20 Feb
2006
20 Feb
'06
6:16 a.m.
Through an intriguing article on Slashdot I have read that ipods are
now being used for things other than audio. They are being used to
obtain data from a computer, and computer network obtaining business
documents and such in seconds.
One way to make ReactOS a safer operating environment is to use a
virtual encrypted file system that would restrict the copying of
files to any usb, or network device via an encryption algorithm. So I
propose a VEFS that would restrict this. The VEFS would disallow the
passage of documents to any removable device unless the user has
permission to archive them, which would be the "a" attribute. The
VEFS would make use of two AES encryption algorithms which would
encrypt the file's contents. One being a key another a lock, however
the user must provide a password to unlock and decrypt the files.
This would allow the user to unlock the files, only if they have the
password. This would also allow users to secure their personal and
corporate data.
Any ideas?
20 Feb
20 Feb
8:36 a.m.
On Monday 20 February 2006 01:16, Rick Langschultz wrote:
Through an intriguing article on Slashdot I have read
that ipods are
now being used for things other than audio. They are being used to
obtain data from a computer, and computer network obtaining business
documents and such in seconds.
One way to make ReactOS a safer operating environment is to use a
virtual encrypted file system that would restrict the copying of
files to any usb, or network device via an encryption algorithm. So I
propose a VEFS that would restrict this. The VEFS would disallow the
passage of documents to any removable device unless the user has
permission to archive them, which would be the "a" attribute. The
VEFS would make use of two AES encryption algorithms which would
encrypt the file's contents. One being a key another a lock, however
the user must provide a password to unlock and decrypt the files.
This would allow the user to unlock the files, only if they have the
password. This would also allow users to secure their personal and
corporate data.
Any ideas?
At this point there could always be another filesystem flag. From recent
traffic I think that ReactOS might wind up with something other than FAT or
NTFS as a base filesystem. Whether it winds up with something like Ext3+Posix
ACL's or a custom brewed filesystem is up to whoever is doing that work, but
one could have an ACL on files for that permission or, in the case of the
custom brewed filesystem, an actual permission in the filesystem.
Truly, though, I'd suggest ReactOS try to implement an NTFS driver, since NTFS
already has the capability (as of the Win2000 version) to seemlessly compress
or encrypt single files, directories or entire drives.
DRH
9:04 a.m.
From: Rick Langschultz <rlangschultz(a)cox.net>
Subject: [ros-dev] Virtual Encrypted File System (VEFS)
Date: Mon, 20 Feb 2006 00:16:35 -0600
One way to make ReactOS a safer operating environment
is to use a
virtual encrypted file system that would restrict the copying of
files to any usb, or network device via an encryption algorithm. So I
propose a VEFS that would restrict this. The VEFS would disallow the
passage of documents to any removable device unless the user has
permission to archive them, which would be the "a" attribute. The
VEFS would make use of two AES encryption algorithms which would
encrypt the file's contents. One being a key another a lock, however
the user must provide a password to unlock and decrypt the files.
This would allow the user to unlock the files, only if they have the
password. This would also allow users to secure their personal and
corporate data.
As pointed out by DRH, it's just another filesystem flag. There isn't
actually any encryption process occuring in the method you described.
If the OS respects the flag then copying won't occur. What you are
basically describing is a flag which disallows copying of a file.
If you do want to also encrypt the files, then it will not help in
this situation. File system encryption only helps when the machine is
not running (technically, when the drive is not mounted). When the
machine is running and the drive is visible then it provides no
advantages what-so-ever.
Personally, I don't think it's worth it. If a user had read
permissions but not copy permissions it's would be very easy for them
to get around it. They could copy and paste into another document,
perform a screen capture or even just print it.
While the idea behind the scheme is good, it's unworkable in reality.
Martin
6786
days inactive
6786
days old
2 comments
3 participants
participants (3)
-
D. Hazelton -
M Bealby -
Rick Langschultz