论文信息 - An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information

An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information

Enterprise directory services are commonly used in enterprise systems to store object information relating to employees, computers, contacts, etc. These stores can act as information providers or sources for authentication and access control decisions, and could potentially contain sensitive information. An insider attack, particularly if carried out using administrative privileges, could compromise large amounts of directory information. We present a solution for protecting directory services information from insider attacks using existing key management infrastructure and a new component called a Personal Virtual Directory Service. We show how impact to existing users, client applications, and directory services are minimized, and how we prevent insider attacks from revealing protected data. Additionally, our solution is supported by implementation results showing the impact to client performance and directory storage capacity.

William R. Claycomb | Dongwan Shin

[1] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[2] William R. Claycomb,et al. Protecting Sensitive Information in Directory Services Using Virtual Directories , 2008, CollaborateCom.

[3] Dawn M. Cappelli,et al. Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[4] Dawn M. Cappelli,et al. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[5] Dongwan Shin,et al. Towards Privacy in Enterprise Directory Services: A User-Centric Approach to Attribute Management , 2007, 2007 41st Annual IEEE International Carnahan Conference on Security Technology.

[6] Markus Jakobsson,et al. Modeling and Preventing Phishing Attacks , 2005, Financial Cryptography.