Research On Process And File Protection In Operating System Security Reinforcement

Information security has been one of the hottest issues that have drawnconsiderable public attention these years. Developing key technologies forprotecting processes and files within the framework of consolidating the operatingsystem is of critical importance for defusing security threats facing the operatingsystem and ensuring its smooth operation.Based on the project "Research on Standards of Support Platform for TrustedComputing" supported by National High Technology Research DevelopmentProgram863, and the project "The Development of The New Generation ofTrusted Network (Trial Version)" supported by the National Sci-Tech SupportPlan, this paper analyzed in detail the key techniques for process and fileprotection, and then proposed solutions for hidden process detection, fileintegrity and data protection. hose results, which were of certain academicsignificance and practical value and also have been applied in several nationallevel research projects, could be summarized into three aspects:1. Research on and implementation of detection techniques for the OShidden processes. Based on a careful classification that divided today’s popularmechanisms of hidden processes into three levels:user level, kernel service leveland kernel structure data level, a multi-level model for detectiong hiddenprocesses was introduced. After experimenting on hiding techniques at those threelevels and exploring their features, this paper innovated detection techniquesaccordingly and devised targetted detection methods. In finally came up with adetection technique that dynamically accessed linked list addresses and thenimplemented it.2. Research on file system integrity and its realization.Since processes needto access system file drivers before they can operate on file systems, this paperproposed a new multi-level technique that detected behaviours of processes andprotected information integrity through tracking changes to file systems by filesystem filter drivers. That technique could fine-grained filter out the operations on the file system by processes and secure its integrity as well.3. Research on and implementation of file protection mechanism.A dualcaching mechanism was introduced, which improved transparent encryption anddecryption IO performance and technically innovated the way file caches wereprocessed and the workflow of IRP requests. Within that mechanism, data waspre-read automatically and decrypted according to an original IRP request andthen two cache files with encryption and decryption were created in RAM. ThusIRP requests, wheter it was sent to cache or disks, were repositioned towards thedual cache structure.In this way, not only the problem that system cache was notunder control could be avoided, but the IRP pre-reading data was created in thecache, which reduced the return time of the IRP request and effectivelyimoproved the IO efficiency of the overall data.This research is based on the Windows operating system, but its methods,techniques and findings can be easily applied to studies on other operatingsystems.