Bypassing information leakage protection with trusted applications

Blasco Alis, Jorge and Hernandez-Castro, Julio C. and Tapiador, Juan E. and Ribagorda, Arturo (2012) Bypassing information leakage protection with trusted applications. Computers & Security, 31 (4). pp. 557-568. ISSN 0167-4048. (Access to this publication is restricted)

PDF - Published Version
Restricted to Repository staff only
Contact us about this Publication Download (1MB)
[img]
Official URL
http://dx.doi.org/10.1016/j.cose.2012.01.008

Abstract

Insider threats are an increasing concern for most modern organizations. Information leakage is one of the most important insider threats, particularly according to its potential financial impact. Data Leakage Protection (DLP) systems have been developed to tackle this issue and they constitute the main solution to protect information systems against leaks. They work by tracking sensitive information flows and monitoring executed applications to ensure that sensitive information is not leaving the organization. However, current DLP systems do not fully consider that trusted applications represent a threat to sensitive information confidentiality. In this paper, we demonstrate how to use common trusted applications to evade current DLP systems. Thanks to its wide range, trusted applications such as Microsoft Excel can be transformed into standardized block ciphers. Information can thus be encrypted in such a way that current DLP techniques cannot detect that sensitive information is being leaked. This method could be used by non-skilled malicious insiders and leaves almost no traces. We have successfully tested our method against a well-known DLP solution from a commercial provider (TrendMicro LeakProof). Finally, we also analyze the proposed evasion technique from the malicious insider point of view and discuss some possible countermeasures to mitigate its use to steal information.

Item Type: Article
Uncontrolled keywords: Data leakage; Evasion; Information leakage; Malicious insiders; Sensitive information; Trusted applications
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Julio Hernandez-Castro
Date Deposited: 24 Oct 2012 12:29
Last Modified: 18 Mar 2013 16:02
Resource URI: http://kar.kent.ac.uk/id/eprint/31937 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year