| The rapid development of information technology and the widely use of computer make the life become more and more convenient. The computer storage and manage data through files and folds makes people save and change their data more and more facility. However, with the increase of available data more and larger organizations use computer system to manage their data, many problems such as the management to different data, cost, life cycle, and the analysis of loss of sensitive data and so on will gradually appear.Compare to the manual management, automatically management to a large number of documents is the advantage for the computer. However, it is not easy to manage the interest documents which are widely spread in the personal computers. This subject mainly focus on lowing the complexity of development such application. It develops the application based on a library(SSDS SDK), it will make the development which is based on SSDS SDK much easier.Combine the project requirements and application environment, this thesis will illustrate on the main threat of documents in offline computer, operating system architecture, programming model, binary file loading mechanism etc. Moreover, it also will combine the access control model based on information flow to process the active attacks which come from the local computer. This method will greatly improve the security of application which is based on this library (SSDS SDK).First of all, this thesis introduces the confidential classification and analizes the security management requirement. Then I make proper refining, deeply analyzed the operating system security environment and the hack technology, illustrate the advantages and disadvantages of various access control model in detail. Moreover, this thesis focuses on reuse and safety to design and realize the SDK. Finally, this thesis will show the use method and expand mechanism.In the aspect of technology, to realize the SDK, I use file system filter driver to hook IO operations, use graph algorithm to realize information flow access control model, use DLL to encapsulate the services which provide by driver and metadata, and export interfaces by the DLLs.In the application development, the library (SSDS SDK) will provide DLL encapsulation, and make relevant specification of COM components encapsulation and .net component encapsulation. At the same time, this thesis introduces some technology for countermeasure the attacker in kernel-mode. This technology include the identification of subject and object in access control model, the hook of IO operation etc. It will use for improve the security of the SSDS SDK. |
PDF Full Text Request