Over-the-top Advanced File Protection

Abstract

Operating systems traditionally provide per-user file access control. This is indeed very useful is some settings, such as the cloud, but is rather inadequate to protect personal computers from modern threats such as ransomware. Inadequacies for modern threats are related to the fact that issues arises when malware, such as ransomware, infiltrates a personal computer and typically runs under the permissions of the user who accidentally launched it. It can access, modify or encrypt all of the user’s file. This makes traditional per-user protection ineffective against certain types of malware that exploit user privileges. Indeed, in such a context, files would be safer if per-application isolation was in place.

Given the scale of the work to be done and the high relevance for personal computers, only one operating system was chosen by the author and the implementation as well as the theoretical knowledge are based solely on Windows operating system. Moreover, this master thesis aims to follow three important principles : investigation, design and implementation. For that purpose, the structure of the thesis intends to stick to specific objectives aligned with theses principles such as defining the threat model, studying existing solutions to similar problems, designing per-application protection, creating a proof-of-concept and an enhanced version defined as a kind of minimal viable product and evaluating it in the domain of application with a use case.

To achieve these objectives, a deep understanding of certain Windows concepts is needed and therefore the author conducted research and synthesis work made available in annexes as well as analysis and testing environment defined in appendices to reproduce and independently develop kernel-mode Windows drivers. Indeed, the thesis presents a solution that consists of a kernel-mode minifilter plus a user-mode service acting as policy decision engine. This design can protect against unauthorized file access and secure personal data.

However, the solution presented still exhibits some limitations and better security enhancements could be researched for future improvements.