A Small Leak will Sink a Great Ship: An Empirical Study of DLP Solutions

  • Matthias Luft
  • Thorsten Holz


Data Leakage Prevention (DLP) is the general term for a new approach to avoid data breaches. To achieve this goal, all currently available implementations of this concept perform an analysis of intercepted data to detect breaches in a generic way. The analysis is typically based on user-defined policies which specify what data is valuable. There are several different approaches to both define these content policies and to intercept data to enable analysis.

In this paper, we introduce a methodology to evaluate DLP solutions and we exemplify the method by testing two DLP implementations in detail. Our review process is an essential step in the life cycle of every new software or concept: there should be a continuous cycle of test phases and examinations before a solution can be regarded to be dependable. To perform such an analysis in a structured way, we develop a set of generic tests which evaluate critical parts of important functionality in a DLP solution. We focus on the development of a set of tests that evaluate the DLP specific functionality, instead of performing a traditional vulnerability assessment.

Our empirical tests reveal security vulnerabilities in the tested products. The vulnerabilities have different impact, like the fact that data breaches can still happen or even new leakage vectors can arise.


File Type Identity Theft Data Leakage Endpoint Agent Data Breach 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. BBC. Teacher’s details on missing disk., 2008.
  2. Simon Byers. Information Leakage Caused by Hidden Data in Published Documents. IEEE Security and Privacy, 2(2):23–27, 2004.CrossRefGoogle Scholar
  3. P. Proctor E. Quellet and R. Mogull. Magic Quadrant for Content Monitoring and Filtering and Data Loss Prevention. Technical report, Gartner RAS Core Research, 2007.Google Scholar
  4. The Guardian. Ebay camera contains secret MI6 terrorist images., 2008.
  5. M. E. Johnson and Scott Dynes. Inadvertent disclosure - Information Leaks in the Extended Enterprise. In Proceedings of the Sixth Workshop on the Economics of Information Security. Carnegie Mellon University, 2007.Google Scholar
  6. Rich Mogull. Understanding and Selecting a Data Loss Prevention Solution. Technicalreport, SANS Institute, 2007.Google Scholar
  7. E. Quellet and P. Proctor. Magic Quadrant for Content Monitoring and Filtering and Data Loss Prevention. Technical report, Gartner RAS Core Research, 2008.Google Scholar
  8. Der Spiegel. Diebe klauten 17 Millionen T-Mobile-Datensaetze.,1518,581938,00.html, 200html, 200

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Matthias Luft
    • 1
  • Thorsten Holz
    • 1
  1. 1.Laboratory for Dependable Distributed SystemsUniversity of MannheimMannheim

Personalised recommendations