| With the rapid popularization and development of the network, Information security is increasingly important.File is an important organization and computer processing units,Its security is very important.Besides, security of Database and registry is also very important.the monitor to file system, database, registry monitoring has important implications in the prevention of files, database, registry, malicious tampering.An existing file system monitor applications for Windows general, achieved by hook,efficiency is not high enough, and the monitoring information is not comprehensive enough. File monitor which achieved through a kernel driver get more redundant information. It is difficult to identify the actual operation for the upper from a large number of messages which the bottom monitor. Now research of domestic,foreign enterprises and organizations is closed. Therefore, more efficient and comprehensive monitoring of the file system has an important significance.In order to solve the problem that the monitor of file system through hooking API function is unefficient, we establish models of file operation recognition on the basis of driving-level file monitoring existing theories , and improve it continuously according to the experimental results. then a instance of realizing monitor of file system through filter driver on kernel mode was given.This dissertation studies on the theory and technology related to File System Filter Driver which include the principle of File System Filter Driver;The internal structure of the operating system;File manipulation recognition model;The communication between Driver and Applications;The comparison of the monitor between drive layer and the upper implementation.This dissertation gives a description of the development system's overall function and frame structure Simply. And describe the design and implementation of management subsystem and real-time monitoring subsystem in detail.The system monitor changes which users pecified. For example, users add, modify, delete, covering project software files.The system records the user's changes and operational informations,then forms configuration management and version control log document.The system also manages a log and version control to documents.In addition, the dissertation also introduced the principles and functions of other modules.The system in this dissertation can efficiently and accurately monitor the conduct of documents. protection of important information in windows is significant.It can be used to monitor and protect critical data. |
PDF Full Text Request