Researchand Implementation On The Key Technologies Of Security Isolation Double Model System

In recent years, mobile office has become a kind of trend for enterprise office.However, besides working environment, users also need personal environment whenthey are working, but if you put the two types of environment into two computers, it isnot convenient to carry two computers with you; based on the security of workingenvironment,non-authorized user must not be able to enter the environment; becausethe data in the environment are sensitive data for corporate, so the data in the harddrive of the computer should not be leaked out even in the case if it were stolen.To solve the above problems, after studying the security issues which exists in themobile office system, combined with the popular transparent encryption anddecryption technology, this paper designs a security isolation double mode systemwhich takes the usability and security into consideration. The so-called double modemeans that a computer has two modes, one is called user mode, another one is calledworking mode. First, two Windows operating systems are installed on the computerand the two operating systems are assigned to the two modes above, the operatingsystem which is assigned to user mode is called user-space environment, theoperating system which is assigned to the working mode is called workspaceenvironment,thus the user-space environment and the workplace environment islogically isolated. Second, by studying the technologies of hiding the hard diskpartition, both the user-space environment and the workspace environment areallocated a separate disk space and in every environment the disk space is hiddenmutually, thus they can’t see each other; Third, by studying the technologies ofbooting the multiple-operating system, the access of working environment is takenover by the External Controller, that is to say, only when it is inserted into thecomputer, the user can enter the workspace environment,otherwise the use will enterthe user-space environment, thus ensuring the security of accessing the workspaceenvironment. Moreover, combined with the technologies of Minifiter which is a kindof file system filter driver framework, the data in the workspace environment will bestored into the hard disk after they are transparently encrypted, which ensuring thesecurity of corporate sensitive data. Last, for the sake of normal running of thissystem, this paper studied the SSDT Hook technology which is used to protect thebackground process in this system. Based on the design above, the system has been implemented to show that thesystem have a degree of flexibility and security.