CN104036197A - Vector map data protection and access control method based on file filter driver - Google Patents

Abstract

The invention belongs to the fields of cryptography, information security, geographic information systems and digital image processing, and relates to a vector map data protection and access control method based on a file filter driver for carrying out data protection and file access control on a digital vector map. The method comprises the following steps: judging whether a file is a vector map file or not; putting the file into a control list; controlling rule integrity authentication; carrying out the file access control; encrypting and decrypting the file content; hiding the file size and control information; preventing data leakage when closing. According to the vector map data protection and access control method disclosed by the invention, the file filter driver is combined, transparent encryption and decryption and the file access control are carried out on vector map data at the bottom layer of an operating system, so that user operation habits are not affected, and the vector map data on a disk are ensured to be stored in a cipher text form to protect the security of the vector map data. Compared with data watermarking, the vector map data protection and access control method disclosed by the invention protects the vector map more thoroughly and reliably.

Description

A kind of map vector data protection and access control method based on filter Driver on FSD

Technical field

The invention belongs to cryptography, information security, Geographic Information System and digital image processing field, relate to a kind of map vector data protection and access control method based on filter Driver on FSD that digital map vector is carried out to data protection and file access control.

Background technology

Fast development along with the information processing technology and surveying and mapping technology, spatial information application is more and more extensive, digital vector map have precision high, support high-quality convergent-divergent, accurate positioning, easy to operate, upgrade the multiple advantages such as convenient, become the essential Support Resources in aspect such as Geographic Information System, intelligent transport system, digitalized city and digitizing national defense construction.Meanwhile, digitized information data is faced with all the time by bootlegging, the safety problem that malice is distorted and artificially revealed.Once the possessory legitimate interests of the data meeting of leakage grievous injury map occur digital vector map, even can produce great negative effect to national defense construction, it is problem in the urgent need to address that the safety of protection digital vector map is not stolen it.

The current research to digital map vector protection is mainly to utilize digital watermark to protect the copyright of map vector, and digital watermark technology protection map vector data, exists following 2 deficiencies.The first, could not protect well the data message of map vector; the embedding that most of digital watermark has just been done copyright makes partial data precision impaired; appropriator still can be stolen map vector to be used, and such effect can not prevent usurping map vector data at all.The second, most of watermark embedded mode belongs to manual embedding, yet shows according to relevant investigation, and it is to come from internal cause that 80% data message is revealed.Data watermark cannot prevent that interior employee from stealing out data, only has pressure automatically data to be carried out to transparent encryption and decryption and just can make internal staff cannot steal map vector data.

Guard method to electronic document in addition; there is a kind of popular transparent encryption and decryption mode can force electronic document to carry out encryption and decryption; this method is mainly used to text message to carry out encryption and decryption protection, and wherein Tan Wen has specifically introduced filter Driver on FSD technology in solely angle-windows of < < Han Jiang Kernel security programming > > mono-book.There is minority scholar that transparent encryption and decryption has been referred in map vector, but there are following three point defects: the first, do not consider and copy data to situation about depositing hereof, if set up in advance a map vector file in mobile device, then map vector data is copied to this file, traditional filtration drive can not processed it, thereby has caused data leakage.The second, do not consider the repeatedly feature of outgoing of map vector, to the File Open time, open all many-sides such as number of times and cannot control, thereby cannot effectively guarantee the safety of map.Three, cannot control operations such as the rename of map vector file and deletions.

Summary of the invention

The object of the present invention is to provide map vector data protection and the access control method based on filter Driver on FSD of the safety of a kind of protected file in Life cycle.

The object of the present invention is achieved like this:

(1) determine whether map vector file

When operating system is processed file, send I/O Requeset Package read-write requests bag IRP, when File Open, operating system is sent IRP_MJ_CREATE, and filter Driver on FSD is now tackled the filename that need to open, and according to file extension, judgement is map vector file;

(2) file is put into control list

After being judged as map vector file, from tail of file, take out encryption identification and control information, encryption identification is examined, if there is encryption identification, represent that this document belongs to the map vector file that is labeled and processed, file object and File Control Block file control block FCB corresponding to file are added to confidential document list, if there is not encryption identification in tail of file, illustrate that this document is not processed, need to process it, file object and FCB corresponding to file be added to the untreated list of concerning security matters;

(3) control law integrated authentication

For the map vector file that includes encryption identification, examine current process whether in the legal process list of its regulation, if do not existed, represent that current process do not obtain the authority of correct map vector data, directly delivery operation system, reads ciphertext; If current process is legal process, utilize MD5 algorithm to carry out integrated authentication to control information, judgement control information has or not and is tampered, if control information is tampered, access unsuccessfully, delete this document, if control information is not tampered, all control laws add confidential document list to corresponding file FCB simultaneously;

(4) file access control

The access control information embedding according to file is examined file access number of times in IRP_MJ_CREATE, if access times reach stipulated number, file is deleted; The file access time is utilized Deferred Procedure Call timer DPC, carries out quantitative check, if file is not closed in the stipulated time, force file cache data to brush disk, and close file; When needs carry out file rename and delete, it is the IRP of IRP_MJ_SET_INFORMATION that operating system can be sent the function of tonic chord number, while deleting with rename operation to file, in the distribution function of IRP_MJ_SET_INFORMATION, monitor, from confidential document list, take out document control information, if allow apply for operation, delivery system is processed, if do not allowed, return to failure;

(5) file content encryption and decryption

During file read-write, operating system is sent IRP_MJ_READ and IRP_MJ_WRITE, and file read-write is divided into buffer memory read-write and paging is read and write two kinds, with the sign that IRP is entrained, distinguishes; Utilize filter Driver on FSD, with the read-write requests of IRP_PAGING_IO|IRP_SYNCHRONOUS_PAGING_IO|IRP_NOCACHE sign, utilize stream encryption method that data are encrypted and are deciphered;

(6) file size and control information are hidden

Control information and encryption identification are placed on to file extent tail, utilize IRP_MJ_QUERY_INFORMATION to hide file size and control information, in the time of system acquisition file size, can issue the IRP request of IRP_MJ_QUERY_INFORMATION, filtration drive is in this IRP request, file size is set to authentic document size length, reaches the object of hiding control information and file size;

(7) while closing, prevent data leakage

When a closing of a file, judge that this file is whether in the untreated list of concerning security matters, the file in this list, is expressed as original map vector file that does not pass through encryption in computing machine, and this document is encrypted and embeds access control information simultaneously.

Beneficial effect of the present invention is:

The present invention proposes the protection of a kind of map vector data and access control method, in conjunction with filter Driver on FSD technology, map vector file is carried out to transparent, data encrypting and deciphering and access control forcibly.Contrast existing file filtration drive product and map vector protection product, the present invention has the following advantages:

1. the present invention is in conjunction with filter Driver on FSD; at operating system bottom, map vector data is carried out to transparent encryption and decryption and file access control; do not affect user operation habits, guarantee that the map vector data on disk is stored with ciphertext form, protection map vector data safety.The present invention is more thorough to the protection of map vector than data watermark, more firm.

The present invention can be pellucidly, forcibly process install drive before already present, the untreated map vector file of computing machine itself, than existing filter Driver on FSD product, can prevent that file data from revealing by ancient deed, security is higher.

3. whether the present invention can realize the access time of map vector file, access times, whether allows rename, allow to delete etc. and control, and builds a three-dimensional guard space.Effectively having evaded opens file for a long time stops file data for a long time in internal memory, and the potential risk of bringing; Can prevent from again continually file being conducted interviews, effectively file be cracked and limited, improved protection class simultaneously.

4. the present invention is placed on file extent tail by encryption identification and document control information, and the method for plus and minus calculation is only carried out in the filter Driver on FSD file size control of abandoning in the past in IRP_MJ_SET_INFORMATION and IRP_MJ_QUERY_INFORMATION to file size, by the size that drives self maintained concerning security matters map vector file, interception cache read write operation, has guaranteed that file read-write can read, write data accurately in position accurately.

Accompanying drawing explanation

Fig. 1 entire system schematic flow sheet;

Fig. 2 arranges control information software interface;

Fig. 3 access process is controlled

When closing, Fig. 4 prevents file leakage

Embodiment

Below in conjunction with accompanying drawing and example, technical solution of the present invention is further described:

First the detailed process of work of the present invention is described: operating system is when operating file, single job divides IRP several times to provide, for file read-write operation, operating system can be sent IRP_MJ_CREATE, IRP_MJ_QUERY_INFORMATION, IRP_MJ_READ, IRP_MJ_WRITE, IRP_MJ_SET_INFORMATION, IRP_MJ_CLEANUP, IRP_MJ_CLOSE successively; For rename and deletion, can send successively IRP_MJ_CREATE, IRP_MJ_SET_INFORMATION, IRP_MJ_CLEANUP, IRP_MJ_CLOSE.According to the operating process of system, the present invention has formed treatment step as shown in Figure 1:

(1) after File Open, first judge file type, if not map vector file delivery operation system, if map vector file continues, file read-write enters (2), and file is deleted and file rename enters (8).

(2), if file read-write carries out process check, the detailed step of process check as shown in Figure 3, judges that this document is whether in encrypt file table and untreated table.If, from table, take out legal process list, judge that whether this process is legal.If do not existed, read end-of-file, judged whether encryption indicator.If there is encryption indicator, from control information, take out legal process list, judge that whether this process is legal; If there is no encryption indicator, this document is added to untreated list.If process is legal, control information is carried out to integrated authentication, and check access times and the DPC Timer Controlling access time is set.Then enter (3).

(3) when inquiry file is big or small, system is sent IRP_MJ_QUERY_INFORMATION, now drives interception query manipulation, and backspace file actual size, realizes Information hiding, then enters (4).

(4) enter file read-write, do two things: the first, data content is carried out to encryption and decryption; The second, file size and skew are safeguarded.Then enter (5).

(5) while file size being set, system is sent IRP_MJ_SET_INFORMATION, now drives interception setting operation, and file size is set to the size that file has added end-of-file.Then enter (6).

(6), during closing of a file, operating system can be sent IRP_MJ_CLEANUP, now drives file is checked, if this document, in untreated list, carries out transparent encryption and decryption to file, if in confidential document table, removes DPC timer.Then enter (7);

(7) file is embedded to end-of-file, end-of-file comprises control information, encryption indicator and integrated authentication code.Then enter (11);

(8) from tail of file, read control information and encryption indicator, if there is no encryption indicator, delivery operation system is processed.If there is encryption indicator, file deletion action enters (9) so, and rename enters (10);

(9) when file is deleted, operating system can be sent IRP_MJ_SET_INFORMATION, and whether the control information that intercepting system operation judges (8) is read herein allows to delete, if allowed, deletes, if do not allowed, forbids.

(10) operating system can be sent IRP_MJ_SET_INFORMATION during file rename, and whether the control information that intercepting system operation judges (8) is read herein allows rename, if allowed, rename, if do not allowed, forbids.

(11) file is normally closed.

The present invention can be divided into three parts, 1. the embedding of document control information and extraction; 2. the internal maintenance of confidential document information; 3. file access control.

1. the embedding of document control information and extraction

Control information is divided into two kinds, and a kind of is total document control information, for all map files, when being embedded into control information for the first time, uses; Another kind is individual files control information, by user, to embedding the Single document of control information, is changed.

(1) total document control information

Whether document control information spinner will comprise legal process list, file access number of times, file access time, whether allow rename, allow to delete.Default document control information is placed in registration table, supports the own allocating default document control of user information.Driving is read acquiescence control information when controlling embedding first from registration table, and information exchange is crossed to the mode that creates IRP to underlying device, sends, by control information writing in files afterbody.

Embedding opportunity of total document control information is in IRP_MJ_CLEANUP, before closing of a file, by driving the information such as the file actual size of self maintained and skew, to underlying device, send self-defined IRP, encryption identification, control information are pressed to set form writing in files afterbody.

(2) individual files control information

Individual files control information, is used for changing the control information of Single document.Thereby reach the object that the specific aim of special map is processed.Can configure equally legal process list, file access number of times, file access time, whether allow rename and whether allow to delete these five.By application layer software as shown in Figure 2, user can change document control information.Provide the file absolute path that need to change control information, then, according to modification demand, control law is embedded again.

When separately document control information being modified, control information is carried out application layer by IOCTL technology and is communicated by letter with inner nuclear layer, filtration drive is opened and read operation file at inner nuclear layer structure IRP, then data are changed, write back tail of file, last close file is removed buffer memory again.

2. the internal maintenance of confidential document information

The maintenance of information of confidential document is mainly divided into two parts, and first is the maintenance of file size and side-play amount; Second portion is the maintenance of document control information.

(1) maintenance of file size and side-play amount

According to file read-write feature, read-write operation can be divided into two types of buffer memory read-write and paging read-writes.Paging read-write requests is reading out data from disk, or to disk data writing.Because disk reads and writes, be strictly by sector and bunch alignment, therefore in paging read-write process, only can carry out encryption and decryption work to data, and cannot safeguard the actual size of file.

Buffer memory read-write is different, cache read write request, the length that reads and writes data of sending is the true length of real these data that need to read or write, therefore by the monitoring of buffer memory read-write IRP therefrom actual size and the side-play amount of maintenance documentation, then by information with newly in confidential document table, thereby kept the consistance of data.When control information embeds, just can from confidential document table, obtain accurately the real size of file, then calculate information embedded location accurately.

(2) document control maintenance of information

Document control information comprises file access time, file access number of times, legal process list, whether allows rename, whether allows to delete this five kinds of control informations.These five kinds of control informations, file size and sector polishing length form following structure:

Utilize FCB as unique distinguishing mark of file, control information is separated by file area, so just guaranteed that control method and control information are different for each file, have improved the safety coefficient of map vector.

3. file access control

File access control divides five parts to carry out: 1, the file access time; 2, file access number of times; 3, access process is controlled; 4, rename and deletion are controlled; 5, closing of a file prevents from revealing.At file, from being opened to, close whole life cycle, utilize different measures, on different opportunitys, this five part is controlled respectively, thereby guarantee from being opened to safe handling and the storage of closing the whole life cycle of map vector.

(1) the file access time is controlled

The control of file access time is to control single file access time length.In File Open, from file extent tail, read control information, then utilize DPC set timer timer response function.When the file access time is overtime, enter timer response function, preserve current file, know file cache and close current file.

(2) file access number of times is controlled

In File Open, file access number of times is verified, if file access number of times is greater than zero, allow this visit, access times are subtracted to 1 operation simultaneously, upgrade the information in confidential document list.If file access number of times is less than zero, deleted marker position while closing is set, make automatically to delete when closing of a file.

Because the opening operation of file is very frequent, some opening operation has just been asked inquiry file size, therefore at needs, distinguishes read-write zone bit, and only having when opening is when reading and writing, Cai File Open number of times is subtracted to 1 operation.

(3) access process is controlled

When being controlled at File Open, access process controls, first judge whether file is map vector file, if map file, judge whether in confidential document table and untreated file table, if, whether legally from table, take out concerning security matters process list contrast process, if do not existed, read identification information and the control information of tail of file, examine, if there is no encryption indicator, this document is added to untreated list, if there is encryption identification, judge that current process is whether in legal process list, if in list, carry out the control of integrated authentication and above-mentioned (1) and (2), if not in legal process list, this document is forced to brush buffer memory, prevent file data leakage, then transfer to operating system to process.Because map file data have been passed through encryption and decryption, thus with one not the process in legal plan open map vector, file open failed.Fig. 3 detail display when File Open, the detailed process of process access control.

(4) rename and deletion are controlled

File rename and deletion are all processed in IRP_MJ_SET_INFORMATION, and what carry out this operation may be that legal process may be also illegal process.Therefore for the control of rename and these two kinds of control laws of deletion, need to again construct IRP file reading expansion tail, by reading control bit information, select whether to allow this two operations.If allowed, transfer to operating system to complete work, if do not allowed, return to failure, finish this IRP simultaneously.

(5) anti-leak is controlled during closing of a file

Closing of a file has two kinds of situations, and a kind of situation is that confidential document is closed.Closing of the map vector of not processing through filtration drive that before another kind of situation load driver, computing machine has just existed.

The first is closed situation, process fairly simple because completed the monitoring of file data encryption and decryption and access control in read-write is filtered.The second is closed situation, minute double diffusion.First first paragraph is in File Open, will add untreated listed files to file, and puts in the lump untreated list from the FCB that registration table is read acquiescence control law and file.Second segment is when closing, and file is searched for, if having this document in untreated list, again file data is encrypted to protection and access control information and encryption identification is embedded to tail of file simultaneously.And force brush buffer memory, know the data in FCB, prevent from now having other processes opening this document, when it is preserved, cause data inconsistent.Idiographic flow in cleanup as shown in Figure 4.

Claims (1)

1. the map vector data based on filter Driver on FSD is protected and an access control method, it is characterized in that:

(1) determine whether map vector file

When operating system is processed file, send I/O Requeset Package read-write requests bag IRP, when File Open, operating system is sent IRP_MJ_CREATE, and filter Driver on FSD is now tackled the filename that need to open, and according to file extension, judgement is map vector file;

(2) file is put into control list

After being judged as map vector file, from tail of file, take out encryption identification and control information, encryption identification is examined, if there is encryption identification, represent that this document belongs to the map vector file that is labeled and processed, file object and File Control Block file control block FCB corresponding to file are added to confidential document list, if there is not encryption identification in tail of file, illustrate that this document is not processed, need to process it, file object and FCB corresponding to file be added to the untreated list of concerning security matters;

(3) control law integrated authentication

For the map vector file that includes encryption identification, examine current process whether in the legal process list of its regulation, if do not existed, represent that current process do not obtain the authority of correct map vector data, directly delivery operation system, reads ciphertext; If current process is legal process, utilize MD5 algorithm to carry out integrated authentication to control information, judgement control information has or not and is tampered, if control information is tampered, access unsuccessfully, delete this document, if control information is not tampered, all control laws add confidential document list to corresponding file FCB simultaneously;

(4) file access control

The access control information embedding according to file is examined file access number of times in IRP_MJ_CREATE, if access times reach stipulated number, file is deleted; The file access time is utilized Deferred Procedure Call timer DPC, carries out quantitative check, if file is not closed in the stipulated time, force file cache data to brush disk, and close file; When needs carry out file rename and delete, it is the IRP of IRP_MJ_SET_INFORMATION that operating system can be sent the function of tonic chord number, while deleting with rename operation to file, in the distribution function of IRP_MJ_SET_INFORMATION, monitor, from confidential document list, take out document control information, if allow apply for operation, delivery system is processed, if do not allowed, return to failure;

(5) file content encryption and decryption

During file read-write, operating system is sent IRP_MJ_READ and IRP_MJ_WRITE, and file read-write is divided into buffer memory read-write and paging is read and write two kinds, with the sign that IRP is entrained, distinguishes; Utilize filter Driver on FSD, with the read-write requests of IRP_PAGING_IO|IRP_SYNCHRONOUS_PAGING_IO|IRP_NOCACHE sign, utilize stream encryption method that data are encrypted and are deciphered;

(6) file size and control information are hidden

Control information and encryption identification are placed on to file extent tail, utilize IRP_MJ_QUERY_INFORMATION to hide file size and control information, in the time of system acquisition file size, can issue the IRP request of IRP_MJ_QUERY_INFORMATION, filtration drive is in this IRP request, file size is set to authentic document size length, reaches the object of hiding control information and file size;

(7) while closing, prevent data leakage

When a closing of a file, judge that this file is whether in the untreated list of concerning security matters, the file in this list, is expressed as original map vector file that does not pass through encryption in computing machine, and this document is encrypted and embeds access control information simultaneously.