Research On Method And Key Technology Of File Protection Based On Minifilter Framwork

With the popularity of network and portable storage device which greatly facilitates sharing of information among the people, it is likely to cause information disclosure issues if the enterprise does not restrict the flow of information. Although the theoretically secure physical isolation is adopted by sensitive departments frequently, which reduces the possibility of leaks caused by external invasion to some extent, but it could not prevent internal staff from leaking confidential documents. Thus, the protection of confidential information has become the focus of current attention and hotspot of research.Firstly, based on analyzing domestic and overseas mainstream document protection products, it discovered that most products were developed based on application layer without combining with document system closely, which could not prevent authorized users from active leak. In order to protect confidential documents, the protection scheme of transparent data encryption was raised. It only allows legitimate users to use confidential documents within specific scope, and the safety of confidential document was guaranteed.Secondly, a file protection system based on Minifilter framework was proposed, which has core layer, application layer and management layer. At the kernel level, through the file access process in-depth study, it designed filtering routines and regional control rules file operations, which can make the confidential documents store in clear text without changing user habits. At the application layer, it built the information exchange channel between core layer and management layer, to change the behavior of the kernel layer filter. At the management layer, it defined the scheme of server-database-console, provided technical support for the system administrator unified management of confidential documents within the enterprise.At last, according to this model, a transparent file encryption system was developed. Using the document identification techniques to distinguish between normal documents with confidential documents and achieving the file management by writing information to the document identification and by adding context to a volume device, achieving a volume level of regional control of confidential documents, make the file can be safely spread across the enterprise.