| With the explosive growth of Internet and Informatization, the methods of network attack occurs more and more time and the presentation of it happens much more novel. Moreover, with the reinforcement of security and defense measures, the way of attack is changing. During the study of network security, a series of security products appears such as firewalls, IDS, VPN. Nevertheless, the application of security products is mostly only a passive defense which can't effectively combat malicious attacker. Therefore, a security file system must to be more completely to enrich the file system security policy perfect and extenses the application field of information security in file system.At the present time,the technology of security file mainly is composed of file recovery in file system or keep the file secret based on file filter driver.The security file technology based on file filter driver which proposed an overall framework of deleting file security combined with the current highlight spot of file filter technologies has been focused on and analyzing three sub-modules as follows:the presentation of deleting a file in kernel mode,the file operation in kernel mode and cleanning up the buffer.In the detail describing of delete, two methods of deleting a file in Windows OS is summerized ,and that is an important preparation for the whole design of framework.In the module of file operation in kernel mode,some initialization operations such as create a file,open a file and modify attributes of a file etc have been finished and write data into a file finally.In the module of cleaning up the buffer,the read-only attribute of a file is cancelled to confirm the file could be deleted firstly and IRP is coded and send to clean up the buffer.The data of file must be modified before deleting file and makes the whole security file system to be perfect.Tests show that it is feasible that can accurately recurrence all acts happened on deleting a file on the target machine. |
PDF Full Text Request