Research And Implementation Of File Protection System Based On TPM

With the rapid development and application of digital , information,network,the file security of computer is becoming the important part to support the information system running and operating smoothly, trusted compute as a new technique for development of computer in modern world provides the more valuable and indispensable protection mechanism for file security. In the thesis first we research and analyse the current file protection scheme to disscuss the disadvantages, then especially based on the key part of trusted compute---TPM(Trusted Platform Module)which provides the security storage and availability management of keys,we use Windows NT file system filter driver to design and develop a kind of file protection system.The main contents are as followed:The storage control mechanism of key: files are pretected by encryption,so the security of the key is the primary part in system.In this scheme we research and design the interfaces to access and submit the key between the TPM and system application software,because of the reliable security of TPM by itself,the scheme provide the higher secure way to store and manage the key based on hardware.The secure control mechanism of files on remove storage devices: we design and implement the function to watch the remove storage devices included USB disk,remove disk,CD,software disk,all files which are moved to these devices from PC will be encrypted,through the access to read the files on remove storage devices, the program implements the identity authentication by asking for inputing the user's password.The secure control mechanism of files on disks: Based on OO technique,we design and implement the modul used for forbiding the important files to be writed,each file is treated as different object,users can add the file object which he or she want to control to a policy file through the format of binary item "(the name of file object, password)", the updating to the policy is only accomplished by file filter driver, don't access by any applications.This scheme can be applied for preventing the static web files being juggled.In the end,we accomplish the testing work,from the result,we can see that the system makes the important files more private and integrated.