| With the popularity of electronic office, most internal documents are stored on the computers in the form of files. Thus, how to protect these files and prevent leaking has become a new issue that enterprise needs to consider. A recent survey indicates that internal leak has become the primary means of confidential corporate data leakage. Therefore, many security firms have introduced solutions of intranet documents leak prevention. It is a pity that there are still a lot of deficiencies on these solutions:on the one hand, the safety control is too rigid, adopting a "one size fits all" control mode to all of the internal documents, which don’t take the leak prevention demand of documents with diverse importance into account. All the users need to study how to adapt the control manner of documents leak prevention system, which changes the user’s habits a lot. These solutions don’t achieve a good balance between security and ease of use. On the other hand, the documents leak prevention system has some deficiencies on the security and robustness of itself. The deficiencies mainly shows at easily bypass of security measures of leak prevention system, system stuck, unable to open encrypted files, loss of file authority and so on. Although these problems do not occur frequently, once occur may cause huge loss to users. Therefore, we need to try to avoid these problems.This paper mainly studies these key issues that need attentions of current documents leak prevention systems. On the one hand, this paper analyzes the actual leak prevention need of the documents with different importance in the enterprise office environment and thus puts forward the multi-mode of documents leak prevention system. By switching between different modes, not only the system ensures the safety of the documents, but also make users use friendly. Then this paper implements the multi-mode by Windows filter drivers and Hook technology.On the other hand, this paper proposes the target that the leak prevention system on the security and robustness needs to reach, and then discuss related specific issues. In security, this paper tries to achieve the goal that the security measures of leak prevention system cannot be maliciously destroy or bypass. This paper studies the generation and management of keys in the file encryption and proposes a method that uses the USB Key and public key cryptosystem to encrypt the key of the document, to prevent the encrypted files from being cracked. It also enhances the security of leak prevention system itself, to prevent the system from being vandalized and bypassed. In terms of robustness, considering of the actual use of common users, we should make the leak prevention system run more stably and reduce the possibility of errors. The system should cover the user’s daily use.scenarios, on which the system is applicable. Hence, this paper mainly focuses on solving the following questions:(1) Based on the file transparent encryption on local file system, this paper extends the file transparent encryption to the network file system, which avoid errors when users use the network shared folders.(2) In order to solve the issues that current file transparent encryption and decryption may lead to file easily damaged, this paper deeply studies the mechanisms of Windows file system and cache management, and then proposes a cache control strategy based on the documents editing cycle. This strategy clarifies the existing occasion of plain text and cipher text in the system cache, reducing the chance of file corruption.(3) This paper studies the fragmentation and checksum issues in the network packets transparent encryption, which provides the network packets transparent encryption a broader applicability.(4) This paper also provides the document permissions loss prevention and backup of edited files for Microsoft Office, further improve the robustness of documents leak prevention system, to make the system more stable and reliable. |
PDF Full Text Request