| 基于虚拟设备的访问控制模型 |
| |
| 引用本文: | 黄凌翔,顾明.基于虚拟设备的访问控制模型[J].计算机工程,2011,37(4):275-277. |
| |
| 作者姓名: | 黄凌翔 顾明 |
| |
| 作者单位: | 1. 清华大学计算机科学与技术系,北京,100084
2. 清华大学软件学院,北京,100084 |
| |
| 摘 要: | 访问控制系统需具备便携性、易用性。基于此,提出一种Windows操作系统I/O模型下的访问控制模型。该模型基于以加密文件为容器的虚拟设备,在用户态和内核态进行授权判定、透明加解密、访问重定向,可扩展为各种定制访问控制系统。根据需求进行模块设计,使用API钩子、虚拟设备驱动和过滤驱动等技术开发,测试包括性能的模型特点,并给出2种应用扩展。
|
| 关 键 词: | 访问控制 过滤驱动 虚拟设备 API钩子 |
Virtual Device-based Access Control Model |
| |
| HUANG Ling-xiang,GU Ming.Virtual Device-based Access Control Model[J].Computer Engineering,2011,37(4):275-277. |
| |
| Authors: | HUANG Ling-xiang GU Ming |
| |
| Affiliation: | b(a.Department of Computer Science and Technology;b.School of Software,Tsinghua University,Beijing 100084,China) |
| |
| Abstract: | Portability and usability for access control systems are presented. This paper presents an access control model based on I/O model on Windows platform, which uses virtual device with encrypted file as container. It mainly relies on authorization, transparent encryption/decryption and redirection of disk access. Various access control systems can be extended from this model. It describes the design of the model according to the requirements, and illustrates the development which is composed of API Hook, virtual device driver and filter driver development. Experiments are conducted to verify the characteristics of this model including performance. Two extensions in practice are discussed as a confirmation to the extensibility. |
| |
| Keywords: | access control filtering drive virtual device API hook |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
