| Windows Operating System has responded to a range of generic security but inadequately to specific fields, such as ATM security, so that their further safety demands are not satisfied. In order to meet these demands, Windows security mechanisms are analyzed and three following solutions are proposed in this paper: (1) how to respond when the system has detected keyboard or mouse device, (2) how to audit the process being created, and (3) how to audit process activities concerning modifications to files and registry. Moreover, these implementations work in kernel mode to avert potential problems that other solutions in user mode have. In detail, Windows startup phases are investigated and then Windows default device drivers are adjusted to respond to keyboard or mouse device during the state that the system is still booting; In order to detect the malignant process and terminate it in time, the procedure chain of Windows creating processes is analyzed and the method to hijack the creating process is illustrated as well; In order to audit files and registry modifications, how Windows does system calls and corresponding system calls are analyzed. Path-tree data structure is utilized to maintain audit rules. On the basis of these solutions, ZSecATM security software system is issued to meet specific safe needs by ATM. ZSecATM has considered the differences between various versions of Windows so as to be compatible on various Windows platforms including Windows XP and the latest Windows 7. ZSecATM is competent to detect and stop unexpected visits to system resources according to deployed auditing rules so as to prevent malignant visits from destroying system data. Windows Research Kernel code is researched before these solutions and the solutions are available in many other cases that concerns safety, not just limited in ZSecATM. |
PDF Full Text Request