| In recent years, the demand for office automation system is gradually increasing, but the growing security problems are restricting its application and development. Preventing OA application file from leaking has become the urgent needs of the OA system. On the basis of the analyzing of the traditional OA File Protection, after research some of the key technologies of the OA system application security, from the angle of authentication, data security, access control, security auditing, this paper propose a set solutions to centralized management of OA files. The program uses the structure of the Client-Security Management Server (SMS)-File Server, using the access control mechanism based on the improved role, combined with host-based file system filter driver monitoring technology, and security audit techniques. OA classified documents to build a credible security border, to keep the secret information from outflow.The main innovations of the proposed program are:1. In the intranet, isolated from extranet, classified documents stored centrally on a file server, the SMS isolate data from user. Users who login successfully can to access the system.2. The traditional role-based access control policy is improved and more access rules are defined here. Fine-grained access control and convenient configuration, meet the reality of the OA system well.3. The user file access control policy is centrally stored by SMS. SMS sends the server directory of the file server as well as rights policy to the client. And, client demonstrates users’ right to access the virtual directory. On client, rights policy is prepared to restrict users operating on the virtual directory, the only legitimate operating will be executed on the real file directory.4. Users need to edit the file downloaded to the client for editing. By the filter driver in the client’s file monitoring and protection, to prevent other processes to manipulate files, the user exits the residual classified content of login is not local. Windows filter driver, hook, and other security technology to protect files, the user can’t copy, save as, print, etc. to the OA contents of the documents leaked. At the same time, according to security policy allows, away from the secret files to outgoing.At the same time, the use of security auditing to track user behavior, but also tracking files trajectory. OA file operations, security audit system are to be logging and uploading to the server, both to ensure real-time monitoring of file flow to eliminate the risk of the operation, and easy operation information for statistical analysis, and evidence collection.The system is implemented in the Windows system, and the various features of this system has been tested, the test indicates that the system is effective in preventing the leak of a classified document content in the OA system. |
PDF Full Text Request