Based On BLP A Document Protection System Implementation

This paper mainly to solve the coordination office within the enterprise networkinformation security issues. Gives a focus to the protected documents encryptedstorage to the server, the client needs to download from the server, using recycledafter use and remove traces of the client. And documents that reside on the client tocontrol the period, the document content will not be out of the zone.According to the above ideas, the program divided into non-security zones andsecurity zones first, security zones, including server-side file storage area and use theclient's file area (security sandbox). Safety zone in accordance with the differentcharacteristics of the two parts were made the following treatment were:Server-side storage area: The file transfer and storage to the server process, theinformation is intercepted or stolen, the paper draws on the past, transmission ofinformation encryption use digital envelope technology, Applied CryptographyAsymmetric encryption technology, given a suitable document storage encryptionsolution. This program ensures the document information during transmission andstorage process is encrypted and the encrypted document information stored on theserver later, both easy to open their own, but also not informed of their keys in thecase of the document to facilitate the safe shared with others.Client files use areas: the client establishes a secure sandbox, through all theprocesses into the hook, managed to make its information transmission, control of itscopy protection file, copy, print. Ensure protection of the contents of the fileinformation can not be out of the security sandbox. After the file is used automaticallyreturned to the server, and eliminated the traces left by local, so that clients do notleave marks.Safety of the user to open secure documents process, through the process into anon-secure access token and the process of distinction. By injecting hooks, managedto make its information transmission windows APILogin strong authentication of users based on access mechanisms: through the"challenge - response" approach, client-server two-way mutual authentication toensure the legitimacy of both sides.Through the above means of protection for document security zone, andsupplemented by the user authentication system access control, in order to protect thesecurity of the information within the network file...