|
OSR's
Development Toolkits
|
|
Data Modification Kit (DMK)
Products that encrypt, compress, or otherwise modify file-based data require some of the most complex
kernel software developed for Windows. Even for seasoned kernel-mode programmers, the complexity of
delivering per-file data modification solutions on Windows is significant. For a development team
that is not fortunate enough to include multiple Windows file system and internals experts, the task
of actually getting such a product to work can be daunting.
OSR has years of experience working with clients and other members of the development community to
deliver such solutions. Now, OSR is going a step further with the introduction of our Data Modification
Kit (DMK) . Read on, to find out how the OSR DMK can facilitate the development of per-file data modification
solutions for Windows that encompass a broad range of features while maintaining correctness, flexibility,
and ease of use.
The Challenge
A common use for a Windows file system filter driver is to extend the base OS to provide support for
encryption, compression, or other custom modifications on a per-file basis. We call this "per-file
data modification." Often, supporting per-file data modification requires changing the size and
format of the data as well as storing additional meta-data with the file. Unfortunately, implementing
this level of functionality on Windows is a task riddled with numerous difficulties. Some of the most
common difficulties are:
- Support for executable images - Because the executable image is memory mapped, file system filter
drivers are bypassed when they interact with the Windows Virtual Memory system regarding the size of the
file-backed section. This can lead to incorrect behavior of the application.
- Support for memory mapped data files - Any application that uses the Windows file mapping APIs
can cause problems. Such applications are common, including Microsoft Word (2003) and Notepad.
- Support for arbitrary data modification - To simplify the task, existing solutions typically
restrict their meta-data additions to affixing a header or trailer to the data. This does not
provide them with the ability to perform arbitrary data modifications (such as compression, for
example).
- Support for all standard Windows file systems - Each Windows file system comes with
its own set of idiosyncratic behaviors that must be accommodated. And of course, this results in
an increased testing burden because each unique scenario has to be scripted, tested, and have its
results validated.
- A changing file system filter model - With Microsoft slowly moving to a newer filter model,
most development teams are now faced with the task of having to support the older legacy platforms
and yet coexist and work well with the new platforms of the future
- Subtle, yet crucial, differences among Windows versions - Each version of Windows has introduced
changes that affect Windows file systems. Just discovering these changes can be difficult enough;
properly accommodating them in a product can be maddening.
There are a number of partial solutions to these issues. However, such solutions can compromise
the capabilities of the product and still involve considerable specialized development.
The Solution
The OSR Data Modification Kit (DMK) addresses these complex issues by providing a comprehensive
solution for supporting per-file data modification on Windows.
The DMK's primary value is that it provides a ready-made infrastructure that properly deals with
Windows' complexities. As a result, regardless of the specifics of your data modification, you
need only provide the actual routines that perform the data modification. This simplifies the
development process, increases reliability, and decreases the time required to deliver your
product to market. Additionally, because the DMK includes source code, it is suitable for use
even in highly sensitive projects - everything is available for your inspection, modification,
and customization.
Features
The following key features are supported by OSR's DMK:
- Customizable data modification algorithms. You decide the minimum block size for
your algorithm. The DMK calls your data modification function, providing the data requiring
modification. In response, your data modification function returns an optional header block
plus the transformed data block. Note that the transformed data block need not be the same
size as the input data block- you can make it smaller or larger.
Benefit - Complete flexibility in choice of algorithm for your solution, regardless of minimum
block size.
- Support for multiple, sequential, transformations. Because the OSR DMK allows the output
data returned by your library to be any size relative to the input data, you can easily implement
multiple transformations.
Benefit - Implement compression and encryption in your solution (for example), gaining both
disk space and performance, and giving your product another advantage for your customer.
- Support for all file systems. The OSR DMK supports FAT, NTFS, network redirectors, and
other Windows file systems.
Benefit - Flexibility in developing local or remote transformation solutions with support
for any underlying Windows file system.
- Support for Windows versions from Windows 2000. The OSR DMK does the work necessary to
ensure proper support of Windows versions starting with Windows 2000 SP 4.
Benefit - Your product works across all common Windows client and server releases, with no
source-code changes to your data transformation library.
- Data safety. Even if the data modification toolkit is removed from a system that
contains transformed files, each transformed file appears as a single file to the base file
system, so it can be safely backed up, copied to removable storage, and later re-transformed
if required.
Benefit - Data integrity, including added meta-data, is maintained.
- Case-by-case file access control. Each time the file is opened, the DMK calls an
authorization function that you provide, to perform custom access checks (if desired) and
indicate whether file data should be transformed as it is accessed. Alternatively, your
transformation library can indicate to the DMK that for a given open file instance the data
should be provided as is - without performing any transformation. If your data modification
driver is present on both a server and client system, you can (if you wish) shift the work
required to transform (or reverse transform) to the client system, distributing workload,
potentially decreasing network overhead (e.g., compressed data) and increasing security
(e.g., encrypted data).
Benefit - Implement your own access control scheme to augment the existing Windows
implementation as well as control which version of the data will be seen by individual
callers.
- Policy Change. The DMK allows you to change the specific data modification
policy for a given file in a reliable and transparent fashion. Thus, the handling of
existing files can be changed simply by indicating to the DMK that this should be done.
Benefit - Provides tremendous flexibility in reconfiguring the product dynamically
based upon policy changes.
Architecture
For the DMK Architecture Diagram click here.
This diagram graphically shows the high level components that comprise a solution using the OSR
Data Modification Kit. While OSR provides the DMK to handle the "nitty gritty" details, you add
unique value by providing a "data transformation library" (this is the component that provides
compression, encryption or other data modification services) and optionally an auxiliary service
that works cooperatively with your data transformation library.
The benefit of this architecture is that it provides you a broad range of options for
implementing your product. You can choose to provide a straight-forward, kernel-only
data transformation library, or a mixed user/kernel implementation providing flexibility
and ease of implementation.
Additional Benefits
Using the DMK provides a number of business advantages as well:
- Time to Market. Because you no longer need to have your team learn the esoteric details of
Windows file system filter drivers, you can have them focus on the value-add provided by your
application.
- Quality. The OSR team has been developing Windows file system filter drivers for over ten
years. This is our core competency. Be assured that this is no hollow claim: We've developed the
core code behind the most comprehensive, successful, products in the industry.
- World-class support. When your team has problems or questions, your developers interact
with our developers. We enjoy success when our clients enjoy success - so we're here to support your
development efforts every step of the way.
- Broadest feature set. The OSR team has made it possible to provide the best possible set
of features. By using the DMK, you can support the broadest range of features within your product -
giving your product all the advantages of a solid toolkit plus the unique features only your team can
provide.
Applications
The DMK is ideally suited for two specific types of data modification:
- Encryption. The DMK allows your product to decide if a particular user may access a given
file's data; your product also can control whether the user sees the clear or encrypted version of
the data. If your product is not installed, the file remains a single intact unit, but the stored
data is still in its encrypted form.
- Data Compression. The DMK allows arbitrary resizing of the data, allowing your product to
trivially incorporate data compression. Further, the DMK provides the infrastructure necessary for
handling the issues that can arise with data compression.
O/S Support
The DMK provides support for all current versions of Windows:
- Windows 2000 SP4 URP and beyond
- Windows XP, all service packs
- Windows Server 2003
- Windows Vista (on release)
Availability
The OSR Data Modification Kit (DMK)V1.0 was formally released in November 2006.
Contact OSR if you
have further interest in OSR's DMK.
|
|
