| As the development of information technology and wide use of Internet in the world, computer become more and more important to everyone's life and work. At the same time, more challenge in information field appeared. The attacks launched by the inner people or abuse of resources hold a large proportion of all the attacks. Therefore, the security of intranet and hosts is essential to many companies and government departments. The data in the computer stored as electronic documents, therefore, file system security is a key in the security of host. The host file security monitoring system is an outstanding product assuring the security of company information.At present, there are already some mature technologies of information storage security aiming at network attack, such as firewall and IDS, while the development of Host-based information storage security technology is lag and can not satisfy the market's requirement. According to the limitation of the technology, the article designs a host-based file security monitor technology, then describes the design project of file security monitor protection system on the foundation of the technology.The article laies a strong emphasis on description of the protection mechanism which is used in the file security monitor core module. The file security monitor protection system runs on Windows 2000 or other higher version platforms. According to the structure and characteristic of these systems, double-level monitor mechanism is used in the file security monitor module. The double-level monitor mechanism ensures the monitor function's stabilization and great efficiency of the protection system. This article also expatiates the self-protection mechanism and so on.Then the article introduces the design and realization of user level monitor module and kernel level monitor module detailedly, including how to realize the system clipboard monitor, the file contents protection, directory monitor, file print job interdiction, and the screen interception monitor in system's user level, how to realize the file accessing filter, the access privilege control in system's kernel level. Making good use of the knowledge and skills of API Hook, network communication, Windows message monitor and kernel mode driver, the system realize the corresponding functional modules.Finally, the article summarizes the merit and limitation of the host-based file security monitor technology and proposes some useful suggestions to improve it. From a series of experiments and tests, it is proved that the host-based file security monitor protection technology is well efficient and advanced. |
PDF Full Text Request