| Nowadays Windows 2000 and Windows XP based on NT("New Technology") architecture are two kinds of operating system which are widely used in the world,so file security under these two oprating systems becomes a very important issue.File system filter drivers can manipulate IRPs delivering to the underlying file system.By analyzing and disposing, the driver can control the access to the file and protect file data.This paper reports a security file system which is based on file system filter driver. This security file system can encrypt/ decrypt data and perform access control such as open,create,delete,write and so on to certain files and directories at windows kernel level. This paper is mainly about how to develop the core of the security file system (a file system filter driver) with VC6.0 and IFS KIT. The purpose of writing the filter driver is to manipulate IRPs and perform certain particular functions before they are delivered to the next layer. By this way, this system adds security kernel module to the procedure of file system to take the security actions in the controlled files.When the operating system starts up, the kernel module of this security file system, together with legal user's information and file access control list, is auto-loaded by the system. At this time, the whole file system is in the controlled mode. The manner of increment development is favorable when developing driver programs, so in this chapter, we will first realize a normal working file system filter driver, which means this filter driver could be attached to every volume device, but deliver all the blocked requests to the system file driver without any modification or aditional functions.The realization of this filter driver includes initialization of the filter driver and attachment of the volume device,not only the existent volume in the operating system but also the volume dynamically generated by the mobile storage device.General driver development issues are simply described. Sticking points that arise during the development of file system filter drivers are discussed in detail.Such as how to attach the file system's volume device object,how to get the full path of the file and how to get the data address ,etc. I/O manager represents every device driver by driver object,which is a kind of data structure named DRIVER_OBJECT in DDK. Every driver corresponds to a DRIVER_OBJECT. Driver object is partially opaque just like many data structure that we will use soon. This means although the header of DDK publishes the whole structure, we can only directly access or modify some field of the structure. The opaque field of driver object is showed in dark backgrounds. These opaque fields are like private or protected members in C++ classes, while the transparent fields are like public members. The system can be an effective security file system by supplying improvement to the filter and the user mode application, and therefore, it is of great practicability. |
PDF Full Text Request