[ros-dev] Virtual Encrypted File System (VEFS)

[M Bealby]

From: Rick Langschultz <rlangschultz at cox.net>
Subject: [ros-dev] Virtual Encrypted File System (VEFS)
Date: Mon, 20 Feb 2006 00:16:35 -0600

> One way to make ReactOS a safer operating environment is to use a  
> virtual encrypted file system that would restrict the copying of  
> files to any usb, or network device via an encryption algorithm. So I  
> propose a VEFS that would restrict this. The VEFS would disallow the  
> passage of documents to any removable device unless the user has  
> permission to archive them, which would be the "a" attribute. The  
> VEFS would make use of two AES encryption algorithms which would  
> encrypt the file's contents. One being a key another a lock, however  
> the user must provide a password to unlock and decrypt the files.  
> This would allow the user to unlock the files, only if they have the  
> password. This would also allow users to secure their personal and  
> corporate data.

As pointed out by DRH, it's just another filesystem flag.  There isn't
actually any encryption process occuring in the method you described.
If the OS respects the flag then copying won't occur.  What you are
basically describing is a flag which disallows copying of a file.

If you do want to also encrypt the files, then it will not help in
this situation.  File system encryption only helps when the machine is
not running (technically, when the drive is not mounted).  When the
machine is running and the drive is visible then it provides no
advantages what-so-ever.

Personally, I don't think it's worth it.  If a user had read
permissions but not copy permissions it's would be very easy for them
to get around it.  They could copy and paste into another document,
perform a screen capture or even just print it.

While the idea behind the scheme is good, it's unworkable in reality.

Martin