A User Controlled Approach for Securing Sensitive Information in Directory Services

Enterprise directory services are commonly used in enterprise systems to store object information relating to employees, computers, contacts, etc. These stores can act as information providers or sources for authentication and access control de- cisions, and could potentially contain sensitive information. An insider attack, partic- ularly if carried out using administrative privileges, could compromise large amounts of directory information. We present two solutions for protecting directory services information from insider attacks. The first is a centralized approach utilizing a cus- tomized virtual directory server. The second is a distributed approach using existing key management infrastructure and a new component called a Personal Virtual Direc- tory Service. We explain how these solutions interact with existing directory services and client applications. We also show how impact to existing users, client applications, and directory services are minimized, and how we prevent insider attacks from revealing protected data. We compare and contrast both solutions, including potential tradeoffs, administrative overhead, and enterprise systems impact. Additionally, our solution is supported by implementation results showing the impact to client performance and directory storage capacity.

[1]  Dawn M. Cappelli,et al.  Insider Threat Study: Illicit Cyber Activity in the Government Sector , 2008 .

[2]  Markus Jakobsson,et al.  Modeling and Preventing Phishing Attacks , 2005, Financial Cryptography.

[3]  Keven G. Ruby,et al.  The Insider Threat to Information Systems , 2022 .

[4]  Dongwan Shin,et al.  Towards Privacy in Enterprise Directory Services: A User-Centric Approach to Attribute Management , 2007, 2007 41st Annual IEEE International Carnahan Conference on Security Technology.

[5]  David Chadwick Threat Modelling for Active Directory , 2004, Communications and Multimedia Security.

[6]  Arturo Fernández Fedora Directory Server , 2007 .

[7]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[8]  William R. Claycomb,et al.  Threat modeling for virtual directory services , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.