> To answer OP’s question: There is no way (at least not any the public here is
aware of and can share) to provide encrypted contents to an application using memory
mapped I/O if you provide cleartext to any other application that uses memory mapped
I/O.
… unless you create a layered file system, which manages
two system caches for each encrypted file. One containing
encrypted text and one containing plaintext. On IRP_MJ_CREATE
request, you just choose the proper SectionObjectPointer
and put it to the file object.
L.
Mm, right 
That should’ve read no way in a filter.
Ladislav Zezula wrote:
> To answer OP’s question: There is no way (at least not any the public here is
> aware of and can share) to provide encrypted contents to an application using memory
> mapped I/O if you provide cleartext to any other application that uses memory mapped
> I/O.
… unless you create a layered file system, which manages two system caches for each
encrypted file. One containing encrypted text and one containing plaintext. On
IRP_MJ_CREATE request, you just choose the proper SectionObjectPointer
and put it to the file object.
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
> Just curious to know how do the companies in the DRM space manage to
protect data? Do they not have same problems (allowing special apps to
view data, dll injection / api patching)? Or is it all handled at the
editor level e.g. Microsoft word.
Who ever said that any DRM solution is 100% secure? They are
only so small that not enough hackers try (or hackers do not want to try
hard enough) to break it.
There is absolutely no way of securing file data from
Administrator user, period. There are only ways to make it hard enough
for them to give up.
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.
> > Just curious to know how do the companies in the DRM space manage to
> protect data?
Most DRM is now moved inside the DVI cable chips and to Blu-Ray drives.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
ganesh pashupathi wrote:
Could you please suggest some ways of making it difficult for a user to
steal contents of a file e.g. for the scenario where a dll is injected
in notepad?
Basically you can’t.
Define your threat model first. Are you shipping to environments where
the users will be on corporate machines (and therefore not have admin
access) or home users? If it’s corporate machines you don’t have to
worry too much (in fact you could just use NTFS ACLs and a service and
not bother encrypting).
If it’s home users you have to assume that they have admin access and
the ability to change any and every part of the OS. Therefore it’s
futile to use any kind of automatic filter to achieve what you want to
do. You’ll be playing whack-a-mole with your hack detection from now
until the end of time.
I would do it completely differently - put the decryption software in
the target application, reasonably obfuscated. Encrypt the file and
forget about using a filter driver. It’s a lot harder to reverse
engineer a complex application to find out how it’s encrypting something
than to fool a filter driver into doing the work for you (especially
since you can do things like check for debuggers, checksum critical
parts of the code, etc).
Alternatively have the app register with the driver and use ioctls to
read/write - easier to crack than the application version since the
ioctl function is a single point of attack, but not as trivially easy as
the filter version.
Tony
ganesh pashupathi wrote:
Hi Tony,
Thanks a lot for your reply. This means a third party application trying
to do something similar to DRM will not work at all (for admin users)
unless I write my own editor or handle all decryption in an existing
editor plug-in if it supports one.
The microsoft DRM and encryption stuff works… being built into the OS
it’s rather harder to work around, plus they’ve got a lot more
experience writing this stuff. ref: EFS, bitlocker, etc.
You seem to want something conflicting - having a both unable to be read
(by some apps) and able to be read without any extra effort (by other
apps). That’s the root of the problem… you can’t define ‘other apps’
in a way that can’t be worked around with admin rights and a clever user.
If you drop the requirement to have unmodified applications like notepad
able to read the file it gets a lot simpler - your application can
identify itself as a legit. user to the driver in a secure way (PKI,
challenge/response, etc.) rather than having to do guesswork.
Tony
I’m sure someone will say this is a bad way, and there are bad sides t it.
But for your purpose it works.
On Wed, March 21, 2007 4:54 pm, ganesh pashupathi wrote:
Hi
Is making of the copy completely wrong? Kindly let me know.
Thanks a lot,
~ganesh
On Fri, 16 Mar 2007 ganesh pashupathi wrote :
>Hi,
>
>When the 3rd state application tried to open the file I was able to
> create a copy of the file and redirect the application to it. (Also I had
> opened the same file with notepad previously so that it is memory
> mapped).
>
>Is there any other thing that I need to take into account (apart from the
> very important issue that you pointed regarding the dll injection)?
>
>~ganesh
>
>
>On Thu, 08 Mar 2007 Tony Hoyle wrote :
> >ganesh pashupathi wrote:
> >>Hi Tony,
> >>
> >>Thanks a lot for your reply. This means a third party application
> trying to do something similar to DRM will not work at all (for admin
> users) unless I write my own editor or handle all decryption in an
> existing editor plug-in if it supports one.
> >
> >The microsoft DRM and encryption stuff works… being built into the OS
> it’s rather harder to work around, plus they’ve got a lot more
> experience writing this stuff. ref: EFS, bitlocker, etc.
> >
> >You seem to want something conflicting - having a both unable to be
> read (by some apps) and able to be read without any extra effort (by
> other apps). That’s the root of the problem… you can’t define ‘other
> apps’ in a way that can’t be worked around with admin rights and a
> clever user.
> >
> >If you drop the requirement to have unmodified applications like
> notepad able to read the file it gets a lot simpler - your application
> can identify itself as a legit. user to the driver in a secure way
> (PKI, challenge/response, etc.) rather than having to do guesswork.
> >
> >Tony
> >
> >
> >—
> >Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
> >
> >You are currently subscribed to ntfsd as:
> xxxxx@rediffmail.com
> >To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>—
>Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
>You are currently subscribed to ntfsd as: unknown lmsubst tag argument:
> ‘’
>To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
–
Alfa File System Filtering components. Security, monitoring and encryption.
I actually had nothing specific in mind then. But imagine you have
no right to create new files. or something similar…
ganesh pashupathi wrote:
Hi Dejan,
Many thanks for your reply.
Could you mention the bad sides to this approach? That would be really
helpful.
~ganesh
On Wed, 21 Mar 2007 Dejan Maksimovic wrote :
>I’m sure someone will say this is a bad way, and there are bad sides
t it.
>But for your purpose it works.
–
Kind regards, Dejan
http://www.alfasp.com
File system audit, security and encryption kits.