中文摘要：

研究了文件保护的加解密技术。针对文件采用过滤驱动模型进行加解密导致文件标识不统一与内存明文泄露风险增加等安全问题，设计了一种hook机制和过滤驱动方法相结合的加解密模型。该模型采用过滤驱动方法对文件进行加解密，同时引入hook机制对内存中文件操作行为进行捕获，使得加解密前后的文件具有相同标识，在保证用户原有文件操作习惯的同时，实现了文件内存明文恢复风险的降低。理论分析和试验结果表明，该模型在三种加密模式下，可以针对不同文件进行快速加解密，同时较过滤驱动加解密模型，其恢复风险下降3％以上。

英文摘要：

The encryption and decryption for file protection were studied. To solve the problems of un-unified file identifi- cation and increasement of memory＇ s file leakage risk in information security caused by the file＇ s use of a filter driver model to perform encryption and decryption, a new encryption and decryption model combining the hook mechanism and the filtering driver model was designed. The model uses the filter driver model to encrypt the file, and at the same time, the hook mechanism is introduced to capture the file operation behavior in memory to make the file has the same identity around the encryption and decryption. Thus under the circum stances of keeping the original operating habits of the file, a reduction on the risk of the file＇ s recovery is achieved. The theoretical analysis and experiments demonstrate that the model proposed in the study can be used to fast encrypt and decrypt different files under three encryption modes, and its disintegration rate can be decreased Over 3 per cent compared with the filter driver model.