Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Inside Microsoft Windows 2000
Applications of a feather-weight virtual machine
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Sharing but Protecting Content Against Internal Leakage for Organisations
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
An architecture providing virtualization-based protection mechanisms against insider attacks
WISA'07 Proceedings of the 8th international conference on Information security applications
Improvement on TCG attestation and its implication for DRM
ICCSA'07 Proceedings of the 2007 international conference on Computational science and its applications - Volume Part I
Design and implementation of document access control model based on role and security policy
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Detecting data theft using stochastic forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Insider attack is one of the most serious cybersecurity threats to corporate America. Among all insider threats, information theft is considered the most damaging in terms of potential financial loss. Moreover, it is also especially difficult to detect and prevent, because in many cases the attacker has the proper authority to access the stolen information. According to the 2003 CSI/FBI Computer Crime and Security Survey, theft of proprietary information was the single largest category of losses in the 2003 survey totaling $70.1 million or 35% of the total financial loss reported in that survey. In this paper, we describe the design, implementation and evaluation of an industrial-strength solution called Display-Only File Server (DOFS), which can transparently and effectively stop information theft by insiders in most cases, even if the insiders have proper authorities to read/write the protected information. The DOFS architecture ensures that bits of a protected file never leave a DOFS server after the file is checked in and users can still interact with the protected files in the same way as if it is stored locally. Essentially, DOFS decouples "display access" from other types of accesses to a protected file by providing users only the "display image" rather than the bits of the files, and applies the thin-client computing model on existing client-server applications.