Question

I am trying to construct a way to keep certain hard drive partitions/usb drives from being accessed for security reasons (protecting intellectual property). I was thinking that when windows attempts to access the "locked down drive/usb" the attempted is halted and returns something like "drive inaccessible" or something. It's just an idea, anyone thing it is plausible/possible? If so, any pointers?

C/C++

-Thanks

Was it helpful?

Solution

You will need to write a filter driver to achieve your goal. You will need to put your driver somewhere in disk driver stack and fail the IRP_MN_START_DEVICE for the drive/partition you want to block.

You will need Windows Driver Kit to write drivers. There is a sample of filter driver in the WDK. This mailing list as a very useful and if you will search the archives you will find a lot of information about disk filter drivers.
A good article about writing filter drivers is here, i think you will need to register to read, but if you want to write driver you should be registered on this site.
Relevant book list can be found here.

OTHER TIPS

The partitions problem is easy. Just use ACL's to prevent access by certain users.

For drive access, there is probably some setting somewhere in windows to disable it. In the worse case you could try to forcibly remove the drivers (and as such the capability of windows to read the drive/stick)

For USB drives you could encrypt them.

At work we use Pointsec provider, which allows you to access the drive on any machine only if you have a password.

I'm sure there are freeware encryption products available

You could probably encrypt the partitions too.

(basically I'm not sure why you would want to write some c/c++ code for something that could be adequately managed by other methods)

You need to encrypt the drives, anything else would allow attackers to just attach the drive to another machine and extract the contents.

You shouldn't implement encryption yourself - it's much better to rely on someone else's reviewed code. I suggest TrueCrypt for encrypting your drives.

Then maybe you want to put a hook in your application to prompt for the password when it wants to access the encrypted data. Or you install TrueCrypt on the machine, and make the user connect the drive when they want to access the data, depending on the precise way of working with the data.

Be aware. Anything involving kernel work, if you are not already experienced in that field, has a development time measured in years.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top