Y. Zhang, R.J. Enbody, and J.R. Lloyd (USA)
Data Breach, Insider, Application Misuse, Access Control, Remote Attestation, Configurable GUI
Sensitive data about customers, finances or intellectual property are often the most important assets of enterprises. The majority of information leakage (84%) is caused by insiders, and 95 percent of data loss is caused by uninten tional application misuse. Restricted file access control and strong user account management do not provide enough fine-grained authoriza tion to protect against insiders misusing legitimate applica tions. Monitoring network traffic can catch misuses, but it suffers from false positives and the inability to detect new patterns of sensitive data use. Trusted Computing is a new technology which creates a trustworthy system for local owners (using TPM and secure booting) and for re mote users (using Remote Attestation). However, it also has drawbacks, such as software upgrading, and locking a user to certain operating systems and applications. Our framework builds on top of the current infrastruc ture, and takes advantage of the reality that all systems in an enterprise can be highly controlled by the IT administra tors. The framework employs strong user profiling and iso lation to protect against malware and uses sensitive-data configurable applications to proactively protect against un intentional misuses.
Important Links:
Go Back
