File Access Policy

NTFSD
1

Hello,

I like to know what is the prefered approach
when requiring to hold the access information on
each file in the FS (for the purpose of encryption
driver) ?

I thought about having a database which will be
managed by user-mode app.
So whenever needed the kernel driver will query the
user-mode on specific file and then in turn the user-
mode component will retrieve the info from the
database and return it back to the kernel mode
driver.

Is that a good approach? Will I experience a
noticeable performance degradation ?

Thanks,
Mike

Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

2

It would be a reasonable place to start. You will likely then find that
it is slower than you would like, in which case you can rectify that by
adding a layer of caching in your driver - in other words, keep track of
files that you’ve recently checked and store those results.
Applications in Windows tend to open and close the same files
repeatedly.

More complicated approaches manage such a database within the encryption
filter. It is even possible to distribute the information of the
database within various files. For example, if you wish to restrict
yourself to NTFS, you could store the information in an alternate data
stream. If you wish to engage in a more complex project, you can change
the format of the underlying files and embed the information directly
within the file…

In the many years I’ve been working with file systems and file system
filter drivers, I have observed that encryption filters are most likely
(as a class) the most complicated type of filter driver to write - often
on par with file systems in terms of complexity.

From a complexity of implementation standpoint, the mechanism you
suggested is one of the simplest and thus might be the right choice,
even if it does not provide optimal performance - at least you will have
something you can use relatively quickly.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

Looking forward to seeing you at the Next OSR File Systems Class October
18, 2004 in Silicon Valley!

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Mike Malgin
Sent: Tuesday, October 12, 2004 6:52 AM
To: ntfsd redirect
Subject: [ntfsd] File Access Policy

Hello,

I like to know what is the prefered approach
when requiring to hold the access information on
each file in the FS (for the purpose of encryption
driver) ?

I thought about having a database which will be
managed by user-mode app.
So whenever needed the kernel driver will query the
user-mode on specific file and then in turn the user-
mode component will retrieve the info from the
database and return it back to the kernel mode
driver.

Is that a good approach? Will I experience a
noticeable performance degradation ?

Thanks,
Mike

Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17

You are currently subscribed to ntfsd as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com