Visible to the public Secure File Systems for the Development of a Data Leak Protection (DLP) Tool Against Internal Threats

Submitted by grigby1 on Fri, 12/23/2022 - 10:54am
TitleSecure File Systems for the Development of a Data Leak Protection (DLP) Tool Against Internal Threats
Publication TypeConference Paper
Year of Publication2022
AuthorsMontano, Isabel Herrera, de La Torre Díez, Isabel, Aranda, Jose Javier García, Diaz, Juan Ramos, Cardín, Sergio Molina, López, Juan José Guerrero
Conference Name2022 17th Iberian Conference on Information Systems and Technologies (CISTI)
Date Publishedjun
Keywordscomposability, Data Leak Protection, DLP, Dokan, Encryption, File systems, Metrics, Minifilters, Operating systems, Programming, Prototypes, pubcrawl, Radio frequency, Resiliency, Server Message Block, Servers, Windows Operating System Security, WinFsp
AbstractData leakage by employees is a matter of concern for companies and organizations today. Previous studies have shown that existing Data Leakage Protection (DLP) systems on the market, the more secure they are, the more intrusive and tedious they are to work with. This paper proposes and assesses the implementation of four technologies that enable the development of secure file systems for insider threat-focused, low-intrusive and user-transparent DLP tools. Two of these technologies are configurable features of the Windows operating system (Minifilters and Server Message Block), the other two are virtual file systems (VFS) Dokan and WinFsp, which mirror the real file system (RFS) allowing it to incorporate security techniques. In the assessment of the technologies, it was found that the implementation of VFS was very efficient and simple. WinFsp and Dokan presented a performance of 51% and 20% respectively, with respect to the performance of the operations in the RFS. This result may seem relatively low, but it should be taken into account that the calculation includes read and write encryption and decryption operations as appropriate for each prototype. Server Message Block (SMB) presented a low performance (3%) so it is not considered viable for a solution like this, while Minifilters present the best performance but require high programming knowledge for its evolution. The prototype presented in this paper and its strategy provides an acceptable level of comfort for the user, and a high level of security.
NotesISSN: 2166-0727
DOI10.23919/CISTI54924.2022.9820170
Citation Keymontano_secure_2022
Groups: