本文關(guān)鍵詞： USB移動(dòng)存儲(chǔ)設(shè)備 WDM Windows文件系統(tǒng) 過濾驅(qū)動(dòng) 訪問控制　出處：《重慶大學(xué)》2012年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計(jì)算機(jī)技術(shù)的迅猛發(fā)展，具有易于攜帶、容量大和使用方便等優(yōu)點(diǎn)的USB移動(dòng)存儲(chǔ)設(shè)備已替代軟盤也已經(jīng)成為了數(shù)據(jù)轉(zhuǎn)存的主要媒介。但是USB的大量使用也帶來了新的安全問題，并成為人們關(guān)注的焦點(diǎn)，如利用USB設(shè)備，竊密者可以在合法用戶不在場的情況下，迅速且不留下痕跡地將個(gè)人隱私、國家機(jī)密或商業(yè)敏感信息取走。另一方面，合法用戶的違規(guī)操作和逾權(quán)動(dòng)作也可能把USB存貯設(shè)備作為中轉(zhuǎn)媒體，從而對主機(jī)安全構(gòu)成不小的威脅。 本論文是作者在參與一個(gè)有關(guān)于計(jì)算機(jī)安全管理橫向項(xiàng)目的開發(fā)后，在技術(shù)上方面的思考和總結(jié)，并據(jù)此利用WDM（Windows Driver Model）過濾驅(qū)動(dòng)技術(shù)，針對個(gè)人電腦主機(jī)，提出了一種基于WDM過濾驅(qū)動(dòng)技術(shù)的USB訪問控制系統(tǒng)。該系統(tǒng)能實(shí)現(xiàn)控制USB移動(dòng)存儲(chǔ)設(shè)備在個(gè)人電腦上的讀、寫操作、以及數(shù)據(jù)監(jiān)控功能，從而有效地保證了本機(jī)數(shù)據(jù)的安全。當(dāng)設(shè)備接入計(jì)算機(jī)，系統(tǒng)會(huì)自動(dòng)記錄設(shè)備的信息，并且控制其讀寫操作。對于允許讀寫的存儲(chǔ)設(shè)備，系統(tǒng)還會(huì)記錄計(jì)算機(jī)對其的操作信息，比如讀、寫的文件名，刪除、修改的文件名等。 在論文寫作期間，作者所做的主要工作是： 1、詳細(xì)分析Windows的內(nèi)核機(jī)制，討論了驅(qū)動(dòng)技術(shù)，及如何運(yùn)用WDM過濾驅(qū)動(dòng)技術(shù)實(shí)現(xiàn)USB訪問控制的實(shí)現(xiàn)方案； 2、運(yùn)用角色訪問控制技術(shù)實(shí)現(xiàn)了權(quán)限子系統(tǒng)、運(yùn)用WDM過濾驅(qū)動(dòng)技術(shù)的實(shí)現(xiàn)了USB訪問控制子系統(tǒng)、運(yùn)用FileSystemWatcher技術(shù)實(shí)現(xiàn)USB文件監(jiān)控子系統(tǒng)，并討論了其中的關(guān)鍵技術(shù)； 3、對系統(tǒng)運(yùn)行測試情況進(jìn)行說明與總結(jié)。 在文章的組織方面，論文前半部分主要介紹了包括Windows的內(nèi)核機(jī)制、執(zhí)行體組件以及驅(qū)動(dòng)程序開發(fā)的相關(guān)基礎(chǔ)理論知識(shí)，分析了它們之間的相互關(guān)系以及使用方法，同時(shí)對WDM內(nèi)核驅(qū)動(dòng)模型的概念和相關(guān)基礎(chǔ)知識(shí)進(jìn)行充分的闡述，，并提出系統(tǒng)的開發(fā)思路和解決方案。 論文后半部分著重分析了項(xiàng)目研究開發(fā)中所要解決的準(zhǔn)備工作和技術(shù)問題，包括系統(tǒng)的需求分析、架構(gòu)設(shè)計(jì)、數(shù)據(jù)庫設(shè)計(jì)、以及系統(tǒng)的實(shí)現(xiàn)方案等。其中包括，詳細(xì)分析基于角色訪問控制權(quán)限子系統(tǒng)、基于WDM過濾驅(qū)動(dòng)技術(shù)的USB訪問控制子系統(tǒng)、運(yùn)用FileSystemWatcher類的USB文件監(jiān)控子系統(tǒng)的實(shí)現(xiàn)構(gòu)架，并指出實(shí)現(xiàn)各子系統(tǒng)的關(guān)鍵技術(shù)，如過濾驅(qū)動(dòng)文件技術(shù)、動(dòng)態(tài)捕獲技術(shù)等。 最后論文對“基于WDM過濾驅(qū)動(dòng)技術(shù)的USB訪問控制系統(tǒng)”進(jìn)行了測試，提出存在的問題和不足，以及進(jìn)一步改進(jìn)的思路。
[Abstract]:With the rapid development of computer technology, it is easy to carry, USB mobile storage equipment has the advantages of large capacity and convenient use etc. has replace the disk has become the main medium for storing the data. But the extensive use of USB also brings new security problems, and become the focus of attention, such as the use of USB equipment, QieMi who can not present in the case of a legitimate user, quickly and without a trace of personal privacy, national security or business information removed. On the other hand, the violation of the legitimate users and more than the right of action may also be a USB storage device as a transit media, which is not a small threat to host security.
In this paper the author participated in a development project about computer security management, in the technical aspects of thinking and summary, and then use WDM (Windows Driver Model) filter driver technology, the host personal computer, we propose a WDM based filter drive technology of USB access control system of the system. To achieve control of USB mobile storage devices on a personal computer to read and write operations, and data monitoring functions, thereby effectively ensuring the machine data security. When the device is connected to a computer, the system will automatically record the equipment information, and control the read and write operation. To allow the storage device to read and write system records on the computer operation information, such as read, write the file name, delete, modify the file name.
During the writing of the paper, the main work of the author is:
1, the kernel mechanism of Windows is analyzed in detail, the driving technology is discussed, and how to realize the implementation of USB access control by using WDM filter driver technology is discussed.
2, using the role access control technology to achieve the permission subsystem, using the WDM filter driver technology to achieve the USB access control subsystem, using the FileSystemWatcher technology to implement the USB file monitoring subsystem, and discuss the key technologies.
3, the system operation test situation is explained and summarized.
In the organization of the article, the first part mainly introduces the kernel mechanism including Windows, executive body components and driver development related theory knowledge, analysis of the relationship between them and the use of methods, and the driver model of WDM kernel concepts and related basic knowledge are fully elaborated, and put forward the development ideas and Solutions of the system.
The second part of this thesis focuses on the analysis of the project preparatory work to solve the problems in research and development and technology, including system requirements analysis, architecture design, database design, and system realization scheme. Including the detailed analysis of the role access control subsystem based on WDM filter driver technology of USB access control system based on the use of USB architecture file monitoring subsystem of the FileSystemWatcher class, and points out the key technology in the implementation of the various subsystems, such as file filter driver technology, dynamic capture technology.
Finally, the paper tests the "USB access control system based on WDM filter driver technology", and puts forward the existing problems and shortcomings, and further improvement ideas.

【學(xué)位授予單位】：重慶大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2012
【分類號(hào)】：TP333;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 徐洪學(xué);;一種面向協(xié)同設(shè)計(jì)系統(tǒng)的訪問控制模型[J];東北大學(xué)學(xué)報(bào)(自然科學(xué)版);2007年12期

2 張燕;李紅蕾;吳星;;再談DDK方式之驅(qū)動(dòng)程序開發(fā)[J];電腦與信息技術(shù);2010年03期

3 陳尚義;馬劍;;防信息泄漏技術(shù)和產(chǎn)品現(xiàn)狀[J];計(jì)算機(jī)安全;2006年02期

4 李軍;;信息泄漏防范何去何從[J];計(jì)算機(jī)安全;2006年03期

5 景春國;白秋果;邢廣忠;;基于WDM的精確定時(shí)技術(shù)及其在核測量中的應(yīng)用[J];核電子學(xué)與探測技術(shù);2007年02期

6 李凡,劉學(xué)照,盧安,謝四江;WindowsNT內(nèi)核下文件系統(tǒng)過濾驅(qū)動(dòng)程序開發(fā)[J];華中科技大學(xué)學(xué)報(bào)(自然科學(xué)版);2003年01期

7 趙銘偉;毛銳;江榮安;;基于過濾驅(qū)動(dòng)的透明加密文件系統(tǒng)模型[J];計(jì)算機(jī)工程;2009年01期

8 鄒敬軒;蔡皖東;;基于WDF過濾驅(qū)動(dòng)的USB存儲(chǔ)設(shè)備監(jiān)控系統(tǒng)[J];計(jì)算機(jī)工程與科學(xué);2010年03期

9 李偉明;雷杰;董靜;李之棠;;一種優(yōu)化的實(shí)時(shí)網(wǎng)絡(luò)安全風(fēng)險(xiǎn)量化方法[J];計(jì)算機(jī)學(xué)報(bào);2009年04期

10 謝柏林;余順爭;;基于應(yīng)用層協(xié)議分析的應(yīng)用層實(shí)時(shí)主動(dòng)防御系統(tǒng)[J];計(jì)算機(jī)學(xué)報(bào);2011年03期

相關(guān)碩士學(xué)位論文 前1條

1 程俊;基于ARM核的USB2.0-AHB接口IP主機(jī)端驅(qū)動(dòng)程序的設(shè)計(jì)與實(shí)現(xiàn)[D];電子科技大學(xué);2007年

本文編號(hào)：1478884