摘要: 访问控制系统需具备便携性、易用性。基于此,提出一种Windows操作系统I/O模型下的访问控制模型。该模型基于以加密文件为容器的虚拟设备,在用户态和内核态进行授权判定、透明加解密、访问重定向,可扩展为各种定制访问控制系统。根据需求进行模块设计,使用API钩子、虚拟设备驱动和过滤驱动等技术开发,测试包括性能的模型特点,并给出2种应用扩展。
关键词:
访问控制,
过滤驱动,
虚拟设备,
API钩子
Abstract: Portability and usability for access control systems are presented. This paper presents an access control model based on I/O model on Windows platform, which uses virtual device with encrypted file as container. It mainly relies on authorization, transparent encryption/decryption and redirection of disk access. Various access control systems can be extended from this model. It describes the design of the model according to the requirements, and illustrates the development which is composed of API Hook, virtual device driver and filter driver development. Experiments are conducted to verify the characteristics of this model including performance. Two extensions in practice are discussed as a confirmation to the extensibility.
Key words:
access control,
filtering drive,
virtual device,
API hook
中图分类号:
黄凌翔, 顾明. 基于虚拟设备的访问控制模型[J]. 计算机工程, 2011, 37(4): 275-277.
HUANG Ling-Xiang, GU Meng. Virtual Device-based Access Control Model[J]. Computer Engineering, 2011, 37(4): 275-277.