Display-only file server

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Display-only file server: a solution against information theft due to insider attack

Full text

Pdf (312 KB)

Source

ACM Workshop On Digital Rights Management archive
Proceedings of the 4th ACM workshop on Digital rights management table of contents

Washington DC, USA

SESSION: Information protection methods table of contents

Pages: 31 - 39

Year of Publication: 2004

ISBN:1-58113-969-1

Authors

Yang Yu	Stony Brook University, Stony Brook, NY
Tzi-cker Chiueh	Rether Networks Inc., Centereach, NY

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 14, Downloads (12 Months): 104, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1029146.1029154 What is a DOI?

ABSTRACT

Insider attack is one of the most serious cybersecurity threats to corporate America. Among all insider threats, information theft is considered the most damaging in terms of potential financial loss. Moreover, it is also especially difficult to detect and prevent, because in many cases the attacker has the proper authority to access the stolen information. According to the 2003 CSI/FBI Computer Crime and Security Survey, theft of proprietary information was the single largest category of losses in the 2003 survey totaling $70.1 million or 35% of the total financial loss reported in that survey. In this paper, we describe the design, implementation and evaluation of an industrial-strength solution called <i>Display-Only File Server</i> (DOFS), which can transparently and effectively stop information theft by insiders in most cases, even if the insiders have proper authorities to read/write the protected information. The DOFS architecture ensures that bits of a protected file never leave a DOFS server after the file is checked in and users can still interact with the protected files in the same way as if it is stored locally. Essentially, DOFS decouples "display access" from other types of accesses to a protected file by providing users only the "display image" rather than the bits of the files, and applies the thin-client computing model on existing client-server applications.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Andrew Conry-Murray. DRM: A Question of Balance. Network Magazine. December 2003.
	2	Computer Security Institute (CSI) and the FBI, 2003 Computer Crime and Security Survey. http://www.security.fsu.edu/docs/FBI2003.pdf
	3	Dan Verton. Microsoft studying multilevel security desktops. Computerworld. July 2003.
	4	David A. Solomon , Mark Russinovich, Inside Microsoft Windows 2000, Microsoft Press, Redmond, WA, 2000
	5	David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In Proceedings of IEEE Symposium on Security and Privacy. April 1987. 184--194.
	6	E. John Sebes and Mark Stamp. Solvable Problems in Enterprise Digital Rights Management. January 2004. http://home.earthlink.net/~mstamp1/papers/DRMsebes.pdf
	7	Erik Forsberg. Man in the Middle-attack against Microsoft Terminal Services. Cendio System AB. April 2003.
	8	George Markouizos. Multilevel Security. IBM Corporation. 2003.
	9	Liquid Machines Technical Overview. White paper. Liquid Machines, Inc. May 2003.
	10	Mark Russinovich and Bryce Cogswell. Filemon for Windows. http://www.sysinternals.com/ntw2k/source/filemon.shtml
	11	Markus G. Kuhn and Ross J. Anderson. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. University of Cambridge.
	12	Microsoft Windows Rights Management Services for Windows Server 2003 - Helping Organizations Safeguard Digital Information from Unauthorized Use. White paper. Microsoft Corporation. October 2003.
	13	Mirage: Simple, Convenient, and Reliable Protection of Critical Enterprise Business Data. White paper. Alchemedia Technologies, Inc.
	14	Page Recall: The Key to Document Protection. White paper. Authentica Inc.
	15	Rick Smith. The Challenge of Multilevel Security. Cryptosmith LLC. October 2003.
	16	Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., New York, NY, 2001
	17	Simon Wiseman. Purple Penelope: Extending the Security of Windows NT. February 1997.
	18	Simon Wiseman and Lt. Whittaker. A new strategy for COTS in classified systems. In 20th National Information Systems Security Conference. October 1997.
	19	Technical Overview of Windows Rights Management Services for Windows Server 2003. White paper. Microsoft Corporation. November 2003.
	20	Trends in Proprietary Information Loss. Survey Report. September 2002.
	21	Tzi-cker Chiueh, Lap-chung Lam and etc. Secure Mobile Code Execution Service. Technical report, Stony Brook University, March 2004.
	22	Using and Understanding APIs for Terminal Server. White Paper. 1997 Microsoft Corporation.
	23	Victor DeMarines. Content Security for the Enterprise. White paper. Authentica Inc. April 2002.
	24	Windows 2000 Terminal Services Capacity and Scaling. White paper. 2000 Microsoft Corporation.