TY - GEN
T1 - Efficient DLP-visor
T2 - 21st IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing, CCGrid 2021
AU - Kiperberg, Michael
AU - Amit, Guy
AU - Yeshooroon, Amir
AU - Zaidenberg, Nezer J.
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021/5
Y1 - 2021/5
N2 - Many organization consider insider threat for data theft to be one of the most severe threats. An insider may also leak sensitive information without malicious intent (as a result of social engineering) Data leakage prevention (DLP) systems attempt to prevent intentional or accidental disclosure of sensitive information by monitoring the content or the context in which the information is transferred, for example, in a file system, an email server, instant messengers. We present a context-sensitive DLP system, called Efficient DLP-Visor. We implemented DLP-visor as a thin hypervisor capable of intercepting system calls in Windows operating systems equipped with Kernel Patch Protection. By intercepting system calls that govern the file system, inter-process communications, networking, system register and system clipboard, DLP-Visor guarantees that sensitive information can never leave a predefined set of directories. The performance overhead of Efficient DLP-Visor (7.2%) allows its deployment in real-world applications. Efficient DLP-visor logs were improved for better detection and logging of a DLP event. On idle time Efficient DLP-visor deletes most of the data log while maintaining the important data of leaks and attack.
AB - Many organization consider insider threat for data theft to be one of the most severe threats. An insider may also leak sensitive information without malicious intent (as a result of social engineering) Data leakage prevention (DLP) systems attempt to prevent intentional or accidental disclosure of sensitive information by monitoring the content or the context in which the information is transferred, for example, in a file system, an email server, instant messengers. We present a context-sensitive DLP system, called Efficient DLP-Visor. We implemented DLP-visor as a thin hypervisor capable of intercepting system calls in Windows operating systems equipped with Kernel Patch Protection. By intercepting system calls that govern the file system, inter-process communications, networking, system register and system clipboard, DLP-Visor guarantees that sensitive information can never leave a predefined set of directories. The performance overhead of Efficient DLP-Visor (7.2%) allows its deployment in real-world applications. Efficient DLP-visor logs were improved for better detection and logging of a DLP event. On idle time Efficient DLP-visor deletes most of the data log while maintaining the important data of leaks and attack.
UR - http://www.scopus.com/inward/record.url?scp=85114887290&partnerID=8YFLogxK
U2 - 10.1109/CCGrid51090.2021.00044
DO - 10.1109/CCGrid51090.2021.00044
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85114887290
T3 - Proceedings - 21st IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing, CCGrid 2021
SP - 344
EP - 355
BT - Proceedings - 21st IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing, CCGrid 2021
A2 - Lefevre, Laurent
A2 - Patterson, Stacy
A2 - Lee, Young Choon
A2 - Shen, Haiying
A2 - Ilager, Shashikant
A2 - Goudarzi, Mohammad
A2 - Toosi, Adel N.
A2 - Buyya, Rajkumar
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 10 May 2021 through 13 May 2021
ER -