The Design And Implementation Of File System Security Module Based On Minifilter

With the rapid development of network technology, the operations of modernenterprises are increasingly dependent on computers network to storage, transfer andexchange information. However, the file information security problems are more andmore serious. How to ensure the information security of the files has become animportant research direction of modern information science field.Microsoft proposes the minifilter driver technology. The minifilter driver canbe loaded in the kernel mode to monitor and intercept all file I/O request packet.Through designing flexible file access control strategies, Minifilter driver canachieve effective protection of the file system security. It can be flexibly loaded andunloaded and also has great compatibility and scalability.The thesis begins with the introduction of the research status of file systemsecurity protection and the development of filter driver, and then analyzes theadvantages of Minifilter driver framework and the demands of file system securitymodule. Then the paper gives the overall design of the system and module partition.The file system security module adopts the client/server architecture. The server ismainly responsible for setting and transmitting protection and control strategies tothe client kernel mode. The Client is divided into two parts: user mode and kernelmode. User mode is responsible for receiving commands from the server. Kernelmode intercepts and filters the IRP according to the corresponding file access controlpolicy.The thesis applies some critical technologies, including client authenticationmechanism, file path filtering technology, the communication of user mode andkernel mode and the identification of removable storage devices. It realizes a fileprotection filter driver based on the Minifilter framework. The filter driver canachieve classified and real-time security protection of the general documents,important documents and confidential documents of the computer file system inenterprises.Software tests show that the file system security module based on the Minifilterframework can effectively filter all file operations, and its stability and compatibilityalso achieve the expected goals.