Research On Data Leakage Prevention Techology Based On Process Monitoring

With the rapid development of computer applications and the Internet, the use of electronic documents is becoming increasingly widespread. The documents can easily be edited and spread. This has greatly facilitated the daily lives of people. However, illegal tampering and dissemination of electronic documents would seriously prejudice the legitimate interests of the document’s owner. Therefore, how to effectively ensure the security of the electronic document content is the relentless pursuit of domestic and foreign researchers.The traditional data leakage prevention software technology can solve the security problems of electronic documents. However, these techniques can not balance the contradiction between security and efficiency. To prevent the electronic documents from being maliciously leaked from the beginning, an information protection model based on process monitoring has been presented in this paper. This model can not only encrypt the file which is monitored by the processed, but also control the access to the file. Thus, it can prevent the leakage of the electronic document data.This paper studies the process monitoring technology,file system filter driver technology,transparent encryption technology and file access control technology. To monitor the communication among the processes, the process monitoring techniques are employed to intercept system functions and the HOOK techniques are used to modify the intercepted system functions. The file encryption table is used to store the monitored file information. In the kernel mode, the filter driver intercept file operations to achieve transparent encryption and decryption of the files,and realize access control of the files according to the data access control rules which are embedded in the file. This process further improves the strength of the information leakage prevention.Experimental results show that this study not only achieved transparent file encryption and access control. This technique can prevent the sensitive data and confidential information leakage during the copy, disseminate and access operations.