Researchandapplication Of SSDT&Duel-cache Mechanism-based Trans-Parent File Encryption And Decryption

With the popularity of computer networks and applications deepening awarenessof information security have become increasingly demanding, the current informationsecurity problem is solved by the system security and network security,because thenetwork variability is strong, easy to control, so improve your computer’s securitysystem itself is the most basic and most important.Based on the research paper-drivenmodel and the file system filter driver to study several important documents byintercepting requests for file operations for encryption and decryption operations toimprove the security of important documents at the same time without affecting theuser’s actions effectively achieve the security of confidential documents.This paperdescribes in detail the Windows file transparent encryption and decryption systemdesign and implementation, first introduced the Windows architecture and kernelservices and the calling procedure call mechanism, as well as Windows NT drivermodel and filter driver implementation mechanism. In the third chapter describes theexisting file-based filtering driver model transparent encryption and decryptionprocess of the key technologies, including storage encryption and decryption logo,transparent encryption and decryption process to identify and structure of the model.Chapter IV for an existing file transparent encryption and decryption mechanism inWindows kernel plaintext data caching mechanism and deficiencies, proposed a dualcaching mechanisms and Windows SSDT table detection and recovery based onkernel plaintext data protection mechanisms.Chapter V design is based on SSDT&Duel file transparent encryption and decryption system, specifically describes therealization of dual cache module technology and SSDT table detection and recoverymodule implementation process.Chapter VI of this system for functional verificationand performance analysis.This paper focuses on the file transparent encryption and decryption system dualcache module, SSDT table detection and recovery module implementation mechanism,dual cache module contains the file plaintext and the ciphertext buffer cache, dualcache module through confidential files can bypass the reading and writing processOS cache to avoid system cache series of problems, while still effectively reduceduplication disk read operations; SSDT table detection and recovery module thatcontains the function address SSDT table service and validity detection function forillegal services address recovery features, and through whitelist policy to avoid theprocess of restoration of the legitimate HOOK behavior.