Towards Reducing the Data Exfiltration Surface for the Insider Threat

Unauthorized data exfiltrations from both insiders and outsiders are costly and damaging. Network communication resources can be used for transporting data illicitly out of the enterprise or cloud. Combined with built-in malware copying utilities, we define this set of tools as comprising the Data Exfiltration Surface (DXS). For securing valuable data, it is desirable to reduce the DXS and maintain controls on the egress points. Our approach is to host the data in a protected enclave that includes novel Software Data Diode (SDD) installed on a secured, border gateway. The SDD allows copying data into the enclave systems but denies data from being copied out. Simultaneously, it permits remote access with remote desktop and console applications. Our tests demonstrate that we are able to effectively reduce the DXS and we are able to protect data from being exfiltrated through the use of the SDD.

[1]  Lior Rokach,et al.  Data Leakage Detection/Prevention Solutions , 2012 .

[2]  Gabriel Ghinita,et al.  The optimization of situational awareness for insider threat detection , 2011, CODASPY '11.

[3]  Manuel Oriol,et al.  Security risks and their management in cloud computing , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[4]  Vincent H. Berk,et al.  Data exfiltration and covert channels , 2006, SPIE Defense + Commercial Sensing.

[5]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[6]  Ajay Shankar Bidyarthy,et al.  Behavior model for detecting data exfiltration in network environment , 2011, 2011 IEEE 5th International Conference on Internet Multimedia Systems Architecture and Application.

[7]  Gilbert Peterson,et al.  Insider Threat Detection Using Virtual Machine Introspection , 2013, 2013 46th Hawaii International Conference on System Sciences.

[8]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[9]  Kenton Born Browser-Based Covert Data Exfiltration , 2010, ArXiv.

[10]  N. R. Suresh,et al.  An integrated data exfiltration monitoring tool for a large organization with highly confidential data source , 2012, 2012 4th Computer Science and Electronic Engineering Conference (CEEC).

[11]  Marianne M. Swanson,et al.  Standards for Security Categorization of Federal Information and Information Systems , 2004 .

[12]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[13]  George Lawton,et al.  New Technology Prevents Data Leakage , 2008, Computer.

[14]  Robert K. Abercrombie,et al.  A Computing Environment to Support Repeatable Scientific Big Data Experimentation of World-Wide Scientific Literature , 2015, ISSI.

[15]  Biswanath Mukherjee,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2008, 2009 42nd Hawaii International Conference on System Sciences.