{"title":"防止数据泄漏的系统调用拦截框架","authors":"H. Balinsky, D. Perez, S. Simske","doi":"10.1109/EDOC.2011.19","DOIUrl":null,"url":null,"abstract":"In this paper, we describe the feasibility and practical study of the recently proposed idea for data leak prevention (DLP) based on end-point policy enforcement. The most reassuring way to prevent sensitive data leak is to thwart sensitive data export before it has a chance to occur. Using a System Call Interception (SCI) technique we investigate the possibility of automatically detecting and amending a non-desired, policy breaching behavior at the \"intention\" stage: as the corresponding system call is called by an application, but before the action has been accomplished. The SCI method is especially valuable for \"black box\" applications, for which source code is not available. In our system, we catalog the system calls involved in the DLP events, and reduce our SCI to the minimum necessary set of system calls associated with the sensitive, DLP-requiring tasks. We describe the system behavior for several different applications that we have studied to date.","PeriodicalId":147466,"journal":{"name":"2011 IEEE 15th International Enterprise Distributed Object Computing Conference","volume":"694 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"System Call Interception Framework for Data Leak Prevention\",\"authors\":\"H. Balinsky, D. Perez, S. Simske\",\"doi\":\"10.1109/EDOC.2011.19\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we describe the feasibility and practical study of the recently proposed idea for data leak prevention (DLP) based on end-point policy enforcement. The most reassuring way to prevent sensitive data leak is to thwart sensitive data export before it has a chance to occur. Using a System Call Interception (SCI) technique we investigate the possibility of automatically detecting and amending a non-desired, policy breaching behavior at the \\\"intention\\\" stage: as the corresponding system call is called by an application, but before the action has been accomplished. The SCI method is especially valuable for \\\"black box\\\" applications, for which source code is not available. In our system, we catalog the system calls involved in the DLP events, and reduce our SCI to the minimum necessary set of system calls associated with the sensitive, DLP-requiring tasks. We describe the system behavior for several different applications that we have studied to date.\",\"PeriodicalId\":147466,\"journal\":{\"name\":\"2011 IEEE 15th International Enterprise Distributed Object Computing Conference\",\"volume\":\"694 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 IEEE 15th International Enterprise Distributed Object Computing Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EDOC.2011.19\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE 15th International Enterprise Distributed Object Computing Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDOC.2011.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
System Call Interception Framework for Data Leak Prevention
In this paper, we describe the feasibility and practical study of the recently proposed idea for data leak prevention (DLP) based on end-point policy enforcement. The most reassuring way to prevent sensitive data leak is to thwart sensitive data export before it has a chance to occur. Using a System Call Interception (SCI) technique we investigate the possibility of automatically detecting and amending a non-desired, policy breaching behavior at the "intention" stage: as the corresponding system call is called by an application, but before the action has been accomplished. The SCI method is especially valuable for "black box" applications, for which source code is not available. In our system, we catalog the system calls involved in the DLP events, and reduce our SCI to the minimum necessary set of system calls associated with the sensitive, DLP-requiring tasks. We describe the system behavior for several different applications that we have studied to date.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
