Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Windows Alternative to Linux Security Modules?

Posted by ryuzaki0 on from the finely-grained-security dept.

Cliffe asks: "I am a PhD candidate preparing to implement a new security (access control) model. I have been reading about Linux's LSM (which allow security frameworks to be loaded) but I was unable to find documentation for a mechanism in MS Windows which allows every individual application's access to resources to be mediated; for example, to restrict each application's access to particular files or network protocols. Is this type of mediation possible in Windows? Virus scanners and firewalls likely utilize similar capabilities. Where can the documentation be found?"

1 of 54 comments (clear)

  1. Filesystem Filter Driver by Anonymous Coward · · Score: 5, Informative

    To properly restrict access to files, you'll need to write a filesystem filter driver. This is how most antivirus programs work. More information here:

    http://www.microsoft.com/whdc/driver/filterdrv/def ault.mspx

    Writing a FS filter requires the IFSKit, which is expensive and does not come with an MSDN license. To filter network access, you would use a TDI filter driver. I don't know of any way of filtering calls to DeviceIoControl other than by hooking CreateFile and doing filtering there, unless there is a facility in the ifskit to fiter those "fake" filesystems.