost layer runs in a user mode 9 (see the description given later).
The OS 3 has a hierarchical structure that, roughly speaking, comprises an executive 50, a microkernel 51, and a hardware abstraction layer (HAL) 52. The HAL 52 is located in a layer immediately above the hardware 2. The HAL 52 is a program designed to attach importance to the control of hardware. The program absorbs differences in specifications of various hardware devices such as processors to provide the same environment (independent of models) for services in higher-order layers (the microkernel 51, the executive 50, etc.).
The microkernel 51 provides overall basic functions of the system. The executive 50 is an integrated whole of programs for implementing the provision of main services from the OS 3 by utilizing service functions provided by the microkernel 51 and the HAL 52. The executive 50 includes typical executive programs such as a cache manager 53, an object manager 54, a process manager 55, a memory manager 56, and an I/O manager 57.
The object manager 54 is a program for supervising a running object (a program for implementing a function to be performed for a certain purpose) and executing control and adjustment therefor. The process manager 55 is a program for supervising a process in progress (a program for performing only a certain function) and making adjustment therefor. The cache manager 53 and the memory manager 56 are programs for controlling and adjusting memory and virtual memory. The I/O manager 57 is a program for supervising and controlling the input/output function of the OS 3. The mode in which the electronic computer operates under the executive 50 is called “kernel mode 8”.
In the kernel mode 8, any instruction for operating the OS 3 is executable. If an erroneous instruction is executed, there may be an adverse effect on the whole system. Further, the functions of the OS 3 include a user mode 9 that is completely open to the user to run an application program, etc. In the user mode 9, instructions for operating the OS 3 are limited so that an adverse effect is not exerted on the system. Because the system automatically intercepts instructions that may have an adverse effect on the system, an environment easy for the user to use is provided.
However, the provision of such a limitation is the same as limiting the functions of the OS 3. Therefore, the application program 4 that runs in the user mode 9 cannot directly access any part relating to the hardware 2 and has to pass through the kernel mode 8 to access the hardware 2. The kernel mode 8 enables full use of the functions of the OS 3 and also allows complete access to each input/output device. In addition, a program that runs in the kernel mode 8 is processed with priority to a program that runs in the user mode 9. Thus, high performance can be obtained.
Device drivers 5 belong to the OS 3. The device drivers 5 are software programs for managing external hardware devices of the electronic computer. The device drivers 5 run in the kernel mode 8. Usually, there is only one device for each device driver 5 that has the same attributes as those of the device driver 5. The application program 4 that runs in the user mode 9 has to pass through the device drivers 5 to access the respective devices.
For example, in a case where, as shown in FIG. 13, data is transferred from a device A to a device B, the flow of the data is as follows: “device A”→“device driver A”→(switching the operating mode from the kernel mode 8 to the user mode 9) “application program 4” (switching the operating mode from the user mode 9 to the kernel mode 8)→“device driver B”→“device B”. Thus, the system carries out processing while switching the operating mode from the kernel mode 8 to the user mode 9 or from the user mode 9 to the kernel mode 8.
The switching between the user mode 9 and the kernel mode 8 is time-consuming processing. When a large amount of data such as image data is transferred, the transfer speed becomes slow, and hence an increased length of time is required to transfer the data. Accordingly, it is difficult to increase the transfer speed at the application level. The reason for this is that it is necessary to switch between the user mode 9 and the kernel mode 8 for each processing of the application program 4.
Here, let us explain the conventional operating procedure executed to transfer data between devices. FIG. 13 outlines the relationship between the application program 4 and the device drivers 5 on the one hand and the operating modes 8 and 9 on the other. As will be understood from the figure, the application program 4 runs in the user mode 9.
The device drivers 5 are incorporated in the OS 3 to run in the kernel mode 8. Devices 6 constituting the hardware 2 of the electronic computer comprise various internal devices and external devices connected to the electronic computer. Each device 6 is controlled from a device driver 5 specific thereto. In other words, all accesses to the devices 6 are made through the respective device drivers 5. The device drivers 5 run in response to instructions from the application program 4 through the OS 3.
Next, the flow of data transmission will be explained with reference to the flowchart of FIG. 14. Let us explain the flow of data as transferred from the device A to the device B by the application program 4, which runs in the user mode 9, while comparing the operating modes 8 and 9 of the system. First, the application program 4 sends a data transfer request (instruction) (S50).
At this time, a data transmission request is sent to the device A (S51), and a data reception request is sent to the device B (S52). The operating mode of the system is switched from the user mode 9 to the kernel mode 8. The device driver A receives the data transmission request (S53) and transmits it to the device A (S54). The device A receives the data transmission request (S55) and transmits data (S56). The device driver A receives the transmitted data (S57) and internally processes the data (S58) and then transmits the processed data to the application program 4 (S59).
The operating mode of the system is switched from the kernel mode 8 to the user mode 9. The application program 4 receives and processes the data (S60 and S61) and transmits the processing result to the device driver B (S62). The operating mode of the system is switched from the user mode 9 to the kernel mode 8 again. The device driver B receives the data (S63) and internally processes the received data (S64) and then transmits the processing result to the device B (S65).
The device B receives the data (S66) and sends information indicating the receipt of the data to the device driver B (S67). The device driver B receives the data receipt information (S68) and informs the application program 4 of the completion of the data transfer (S69). The system is switched to the user mode 9. The application program 4 receives the data transfer completion information (S70) and starts the next processing. Thus, the series of data transfer processing operations ends (S71).
Thus, data is transferred as follows: “device A”→“device driver A”→(switching between the operating modes) “application program 4” (switching between the operating modes) “device driver B”→“device B”. During the data transfer, the system operates while repeatedly switching the operating mode between the kernel mode 8 and the user mode 9. As the amount of data to be handled increases, the number of operating mode switching operations increases.
Further, when another application program is simultaneously running on the system, the system switches between the operating modes for this application program. Consequently, the number of times of switching between the operating modes performed in the system becomes large as a whole, causing a delay in the execution processing of the application programs. The increase in the number of times of switching between the operating modes is likely to cause a reduction in the speed of data transmission/reception processing. In particular, when there is a strong demand for real-time execution capability for image processing or the like, the increase in the number of times of switching between the operating modes may cause disordering of the image displayed on the screen.
To ensure the required system performance in the above-described system, it is important to advance the technology for developing and designing hardware devices and the technology for developing the device drivers 5 for controlling the pieces of hardware 2. To transfer a large amount of data such as image data, in particular, it is desirable to minimize the number of times of switching between the user mode 9 and the kernel mode 8 to thereby increase the speed of data transfer. When there is a strong demand for ensuring the integrity of data, it is desirable that data should be transferred in the kernel mode 8, in which no data can be touched by the user. Particularly, when user authentication is performed by using a password, the integrity of password data, which is confidential data, is very important.
(Explanation of File System)
A named set of data stored in a storage device is defined as a “file”. When the number of files stored in the storage device increases, it is demanded that these files should be functionally managed. It is a general practice to manage a plurality of files compiled in the form of a directory. The directory not only stores files but also allows another directory to be stored therein. Thus, the directory can be formed into a nested structure. The directory is likely to become a hierarchical structure in the form of a tree structure as a whole. An overall structure comprising a collection of files is known as a “file system”.
There are various kinds of file systems. Typical examples of file systems are an FAT file system, an NTFS log-base file system, and an HPFS file system. The access to a file stored in a storage device, e.g. a hard disk, of an electronic computer is controlled by a file system driver.
FIG. 15 shows the relationship between the application program 4, an I/O manager 57, a file system driver 58, a disk driver 59, and a hard disk 60. A read request from the application program 4 is sent to a system service provided by the I/O manager 57 in the kernel mode 8.
In the case of Windows NT (hereinafter referred to as “NT”), I/O subsystems constitute a framework for controlling peripheral devices and providing an interface with these devices. The I/O subsystems comprise all kernel mode drivers. The I/O manager 57 defines and manages the whole of the I/O subsystems. The file system driver 58 is a component of the I/O subsystems. The file system driver 58 has to conform to an interface defined by the I/O manager 57.
The file system driver 58 provides the user with a means for storing information in an auxiliary storage device, e.g. the hard disk 60, and a function of retrieving information stored in the auxiliary storage device. Further, the file system driver 58 has the function of performing creation, revision and deletion of the files stored in the auxiliary storage device and easily and reliably controlling information transfer between the files. The file system driver 58 is also provided with the function of constructing the contents of a file by a method suitable for the application program 4.
File attribute data consists of information concerning a file stored in the auxiliary storage device as to whether the file is a read-only file or a writable file. File systems used in electronic computers have such file attribute data set in detail. The file attribute data includes pieces of information such as the date and time of creation of a file, the date and time of updating of the file, the kind and size of the file, information as to whether or not the file is a read-only file (designatable), and information as to whether or not the file is a hidden file (designatable).
When a file is to be accessed, the file system driver checks the access method by referring to the attributes of the file. In the case of a read-only file, it is not writable. Therefore, the file system driver returns a notice to the user trying to make write access that the file is not writable. It has been set that a file can be accessed only by the access method determined in the file attributes.
In NT, access right to access a file has been set. For example, in NT, a user logging in when the system is started is classified into a level or a group, for example, as “administrator” or “user 1”. It is possible to set an accessible file and an inaccessible file for each user. It is also possible to set a file so that it is a read-only file for one user but writable for another.
It is very difficult when using the conventional file system to limit so that a user can access a file only a predetermined number of times (access to read, write, open, etc.). It is also difficult to set each file so that the file can be accessed only in a predetermined time period or time zone. To make each file accessible only in a predetermined time period or time zone, the attributes of the file need to be changed and rewritten for each time.
It is also difficult to set a file so that when a user (a user of the electronic computer or an application program) accesses the file a predetermined number of times (access to read, write, open, etc.), the file is deleted. Thus, it is difficult to control files in response to a specific access made by the user.
With the above-described technical background, the present invention was made to attain the following objects.
An object of the present invention is to provide a method of controlling the access to a file stored in a storage device of an electronic computer in a kernel mode, and also provide a program for the method and a storage medium containing the program.
Another object of the present invention is to provide a method of obtaining an access log of accesses to a file system of an electronic computer in a kernel mode, and also provide a program for the method and a storage medium containing the program.
Still another object of the present invention is to provide a method of transferring a file containing an access log of accesses to a file system of an electronic computer to a network, and also provide a program for the method and a storage medium containing the program.
A further object of the present invention is to provide a method wherein a file in a file system of an electronic computer is controlled under predetermined conditions after a specific access has been made to the file a predetermined number of times, and also provide a program for the method and a storage medium containing the program.
A still further object of the present invention is to provide a method of performing personal authentication of a user of an electronic computer and controlling the access to the electronic computer from the user, and also provide a program for the method and a storage medium containing the program.
The method of controlling a file system driver of an electronic computer and the program for the method and further the storage medium containing the program according to the present invention have the following advantages.
In the present invention, access to a file system of an electronic computer is performed in a kernel mode that is an operating mode of an OS used in the electronic computer. Therefore, the access can be controlled without interference with the file system driver. Because the access control is effected by using a database specifying access to the file system, it becomes free to control the access to a file.
In the present invention, the access to the file system is controlled by using an interface common to an application program and device drivers and utilizing the program of the interface driver. Therefore, the confidentiality of data is protected, and safe transfer of data can be achieved.
In the present invention, an accessible range and access right are set for each user, and the personal authentication of a user of the electronic computer is performed. The access to the file system can be controlled in the kernel mode on the basis of the set accessible range, within which the user can make access, and the set access right. Thus, it is possible to prevent unauthorized access, an unregistered user's access, and so forth.