Title :
System Call Interception Framework for Data Leak Prevention
Author :
Balinsky, Helen ; Perez, David Subirós ; Simske, Steven J.
Author_Institution :
Hewlett-Packard Labs., Bristol, UK
Abstract :
In this paper, we describe the feasibility and practical study of the recently proposed idea for data leak prevention (DLP) based on end-point policy enforcement. The most reassuring way to prevent sensitive data leak is to thwart sensitive data export before it has a chance to occur. Using a System Call Interception (SCI) technique we investigate the possibility of automatically detecting and amending a non-desired, policy breaching behavior at the "intention" stage: as the corresponding system call is called by an application, but before the action has been accomplished. The SCI method is especially valuable for "black box" applications, for which source code is not available. In our system, we catalog the system calls involved in the DLP events, and reduce our SCI to the minimum necessary set of system calls associated with the sensitive, DLP-requiring tasks. We describe the system behavior for several different applications that we have studied to date.
Keywords :
security of data; SCI method; black box applications; data leak prevention; data security; end-point policy enforcement; intention stage; system behavior; system call interception technique; Companies; Cryptography; Electronic mail; Printers; Sensitivity; Servers; Universal Serial Bus; data leak prevention; policy enforcement; security; system calls interception;
Conference_Titel :
Enterprise Distributed Object Computing Conference (EDOC), 2011 15th IEEE International
Conference_Location :
Helsinki
Print_ISBN :
978-1-4577-0362-1
Electronic_ISBN :
1541-7719
DOI :
10.1109/EDOC.2011.19