|
|||||
|
|
| 具有hook机制的过滤驱动加解密模型 | |
| 引用本文: | 蔡强,薛子育,毛典辉,李海生,曹健. 具有hook机制的过滤驱动加解密模型[J]. 高技术通讯, 2016, 0(7): 677-683. DOI: 10.3772/j.issn.1002-0470.2016.07.008 |
| 作者姓名: | 蔡强 薛子育 毛典辉 李海生 曹健 |
| 作者单位: | 北京工商大学,计算机与信息工程学院,食品安全大数据技术北京市重点实验室 北京100048 |
| 基金项目: | 国家自然科学基金(QNJJ2014-23),北京市自然科学基金(4162019),北京市教委科研计划(SQKM201610011010)资助项目。 |
| 摘 要: | 研究了文件保护的加解密技术。针对文件采用过滤驱动模型进行加解密导致文件标识不统一与内存明文泄露风险增加等安全问题,设计了一种hook机制和过滤驱动方法相结合的加解密模型。该模型采用过滤驱动方法对文件进行加解密,同时引入hook机制对内存中文件操作行为进行捕获,使得加解密前后的文件具有相同标识,在保证用户原有文件操作习惯的同时,实现了文件内存明文恢复风险的降低。理论分析和试验结果表明,该模型在三种加密模式下,可以针对不同文件进行快速加解密,同时较过滤驱动加解密模型,其恢复风险下降3%以上。 |
| 关 键 词: | 文件系统 信息安全 透明加密 过滤驱动 hook 加解密 |
A filter driver encryption and decryption model with hook mechanism |
|
| Abstract: | The encryption and decryption for file protection were studied. To solve the problems of un-unified file identifi-cation and increasement of memory’s file leakage risk in information security caused by the file’ s use of a filter driver model to perform encryption and decryption, a new encryption and decryption model combining the hook mechanism and the filtering driver model was designed. The model uses the filter driver model to encrypt the file, and at the same time, the hook mechanism is introduced to capture the file operation behavior in memory to make the file has the same identity around the encryption and decryption. Thus under the circum stances of keeping the original operating habits of the file, a reduction on the risk of the file’ s recovery is achieved. The theoretical analy-sis and experiments demonstrate that the model proposed in the study can be used to fast encrypt and decrypt differ-ent files under three encryption modes, and its disintegration rate can be decreased over 3 per cent compared with the filter driver model. |
| Keywords: | file system information security transparent encryption filter driver hook encryption and de-cryption |
| 本文献已被 CNKI 万方数据 等数据库收录! | |