You can edit almost every page by Creating an account and confirming your email.

BEST Platform

From EverybodyWiki Bios & Wiki



BEST
Original author(s)Eugene Balabanov
Developer(s)SmartTec LLC
Engine
    TypeSecurity software
    Websitewww.smart-tm.ru

    Search BEST Platform on Amazon.

    Balabanov Eugene’s Security Toolkit is aimed to simplify development of security-related software such as system monitors, antiviral software or file management software. The kit consists of a kernel mode driver, a proxy DLL and a user mode service. The service is able to load plugins which are to implement desired business logic. BEST platform is functionally divided into following components:

    File System Monitor

    This component intercepts the following file system operations: CREATE/OPEN of a file, LOADing and UNLOADing of executable modules, DELETion of files and directories, CLOSing of files, and enumerating of directories contents. FSSDK user is able to monitor, allow or deny all of mentioned operations. It is also possible to redirect OPEN/CREATE requests to any subdirectory in order to implement sand box functionality.

    Registry Monitor

    This component intercepts almost all registry related operations such as opening, creating and deleting a key or value. It is also possible to redirect registry operations to a given subkey, thus, implementing a sandbox in a similar to file system monitor way.

    Process Monitor

    This component monitors creation and termination of processes in the system. It is possible to monitor loading and unloading of processes, however, there is no way to prevent a process from loading using this component. User should use File System Monitor for preventing modules from being loaded.

    Generic API intercepting engine

    This component works in conjunction with Process Monitor and enables any plugin to register its own system-wide interceptors of user-mode API functions. Due to Patch Guard introduction in 64 bit versions of Windows, it is no longer possible to intercept a big majority of system services directly in kernel, so this mechanism is designed to achieve this goal. Nevertheless the intercepting DLL is a user-mode module, it is to be forcibly injected into appropriate processes’ address space from kernel on behalf of BEST platform. This mechanism is available through IFileSystemService interface, via CallService method. However, this interface is reserved for use by SmartTech only and isn’t covered by this documentation.

    See also


    This article "BEST Platform" is from Wikipedia. The list of its authors can be seen in its historical. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.