Abstract: A stand-alone data black hole processing method, comprising: a data black hole system is deployed in a computing device, so that the computing device becomes a data black hole terminal; the data black hole system refers to a system which stores process data and an operation result within a computing device operation process in a specific storage location, and is able to ensure that the computing device is operating normally; a data black hole space is established, comprising a data storage area opened locally in the computing device; a corresponding relationship is established for a user of the computing device and the data black hole space or a part of the data black hole space; data writing produced by the user in the operation of the data black hole terminal is redirected to the data black hole space corresponding to the user; a data persistence operation with regard to a local storage device outside the black hole storage area is prevented, and data output via a local interface with regard to a non-data b

Abstract: A method for constructing data structures and a method for describing running states of a computer and state transitions thereof are provided. The method for constructing the data structure, which describes the execution processes of computer codes, includes: when the computer is running, constructs the data structure using the code segment wherein lies a calling instruction as a node and using the calling relationship between the code segment initiating the calling instruction and the called code segment, which are both constructed by the calling instruction, as a calling path. The data structure includes every node and the calling path between every calling and called nodes. When a certain calling instruction is executed, it is possible to describe the running state of the computer when the calling instruction is executed with the data structure consisting of all nodes and calling paths before the calling instruction by constructing the above data structure.

Abstract: A data blackhole processing method, comprising: a computing device deploying a data blackhole system, causing the computing device to become a data blackhole terminal; a data blackhole system being taken to mean a system where process data and operation results of the process of operation of the computing device are stored in a specific storage location to ensure normal operation of the computing device; establishing a data blackhole space, comprising a data storage area, for which the storage location is open, on a computing device and/or on a network; establishing a correspondence between the user of the computing device and the data blackhole space or a portion of the data blackhole space; redirecting to the data blackhole space corresponding to the user the data generated by the user when operating the data blackhole terminal; preventing a data persistence operation from being performed on the local storage device, and preventing output of the data to a local port by means of a non-data blackhole terminal

Abstract: A data blackhole processing method based on a mobile storage device, comprising: a computing device deploying a data blackhole system, causing the computing device to become a data blackhole terminal; a data blackhole system being taken to mean a system where process data and operation results of the process of operation of the computing device are stored in a specific storage location to ensure normal operation of the computing device; establishing a data blackhole space, comprising the data storage area opened on said mobile storage device; establishing a correspondence between the user of the computing device and the data blackhole space or a portion of the data blackhole space; redirecting to the data blackhole space corresponding to the user the data generated by the user when operating the data blackhole terminal; preventing a data persistence operation from being performed on the local storage device, and preventing output of the data to a local port by means of a non-data blackhole terminal.

Abstract: A safe data storage method is disclosed, the method comprises the following steps: hardware instructions are received; the hardware instructions are analyzed; and if the hardware instructions are storage instructions, a target address in the storage instructions is modified to be the corresponding storage address in a storage apparatus; the modified storage instructions are sent to a hardware layer. A safe data storage device is also disclosed, the device comprises the following units: a receiving unit adapted for receiving hardware instructions; an instruction analyzing unit adapted for analyzing the hardware instructions and judging whether the hardware instructions are storage instructions; an instruction modifying unit adapted for modifying a target address in the storage instructions to be the corresponding storage address in a safe storage apparatus; a sending unit adapted for sending the modified storage instructions to a hardware layer.

Abstract: A method for data security reading includes steps of: receiving a hardware instruction; analyzing said hardware instruction; if said hardware instruction is a reading instruction, obtaining the source address in the reading instruction; searching a mapping bitmap and modifying the reading address in the reading instruction according to the data of the mapping bitmap, wherein the mapping bitmap is used to indicate whether the data stored in a local storage address is dumped to said security storage device; transmitting the modified reading instruction to a hardware layer. An apparatus for data security reading includes a receiving unit, an instruction analyzing unit, an instruction modifying unit and a transmitting unit. The Trojan horse or malicious tools cannot store or transmit the acquired information even if the secret information has been obtained, so that the data always exists in controllable security range.

Abstract: A method for standardizing computer system action, including: intercepting invoking command; obtaining data structure of the intercepted invoking command after intercepting the invoking command; determining the sponsor of the intercepted invoking command based on the data structure of the obtained and intercepted invoking command, and determining operation method and operation object of the intercepted invoking command; matching the sponsor, the operation method and the operation object of the intercepted invoking command with rules of standardizing computer system action, judging whether to allow executing the intercepted invoking command. The present disclosure determines the sponsor of the intercepted invoking command according to the data structure of the invoking command, and can monitor comprehensively computer system. If only the sponsor is spiteful, the disclosure does not all allow executing the intercepted invoking command, thus detecting lawless operation comprehensively and effectively.