Multi-User handling in user/kernel modes

We have written a mini filter driver that sends messages via FltSendMessage to client user program.
It gets encryption key from client and protect sensitive files. Client decides logged in user can access to protected file or not (via trusted applications).
We want to support multi user concurrently (i.e. Fast User Switching).
We have two choices for implementing:

  1. Multi-client programs (each per user) that detects logged in user and communicates to driver via special port, and driver must be manage all connections.
  2. One client program for all users (.i.e. a windows service) that manages users and connects to driver via a single port.

What’s your opinion about these solutions?

If you’re trusting the user application with encryption keys and policy decisions then you almost certainly want it running as a service. That way it’s part of the trusted computing base and more protected than a regular application launched by the user.

Client program detects Trusted applications (like office apps) via their signature and defined server policies. Now, it is a process that runs with windows boot. Only trusted apps can access to protected files.
If we switch between users minifilter driver exist. We want to decide about client program and connections between it and driver.

My previous post stands. You’re putting your policy decisions in user mode (which I agree with, BTW) so you need to protect that user mode code. If you run your client program as an application under the credentials of the logged on user then OTHER applications launched by the logged on user have access to the process, thus could manipulate the policy (e.g. by debugging the process).

If you put the policy in a service then the user has to at least be an administrator in order to manipulate the policy (and trying to stop the administrator is a losing battle).