skip to main content
10.1145/1029146.1029154acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Display-only file server: a solution against information theft due to insider attack

Published: 25 October 2004 Publication History

Abstract

Insider attack is one of the most serious cybersecurity threats to corporate America. Among all insider threats, information theft is considered the most damaging in terms of potential financial loss. Moreover, it is also especially difficult to detect and prevent, because in many cases the attacker has the proper authority to access the stolen information. According to the 2003 CSI/FBI Computer Crime and Security Survey, theft of proprietary information was the single largest category of losses in the 2003 survey totaling $70.1 million or 35% of the total financial loss reported in that survey. In this paper, we describe the design, implementation and evaluation of an industrial-strength solution called <i>Display-Only File Server</i> (DOFS), which can transparently and effectively stop information theft by insiders in most cases, even if the insiders have proper authorities to read/write the protected information. The DOFS architecture ensures that bits of a protected file never leave a DOFS server after the file is checked in and users can still interact with the protected files in the same way as if it is stored locally. Essentially, DOFS decouples "display access" from other types of accesses to a protected file by providing users only the "display image" rather than the bits of the files, and applies the thin-client computing model on existing client-server applications.

References

[1]
Andrew Conry-Murray. DRM: A Question of Balance. Network Magazine. December 2003.
[2]
Computer Security Institute (CSI) and the FBI, 2003 Computer Crime and Security Survey. http://www.security.fsu.edu/docs/FBI2003.pdf
[3]
Dan Verton. Microsoft studying multilevel security desktops. Computerworld. July 2003.
[4]
David A. Solomon and Mark E. Russinovich. Inside Microsoft Windows 2000. Third Edition. Microsoft Press.
[5]
David D. Clark and David R. Wilson. A Comparison of Commercial and Military Computer Security Policies. In Proceedings of IEEE Symposium on Security and Privacy. April 1987. 184--194.
[6]
E. John Sebes and Mark Stamp. Solvable Problems in Enterprise Digital Rights Management. January 2004. http://home.earthlink.net/~mstamp1/papers/DRMsebes.pdf
[7]
Erik Forsberg. Man in the Middle-attack against Microsoft Terminal Services. Cendio System AB. April 2003.
[8]
George Markouizos. Multilevel Security. IBM Corporation. 2003.
[9]
Liquid Machines Technical Overview. White paper. Liquid Machines, Inc. May 2003.
[10]
Mark Russinovich and Bryce Cogswell. Filemon for Windows. http://www.sysinternals.com/ntw2k/source/filemon.shtml
[11]
Markus G. Kuhn and Ross J. Anderson. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations. University of Cambridge.
[12]
Microsoft Windows Rights Management Services for Windows Server 2003 - Helping Organizations Safeguard Digital Information from Unauthorized Use. White paper. Microsoft Corporation. October 2003.
[13]
Mirage: Simple, Convenient, and Reliable Protection of Critical Enterprise Business Data. White paper. Alchemedia Technologies, Inc.
[14]
Page Recall: The Key to Document Protection. White paper. Authentica Inc.
[15]
Rick Smith. The Challenge of Multilevel Security. Cryptosmith LLC. October 2003.
[16]
Ross J.Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley Computer Publishing. 2001.
[17]
Simon Wiseman. Purple Penelope: Extending the Security of Windows NT. February 1997.
[18]
Simon Wiseman and Lt. Whittaker. A new strategy for COTS in classified systems. In 20th National Information Systems Security Conference. October 1997.
[19]
Technical Overview of Windows Rights Management Services for Windows Server 2003. White paper. Microsoft Corporation. November 2003.
[20]
Trends in Proprietary Information Loss. Survey Report. September 2002.
[21]
Tzi-cker Chiueh, Lap-chung Lam and etc. Secure Mobile Code Execution Service. Technical report, Stony Brook University, March 2004.
[22]
Using and Understanding APIs for Terminal Server. White Paper. 1997 Microsoft Corporation.
[23]
Victor DeMarines. Content Security for the Enterprise. White paper. Authentica Inc. April 2002.
[24]
Windows 2000 Terminal Services Capacity and Scaling. White paper. 2000 Microsoft Corporation.

Cited By

View all
  • (2019)Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics10.1007/978-3-030-12385-7_56(801-829)Online publication date: 2-Feb-2019
  • (2018)Detecting and Preventing Cyber Insider Threats: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2018.280074020:2(1397-1417)Online publication date: Oct-2019
  • (2015)Protecting against screenshots: An image processing approach2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)10.1109/CVPR.2015.7298750(1437-1445)Online publication date: Jun-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
DRM '04: Proceedings of the 4th ACM workshop on Digital rights management
October 2004
120 pages
ISBN:1581139691
DOI:10.1145/1029146
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 October 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. access
  2. digital rights management
  3. information theft
  4. insider attack

Qualifiers

  • Article

Conference

CCS04
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2019)Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics10.1007/978-3-030-12385-7_56(801-829)Online publication date: 2-Feb-2019
  • (2018)Detecting and Preventing Cyber Insider Threats: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2018.280074020:2(1397-1417)Online publication date: Oct-2019
  • (2015)Protecting against screenshots: An image processing approach2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR)10.1109/CVPR.2015.7298750(1437-1445)Online publication date: Jun-2015
  • (2015)Surveillance of anomaly and misuse in critical networks to counter insider threats using computational intelligenceCluster Computing10.1007/s10586-014-0403-y18:1(435-451)Online publication date: 1-Mar-2015
  • (2014)AccountabilityFSProceedings of the 2014 IEEE Joint Intelligence and Security Informatics Conference10.1109/JISIC.2014.61(308-311)Online publication date: 24-Sep-2014
  • (2013)Trust Enhanced Security Architecture for Detecting Insider ThreatsProceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2013.8(552-559)Online publication date: 16-Jul-2013
  • (2011)TrustBoxProceedings of the 2011 19th International Euromicro Conference on Parallel, Distributed and Network-Based Processing10.1109/PDP.2011.44(635-639)Online publication date: 9-Feb-2011
  • (2011)Detecting data theft using stochastic forensicsDigital Investigation: The International Journal of Digital Forensics & Incident Response10.1016/j.diin.2011.05.0098(S71-S77)Online publication date: 1-Aug-2011
  • (2010)Security Weaknesses of System and Application Interfaces Used to Process Sensitive InformationInformation Security Management Handbook, Sixth Edition, Volume 310.1201/9781420090956-c3Online publication date: 15-Apr-2010
  • (2010)Information Flow and Covert ChannelsInformation Security Management Handbook, Sixth Edition, Volume 310.1201/9781420090956-c20Online publication date: 15-Apr-2010
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media