Visible to the public Biblio

Filters: Keyword is DLP  [Clear All Filters]
2022-12-23
Montano, Isabel Herrera, de La Torre Díez, Isabel, Aranda, Jose Javier García, Diaz, Juan Ramos, Cardín, Sergio Molina, López, Juan José Guerrero.  2022.  Secure File Systems for the Development of a Data Leak Protection (DLP) Tool Against Internal Threats. 2022 17th Iberian Conference on Information Systems and Technologies (CISTI). :1–7.
Data leakage by employees is a matter of concern for companies and organizations today. Previous studies have shown that existing Data Leakage Protection (DLP) systems on the market, the more secure they are, the more intrusive and tedious they are to work with. This paper proposes and assesses the implementation of four technologies that enable the development of secure file systems for insider threat-focused, low-intrusive and user-transparent DLP tools. Two of these technologies are configurable features of the Windows operating system (Minifilters and Server Message Block), the other two are virtual file systems (VFS) Dokan and WinFsp, which mirror the real file system (RFS) allowing it to incorporate security techniques. In the assessment of the technologies, it was found that the implementation of VFS was very efficient and simple. WinFsp and Dokan presented a performance of 51% and 20% respectively, with respect to the performance of the operations in the RFS. This result may seem relatively low, but it should be taken into account that the calculation includes read and write encryption and decryption operations as appropriate for each prototype. Server Message Block (SMB) presented a low performance (3%) so it is not considered viable for a solution like this, while Minifilters present the best performance but require high programming knowledge for its evolution. The prototype presented in this paper and its strategy provides an acceptable level of comfort for the user, and a high level of security.
ISSN: 2166-0727
2018-11-28
Kongsg$\backslash$a ard, Kyrre W., Nordbotten, Nils A., Mancini, Federico, Engelstad, Paal E..  2017.  An Internal/Insider Threat Score for Data Loss Prevention and Detection. Proceedings of the 3rd ACM on International Workshop on Security And Privacy Analytics. :11–16.

During the recent years there has been an increased focus on preventing and detecting insider attacks and data thefts. A promising approach has been the construction of data loss prevention systems (DLP) that scan outgoing traffic for sensitive data. However, these automated systems are plagued with a high false positive rate. In this paper we introduce the concept of a meta-score that uses the aggregated output from DLP systems to detect and flag behavior indicative of data leakage. The proposed internal/insider threat score is built on the idea of detecting discrepancies between the userassigned sensitivity level and the sensitivity level inferred by the DLP system, and captures the likelihood that a given entity is leaking data. The practical usefulness of the proposed score is demonstrated on the task of identifying likely internal threats.