Partager via


File Systems and Data Store Security (Windows CE 5.0)

Send Feedback

The file system and data store for Microsoft® Windows® CE provides persistent storage for applications and their related data even when the main power supply is lost. However, there are potential security risks to consider when developing the file system and data store for your Windows CE-based device. Use the following best practices to enhance the security and reliability of the file system and data store.

Best Practices

Mark databases that contain a system database as a system database

If a database volume contains a database that is marked as a system database, mark the containing database volume as a system database. Do this by adding the CEDB_SYSTEMDB flag to the dwFlags parameter for CeCreateDatabaseEx (CEDB) or CeCreateDatabaseEx2 (CEDB).

Do not place critical system files on a storage device that can be accessed by a means other than the Windows CE OS

Critical system files include the registry hive and the root file system. For example, do not place critical system files on removable storage media or on storage media that is exposed using USB mass storage function.

Be cautious when exposing removable media

Because device enumeration is nondeterministic, be cautious when exposing removable media. This could lead to devices having incorrect names.

Verify that removable media controller drivers are loaded after non-removable media drivers

Because device enumeration is nondeterministic, verify that removable media controller drivers are loaded after non-removable media drivers.

Verify that the load order for your Windows CE-based device is fixed

Exposure of storage devices through USB mass storage function is dependent upon enumeration order. To ensure that you expose the proper storage device, verify that the load order for your Windows CE-based device is fixed.

Mark each DLL file in the Windows root direcroty as system

To prevent the malicious replacement of a DLL file in the Windows root directory, mark each DLL file in the Windows root directory as a system DLL.

Set the MountSystem registry flag value in the Storage Manager profile, as appropriate

If you want the entire contents of a volume to be inaccessable to untrusted applications, set the MountSystem registry flag value in the Storage Manager profile for that volume.

Verify that EvGen runs early enough in the file system load order

If the file system load order at boot time is configurable through a setting and that setting is configurable by an attacker, then an attacker can force EvGen to load later in the file system load order. Until EvGen initializes successfully, all other modules are implicitly loaded as trusted.

In addition to the best practices listed above, the following information is related to security and should be taken into consideration to enhance the security and reliability of the file system and data store:

  • The operating system (OS) protects files and directories that have the FILE_ATTRIBUTE_SYSTEM attribute from being manipulated by an untrusted application. This prevents an untrusted application from executing the following APIs on a system file:

    In addition, an untrusted application cannot replace a system file in the RAM file system or in ROM with a file of the same name.

    An untrusted application also cannot set the FILE_ATTRIBUTE_SYSTEM attribute on a file or directory.

For more information about Windows CE security services, see Enhancing the Security of a Device.

See Also

File Systems and Data Store

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.