电子文档安全管理技术研究与实现

Research and realization of security management of electronic documents

设计并实现了一个具有文件安全保护能力的终端文档安全保护系统。在技术上主要采用内核与应用层相结合的方法来实现文档透明加、解密。在内核层实现功能上的控制,而在应用层实现相应的权限控制和策略制定。在操作系统内核对访问电子文档的进程进行审核与控制,利用文件系统过滤驱动技术过滤掉非法进程对文档的读取。对于拥有访问权限和安装该系统的客户端用户,才可以正常读取加密的电子文档,排除了电子文档泄密的可能,实现了对电子文档的安全管理。

A safety protection system is designed and implemented, which can protect the terminal electronic documents. It is mainly applied to the encryption and decryption transparently and provides safety management services for users on the electronic documents. A combination method of kernel and application layer is mainly adopted technically to implement the encryption and decryption documents. The function of control will be realized in kernel layer. The access control and strategy selection will be implemented in application layer. In the operating system kernel, the system can audit and control the accessing process of electronic documents. Besides this, in order to prevent reading the file illegally, the system can filter out the unauthorized reading processes. But the users having the access authority and the client software can read the encryption documents normally. It solves the possibility of file leakage. The safety protection of the document is realized.