文件过滤驱动外文资料原谅加译文《ResearchandApplicationofUSBFilterDriverBasedonWindowsKernel》资源-CSDN文库

USB　filter　driver

5星 · 超过95%的资源需积分: 9 194 浏览量 2010-06-04 09:04:06 上传评论收藏 272KB DOC 举报

资源推荐

资源详情

资源评论

外文资料原文

外文资料原文

Research and Application of USB Filter Driver Based on

Windows Kernel

Shaobo Li , Xiaohui Jia, Shulin Lv, Zhisheng Shao

ABSTRACT

The wide usage of USB storage device brings us shortcut and convenience, at the

same time it also brings us some potential security hazards which we could never turn

around and run. Hence, to strengthen the monitoring of USB storage devices has

become an important issue in the research of information security. This paper mainly

introduces the WDM driver model,deeply analyzes the communication principle of

USB device and the IRP packet interception technology based on USB filter driver. On

this basis, we finally implement the function of access control for USB storage device

in the Windows kernel.As it is implemented in Windows kernel, so the function of

access control can not be easily bypassed by the malicious program. The safety and

reliability of USB filter driver based on Windows kernel is much higher than the

previous software.

INTRODUCTION

With the rapid development of information technology and network, data

transmission has become an indispensable part in our life. As the USB bus with the

characters of higher transmission rate and flexible using properties, a growing number

of storage devices use the USB interface to access the compute. The wide usage of USB

storage device makes it an important way of information exchange. The USB storage

device has brought us conveniences, however, it also produced a number of security

vulnerabilities. Eavesdroppers can quickly and easily steal personal privacy, state

secrets or business confidential information away without the authorization by

legitimate users and can leave no trace of the theft. Besides, the illegal operations or

ultra virus action of legitimate users can easily put the USB storage device as a

transferring device.USB storage devices can also be served as virus carriers, as well as

the booting keys and so on. All the above computer security risks pose a serious threat

外文资料原文

to computer security, so the implementation of safety monitoring on USB storage

devices is of great significance. Currently, the implementation of safety monitoring on

USB storage devices mostly adopts to disable the USB port physically ,which brings

users a lot of inconvenience and does not meet the normal operating habits of computer

users. Moreover, the traditional monitoring software of USB storagedevice based on

the user-level is also easily be bypassed by Trojan horses, viruses and other malicious

programs which can not complete the process of monitoring effectively and real timely.

In this paper, USB filter driver technology based on Windows kernel is proposed on the

basis of having introduced the details of the framework of the WDM driver and having

deeply analyzed the IRP packet interception technology based on USB filter driver.

Ultimately, the function of access control for USB storage device in the Windows kernel

is implemented completely. Compared with application layer, as it is in the system

kernel, so the efficiency of intercepting is higher and the system is much safer.

USB DEVICE COMMUNICATION PRINCIPLE

When the USB device is plugged into the USB port, the system will automatically

build a USB device object stack as is shown in Figure1. After USB storage device is

inserted into the computer, the system will enumerate a USB-PDO, and then a driver

program called USBSTOR driver will be loaded on top the PDO as the FDO.

USBSTOR will also create a physical device above which a disk driver will be

mounted and then the partition drive will be mounted on it again. For the access of

USB storage device, first of all, the Win32 subsystem API will be called by a user

process. Win32 subsystem API functions will be transformed into Native API functions.

In the Native API interface, it will convert this call into system service call. Native API

which has traversed the boundaries between user module and kernel module, has

reached the kernel module. Afterwards, the core will notice I/O Manager to create IRP.

Usually, IRP is firstly sent to the top driver of device object stack, and then passed it to

the underlying drivers if necessary. In the USB device object stack, IRP is firstly passed

from the file system driver to the disk driver DISK.sys, then passed down to the USB

device driver USBSTOR.sys. In the following,it continued to be passed to the USB bus

driver to complete the remaining work. In the transferring process, each driver is

剩余11页未读，继续阅读

内容反馈

sjhanson

2013-02-27

不错，对驱动开发有很好的指导意义
godmayknow

2013-01-21

有一定参考价值，向版主的无私表示敬意

lixumolin

粉丝: 5
资源: 5

最新资源

资源上传下载、课程学习等过程中有任何疑问或建议，欢迎提出宝贵意见哦~我们会及时处理！点击此处反馈

feedback-tip