| The 21st century is an information age, information has become an important strategic resource, and it is an important part of Country's comprehensive power. With the rapid development of computer science and technology, information security and protection in various applications has become more and more important. File as the information carrier, in order to achieve effective file control, it has broad application prospects.This paper is at the situation of the background that inner network information disclosure is more and more serious, point the purpose and practical significance of the file control system. Analysis the research status of file control technology at home and abroad, and find out which encryption method, system architecture and encryption algorithms are adapted to the file control system. A scheme which is based on IPA authentication technology and filter driver is proposed; it has designed its physical model and decides to adopt fast and efficient C/S (client and service) architecture. The whole file control system is divided into the application layer and kernel driver level, the IPA authentication technology is adopted at the application layer because of it's good security, key management capacity, high authentication efficiency; then the filter driver technology is adopted at the kernel driver level due to effectively block any file operation and near to the system kernel, blocking high efficiency, good safety. The principles of IPA authentication illustrate the key matrix, key distribution, access to keys and signature verification, obtained the advantages of IPA authentication, given the important function of implement IPA. For the filter driver technology, giving its definition, explain why using filter driver, pointed out that the filter driver applications, the basic steps of developing filter driver programmer is given.At the base of the design goals, which contain Access control mechanism, granularity of access control and file management style, this paper focuses on implementing the main function modules of the file control system. The main function modules in Application layer include user authentication module, file encryption and decryption and signature verification module, file authorization management module, communication module. Which the user authentication module is to ensure the legitimacy of the user login; the file encryption and decryption and signature verification module is to achieve file information sharing; the file authorization management module implements user rights management; communication module is used to implement communication between the application layer and kernel layer. The main function modules in the kernel driver contain pre-processing module, read/write operations module and end of processing module, which the pre-processing module tells the kernel driver level how to handle the target file data; the read/write operations module is to implement decrypt when read file and implement encrypted when write file; the end of processing module is to achieve clear-up function work, meanings uninstall the filter driver. Then build a test environment, test the system, analysis the test results of system safety, efficiency and performance. Through testing System, it is running normally, shows that the scheme is feasible.The innovation of this paper is making good use of the advantages of IPA authentication technology and filter driver technology, implement access control in the application layer, and come out transparent encryption and decryption in the kernel layer. The file control system can scale the number of users, and let user authentication with immediacy. Kernel-mode file encryption and decryption, which is implemented in the windows kernel, gets the kernel security protection. Compare with the tools of encryptions and decryptions which are development in the application layer have a great improvement on security. It is not easy to be attacked, security is guaranteed. |
PDF Full Text Request