Display-Only File Server by nyut545e2


									  Display-Only File Server
A Solution against Information Theft
        Due to Insider Attack

       Yang Yu       Tzi-cker Chiueh
         {yyu, chiueh}@cs.sunysb.edu
Information theft by insiders.
Traditional solutions and E-DRM.
Display-only file server: no content
exposed to insiders.
  System overview
  Implementation outline
Conclusion and future work.
 Information theft by insiders
Enterprise sensitive information in digital
format (market plans, sales reports…).
Information theft:
  Email, removable media, print …
  Intentionally or by accident
Theft by insiders: difficult to prevent.
  Authorized to access sensitive information
  Inside the security perimeter
        Traditional solutions
Standard access control mechanism.
  Not sufficient if attackers are authorized users
Firewall and intrusion detection system.
  Not effective for insider attacks
Restricting usage of removable media.
  Inconvenient or impractical
Multilevel Security (MLS) systems.
  Difficult to build and deploy
           Enterprise DRM
DRM client self-protection
  Protected content bits on the client machine
  An authorized attacker with full control of the
  client machine
  Various screen capture approaches
DRM client deployment
  Application-specific plug-ins
  Modification of existing applications
  Change of user interface
 Server-based content access
Concentrating most of the computations
(file access, rights enforcement) on a
protected central (content) server.
Controlling the content server so that no
content bits can leave the server.
Outputting display to the client machine.
Less dependence on the protection of
each individual client machine.
       Display-only file server
Sensitive file contents in a protected server.
Applying server-based computing model in
existing client-based computing environment.
No change to existing business process and
user interface.
Transparent integration and activation.
Output only the display of file access rather
than protected content bits.
System overview
   Implementation outline
     (for MS Windows)
Server-based computing
  MS Windows Terminal Services
Copy file from protected network share
  File system filter driver (IRP_MJ_READ)
Copy and paste data
  Monitor clipboard content change
Screen capture
  Display protection and watermarking
DRM controller activation
  Shell extension
Implementation architecture
                      Content access
                                         File Server


                                   Display-Only File Server


DOFS-enabled Client
  Implementation scalability
Memory consumption per session
  ≈ 10MB + 2MB + application usage (MB)
Application startup latency
  1 second on average
Network bandwidth
  Total consumption for 40 concurrent
  sessions ≈ 664 Kbps
        Display protection
Various methods to access frame buffer
  GDI, Direct X, …?
Hardware simulator
  VMWare, Bochs, …
Analog attacks
  Camera photographing, OCR
  Screen emanating radiations
No complete solutions yet
  DDI spy, digital watermarking
   Conclusion and future work
Content bits never come to insiders’ local
Transparent integration with existing
applications and authentication mechanism.
Less dependence on client-side protection.
Secure database applications.
Future work: more comprehensive display

To top