Skip to main content
SpringerLink
Log in

A Discretionary Access Control Method for Preventing Data Exfiltration (DE) via Removable Devices

  • Conference paper
Digital Forensics and Cyber Crime (ICDF2C 2009)

Included in the following conference series:

Abstract

One of the major challenges facing the security community today is how to prevent DE. DE is the unauthorized release of information from a computer system or network of systems. Current methods attempt to address this issue by controlling the information that is released over the Internet. In this paper, we present a host-level discretionary access control method that focuses on exfiltration via removable devices (e.g. thumb drives or external hard drives). Using XML to store extended file attributes, we classify files based on user-defined distribution levels and the community of interest to which they belong. Files are classified with a distribution statement upon creation and re-classified (if necessary) when modified. By monitoring the access to all classified files present on a file system, we allow or prevent release of this information based on predefined policies. With this approach, we show that the unauthorized release of information can be prevented by using a system of accounting that is tied to access control policies. Users are given the authority to transfer files to a removable device according to their current access rights. As a proof of concept, our method demonstrates the value of using accounting as a means of preventing data loss or theft. Our approach can be applied to a variety of data types found on a file system including: executables, archived files, images, and even audio or video files.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. OSF DataLossDB | Data Loss News, Statistics, and Research. Open Security Foundation (January 2, 2009), www.datalossdb.org

  2. Richard, Clayton. Stopping Spam by Extrusion Detection. CEAS (July 30, 2004). Conference on Email and Anti-Spam (January 2, 2009), http://www.ceas.cc/papers-2004/172.pdf

  3. Annarita, V.H. (Giani/Dartmouth College), Cybenko, G.V.(Berk/Dartmouth College): Data exfiltration and covert channels. SPIE Infrastructure Protection and Cyber Security I 6201 (2006) 620103. SPIE (May 10, 2006). SPIE (January 2, 2009), http://www.spie.org

  4. Dubrawsky, I.: "Firewall Evolution - Deep Packet Inspection." SecurityFocus (July 29, 2003) (March 16, 2009), http://www.securityfocus.com/infocus/1716

  5. Schear/University of California at San Diego, Nabil, Carmelo Kintana/University of California at San Diego, Qing Zhang/University of California at San Diego, and Amin Vahdat/University of California at San Diego. Glavlit: Preventing Exfiltration at Wire Speed. ACM - Hot Topics in Networks (2006). University of California at San Diego (January 2, 2009), http://www.cs.ucsd.edu/~vahdat/papers/glavlithotnet.pdf

  6. Castro, S.: Covert Channel and Tunneling over the HTTP protocol Detection. Infosecwriters.com (November 2003) (January 29, 2009), http://www.infosecwriters.com/hhworld/cctde.html

  7. Eckstein, K., Jahnke, M.: Data Hiding in Journaling File Systems. Digital Forensic Research Workshop (2005), http://www.dfrws.org (2005) (March 16, 2009), http://www.dfrws.org/2005/proceedings/eckstein_journal.pdf

  8. Technical Note TN1150: HFS Plus Volume Format. Apple Developer Connection. 05 Mar (2004), Apple Incorporated (March 16, 2009), http://www.developer.apple.com/technotes/tn/tn1150.html

  9. Parker, Don. Windows NTFS Alternate Data Streams. Security Focus (February16, 2005) (March 16, 2009), http://www.securityfocus.com/infocus/1822

Download references

Author information

Authors and Affiliations

  1. Network Security Branch, U.S. Army Research Laboratory, USA

    Duane Wilson

  2. Information Security Institute, John Hopkins University, USA

    Michael K. Lavine

Authors
  1. Duane Wilson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael K. Lavine
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SUNY, School of Business, University of Albany, NY 12222, Albany, USA

    Sanjay Goel

Rights and permissions

Reprints and permissions

Copyright information

© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Wilson, D., Lavine, M.K. (2010). A Discretionary Access Control Method for Preventing Data Exfiltration (DE) via Removable Devices. In: Goel, S. (eds) Digital Forensics and Cyber Crime. ICDF2C 2009. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 31. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11534-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11534-9_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11533-2

  • Online ISBN: 978-3-642-11534-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation