没有合适的资源?快使用搜索试试~ 我知道了~
文件过滤驱动外文资料原谅加译文《Research and Application of USB Filter Driver Ba...
5星 · 超过95%的资源 需积分: 9 33 下载量 194 浏览量
2010-06-04
09:04:06
上传
评论
收藏 272KB DOC 举报
温馨提示
试读
12页
若大家做毕业设计的时候苦于找不到文件过滤方面的外文资料吧。这里为大家献上我的毕业设计的译文。
资源推荐
资源详情
资源评论
外文资料原文
外文资料原文
Research and Application of USB Filter Driver Based on
Windows Kernel
Shaobo Li , Xiaohui Jia, Shulin Lv, Zhisheng Shao
ABSTRACT
The wide usage of USB storage device brings us shortcut and convenience, at the
same time it also brings us some potential security hazards which we could never turn
around and run. Hence, to strengthen the monitoring of USB storage devices has
become an important issue in the research of information security. This paper mainly
introduces the WDM driver model,deeply analyzes the communication principle of
USB device and the IRP packet interception technology based on USB filter driver. On
this basis, we finally implement the function of access control for USB storage device
in the Windows kernel.As it is implemented in Windows kernel, so the function of
access control can not be easily bypassed by the malicious program. The safety and
reliability of USB filter driver based on Windows kernel is much higher than the
previous software.
INTRODUCTION
With the rapid development of information technology and network, data
transmission has become an indispensable part in our life. As the USB bus with the
characters of higher transmission rate and flexible using properties, a growing number
of storage devices use the USB interface to access the compute. The wide usage of USB
storage device makes it an important way of information exchange. The USB storage
device has brought us conveniences, however, it also produced a number of security
vulnerabilities. Eavesdroppers can quickly and easily steal personal privacy, state
secrets or business confidential information away without the authorization by
legitimate users and can leave no trace of the theft. Besides, the illegal operations or
ultra virus action of legitimate users can easily put the USB storage device as a
transferring device.USB storage devices can also be served as virus carriers, as well as
the booting keys and so on. All the above computer security risks pose a serious threat
外文资料原文
to computer security, so the implementation of safety monitoring on USB storage
devices is of great significance. Currently, the implementation of safety monitoring on
USB storage devices mostly adopts to disable the USB port physically ,which brings
users a lot of inconvenience and does not meet the normal operating habits of computer
users. Moreover, the traditional monitoring software of USB storagedevice based on
the user-level is also easily be bypassed by Trojan horses, viruses and other malicious
programs which can not complete the process of monitoring effectively and real timely.
In this paper, USB filter driver technology based on Windows kernel is proposed on the
basis of having introduced the details of the framework of the WDM driver and having
deeply analyzed the IRP packet interception technology based on USB filter driver.
Ultimately, the function of access control for USB storage device in the Windows kernel
is implemented completely. Compared with application layer, as it is in the system
kernel, so the efficiency of intercepting is higher and the system is much safer.
USB DEVICE COMMUNICATION PRINCIPLE
When the USB device is plugged into the USB port, the system will automatically
build a USB device object stack as is shown in Figure1. After USB storage device is
inserted into the computer, the system will enumerate a USB-PDO, and then a driver
program called USBSTOR driver will be loaded on top the PDO as the FDO.
USBSTOR will also create a physical device above which a disk driver will be
mounted and then the partition drive will be mounted on it again. For the access of
USB storage device, first of all, the Win32 subsystem API will be called by a user
process. Win32 subsystem API functions will be transformed into Native API functions.
In the Native API interface, it will convert this call into system service call. Native API
which has traversed the boundaries between user module and kernel module, has
reached the kernel module. Afterwards, the core will notice I/O Manager to create IRP.
Usually, IRP is firstly sent to the top driver of device object stack, and then passed it to
the underlying drivers if necessary. In the USB device object stack, IRP is firstly passed
from the file system driver to the disk driver DISK.sys, then passed down to the USB
device driver USBSTOR.sys. In the following,it continued to be passed to the USB bus
driver to complete the remaining work. In the transferring process, each driver is
外文资料原文
responsible for dealing with its interested IRP. The driver will determine whether or not
to continue to pass the IRP to the lower driver.The key point of disk filter lies in the
interception of IRP_MJ_SCSI IRP. the IRP_MJ_SCSI is the alias of
IRP_MJ_INTERNAL_DEVICE_CONTROL. Between the DISK.SYS and
USBSTOR.SYS it is the standard SCSI commands that is transferred. To implement the
function of USB storage devices access control in IRP_MJ_SCSI's dispatch routine, the
IRP should be sent to the bottom driver firstly, then set the completion routine to modify
the process of low-level driver.
Figure 1. Principle Figure of USB Device
When the IRP is completed by a driver in the device object stack, the results need to be
passed upward from the bottom layer along the USB device object stack. Eventually,
the implementation results will be fed back to the I/O Manager, and then I/O Manager
returns it to the user process.
USB FILTER DRIVER
WDM is a kernel-mode driver for Microsoft's layered architecture model of the
driver. In the figure 2, the left column represents an upwardly linked stack of kernel
DEVICE_OBJECT structure, all of which relate to how the system managers a single
piece of hardware. The middle column represents the set of device drivers that have the
roles to play in the management. The right column illustrates the flow of an IRP through
the drivers. The WDM filter driver contains at least two or more kinds of device drivers.
One is the function driver which is the device driver usually referred by us. It knows all
剩余11页未读,继续阅读
资源评论
- sjhanson2013-02-27不错,对驱动开发有很好的指导意义
- godmayknow2013-01-21有一定参考价值,向版主的无私表示敬意
lixumolin
- 粉丝: 5
- 资源: 5
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功