Onyx Dmitriy Olegovich - Protection of information in the environment of Windows

Autobiography
Master's Work

DonNTU
Masters of DonNTU

Theme of the master's work

Development of hardware and software of an information protection system for Microsoft Windows

Author

Onyx D.O.

Review of theme

The model of security of Windows is based on the concepts of authentification and authorizing [5]. At authentification identification information of user is checked up, and during authorizing is a presence for it rights for access to the resources of computer or network. In Windows also there are technologies encoding which protect confidential information on a disk and in networks: for example, EFS (Encrypting File System) and other.

Authentification. User must enter the name and password for registration on a computer for access to the resources of local computer or network.

Authorizing allows to controlling access of users to the resources. Application of lists of access (access control list, ACL) control and rights for access of NTFS guarantees that user will get access only to the necessary it resources, for example, to the files, disks (including by a network), printers and applications. By the groups of security, rights for users and rights for access it is possible simultaneously to manage security both at the level of resources and at the level of files, folders and rights for separate users [3].

We will consider another method of providing protection of information is the system of certification [5]. Lately digital certificates get all greater distribution in corporate networks. The use of the systems of certification allows to work out a few problems:

authentification members of connection. User must produce the digital certificate for connection with a remote server. Checking up this certificate, a server gets a guarantee, that it works with the authorized user;
providing of confidentiality of passed information due to encoding messages;
providing of passed data integrity;

Choice method of protection of information

The analysis of the above-mentioned methods is shown by advantage of the system of certification above other systems protection of information. The lack of this method is labour-intensiveness of its realization. In this work developed simple system of certification on the example of the update system of software.

process of update

Implementation of the chosen method

In this project the update system of software we will use the method of partial update – a server passes to the client only more new files. The selective update of files is carried out due to service information which is exchange a client and server in the process of update. Dignity of this method is diminishing of amount of information passed between a client and server. To the lacks of this method it is possible to deliver labour-intensiveness of its realization.

The version is appropriated every file of the updated product. Information about the versions of files is kept in the special configuration file – file of versions. At an update a client sends a server the names of files and their version. A server analyses this information and sends a client only those files which on a server have a large version (fig.1). After completion process update of files a client updates the file of versions. On the side of client the file of versions is created during installation of the program and its editing an user is forbidden. On the side of server administrators are engaged in editing of file of versions.

example update

Fig. 1. Example Update of product of Test.

The update of files through a network is occurred by means of the use of TCP of protocol. For programmatic implementation of exchange information on a network is use the sockets of Berkeley. This choice is conditioned more high speed of working as of sockets Berkeley as compared to their realization in high level libraries of classes, and also for compatibility of project with OS of family of UNIX [2].

The most important in the process of update is a process of authentification of client. For the successful update of software product a client must give a server a digital certificate. If the certificate of client passes verification (i.e. is actual), further all passed information between a client and server is encoded.

Also important part in the system of certification is a receipt of certificate a client. Server which executes an update manages in the examined example of the update system of software delivery certificate. A client must send a query with identification information, in the case of successful completion process of verification; a server produces a client certificate, simply identifying this client.

Conclusions

A server will work under Linux operating system [2], and client will work under Windows operating system. A server is developed in language of C and compiled by gcc. The tool of development of client is Visual Studio 2003, and language is С++, and library is MFC [1]. The part of implementation of the update system described higher can slightly change, as a project is in development.

List of used literature

1. David J. Kruglinski, Programming visual C++ 6.0 - Piter, 2003, 863p.
2. W.R. Stevens, UNIX network programming - Piter, 2004, 1086p.
3. M. Russinovich, Windows internals - Piter, 2005, 992p.
4. J. Richter, Programming applications for Windows - Piter, 2003, 753p.

onyx.2@mail.ru