Skip to main content

Bypassing information leakage protection with trusted applications

Blasco Alis, Jorge, Hernandez-Castro, Julio C., Tapiador, Juan E., Ribagorda, Arturo (2012) Bypassing information leakage protection with trusted applications. Computers and Security, 31 (4). pp. 557-568. ISSN 0167-4080. (doi:10.1016/j.cose.2012.01.008) (Access to this publication is currently restricted. You may be able to access a copy if URLs are provided) (KAR id:31937)

PDF Publisher pdf
Language: English

Restricted to Repository staff only
[thumbnail of Bypassing information leakage protection with trusted applications.pdf]
Official URL:
http://dx.doi.org/10.1016/j.cose.2012.01.008

Abstract

Insider threats are an increasing concern for most modern organizations. Information leakage is one of the most important insider threats, particularly according to its potential financial impact. Data Leakage Protection (DLP) systems have been developed to tackle this issue and they constitute the main solution to protect information systems against leaks. They work by tracking sensitive information flows and monitoring executed applications to ensure that sensitive information is not leaving the organization. However, current DLP systems do not fully consider that trusted applications represent a threat to sensitive information confidentiality. In this paper, we demonstrate how to use common trusted applications to evade current DLP systems. Thanks to its wide range, trusted applications such as Microsoft Excel can be transformed into standardized block ciphers. Information can thus be encrypted in such a way that current DLP techniques cannot detect that sensitive information is being leaked. This method could be used by non-skilled malicious insiders and leaves almost no traces. We have successfully tested our method against a well-known DLP solution from a commercial provider (TrendMicro LeakProof). Finally, we also analyze the proposed evasion technique from the malicious insider point of view and discuss some possible countermeasures to mitigate its use to steal information.

Item Type: Article
DOI/Identification number: 10.1016/j.cose.2012.01.008
Uncontrolled keywords: Data leakage; Evasion; Information leakage; Malicious insiders; Sensitive information; Trusted applications
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Julio Hernandez Castro
Date Deposited: 24 Oct 2012 12:29 UTC
Last Modified: 16 Nov 2021 10:09 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/31937 (The current URI for this page, for reference purposes)

University of Kent Author Information

Hernandez-Castro, Julio C..

Creator's ORCID: https://orcid.org/0000-0002-6432-5328
CReDIT Contributor Roles:
  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.