V. Kemerlis, Vasilis Pappas, G. Portokalidis, A. Keromytis
{"title":"iLeak:一个用于检测无意信息泄漏的轻量级系统","authors":"V. Kemerlis, Vasilis Pappas, G. Portokalidis, A. Keromytis","doi":"10.1109/EC2ND.2010.13","DOIUrl":null,"url":null,"abstract":"Data loss incidents, where data of sensitive nature are exposed to the public, have become too frequent and have caused damages of millions of dollars to companies and other organizations. Repeatedly, information leaks occur over the Internet, and half of the time they are accidental, caused by user negligence, misconfiguration of software, or inadequate understanding of an application’s functionality. This paper presents iLeak, a lightweight, modular system for detecting inadvertent information leaks. Unlike previous solutions, iLeak builds on components already present in modern computers. In particular, we employ system tracing facilities and data indexing services, and combine them in a novel way to detect data leaks. Our design consists of three components: uaudits are responsible for capturing the information that exits the system, while Inspectors use the indexing service to identify if the transmitted data belong to files that contain potentially sensitive information. The Trail Gateway handles the communication and synchronization of uaudits and Inspectors. We implemented iLeak on Mac OS X using DTrace and the Spotlight indexing service. Finally, we show that iLeak is indeed lightweight, since it only incurs 4% overhead on protected applications.","PeriodicalId":375908,"journal":{"name":"2010 European Conference on Computer Network Defense","volume":"8 6","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"iLeak: A Lightweight System for Detecting Inadvertent Information Leaks\",\"authors\":\"V. Kemerlis, Vasilis Pappas, G. Portokalidis, A. Keromytis\",\"doi\":\"10.1109/EC2ND.2010.13\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Data loss incidents, where data of sensitive nature are exposed to the public, have become too frequent and have caused damages of millions of dollars to companies and other organizations. Repeatedly, information leaks occur over the Internet, and half of the time they are accidental, caused by user negligence, misconfiguration of software, or inadequate understanding of an application’s functionality. This paper presents iLeak, a lightweight, modular system for detecting inadvertent information leaks. Unlike previous solutions, iLeak builds on components already present in modern computers. In particular, we employ system tracing facilities and data indexing services, and combine them in a novel way to detect data leaks. Our design consists of three components: uaudits are responsible for capturing the information that exits the system, while Inspectors use the indexing service to identify if the transmitted data belong to files that contain potentially sensitive information. The Trail Gateway handles the communication and synchronization of uaudits and Inspectors. We implemented iLeak on Mac OS X using DTrace and the Spotlight indexing service. Finally, we show that iLeak is indeed lightweight, since it only incurs 4% overhead on protected applications.\",\"PeriodicalId\":375908,\"journal\":{\"name\":\"2010 European Conference on Computer Network Defense\",\"volume\":\"8 6\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 European Conference on Computer Network Defense\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EC2ND.2010.13\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 European Conference on Computer Network Defense","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EC2ND.2010.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
摘要
由于敏感数据暴露在公众面前,数据丢失事件变得过于频繁,给公司和其他组织造成了数百万美元的损失。在Internet上经常发生信息泄漏,而且有一半的情况是偶然的,是由用户疏忽、软件配置错误或对应用程序功能理解不足造成的。本文介绍了illeak,一个轻量级的模块化系统,用于检测无意的信息泄漏。与以前的解决方案不同,illeak建立在现代计算机中已经存在的组件上。特别是,我们采用系统跟踪工具和数据索引服务,并以一种新颖的方式将它们结合起来检测数据泄漏。我们的设计由三个组件组成:审计人员负责捕获退出系统的信息,而检查人员使用索引服务来识别传输的数据是否属于包含潜在敏感信息的文件。Trail Gateway处理审计人员和检查人员之间的通信和同步。我们使用DTrace和Spotlight索引服务在Mac OS X上实现了illeak。最后,我们展示了illeak确实是轻量级的,因为它只对受保护的应用程序产生4%的开销。
iLeak: A Lightweight System for Detecting Inadvertent Information Leaks
Data loss incidents, where data of sensitive nature are exposed to the public, have become too frequent and have caused damages of millions of dollars to companies and other organizations. Repeatedly, information leaks occur over the Internet, and half of the time they are accidental, caused by user negligence, misconfiguration of software, or inadequate understanding of an application’s functionality. This paper presents iLeak, a lightweight, modular system for detecting inadvertent information leaks. Unlike previous solutions, iLeak builds on components already present in modern computers. In particular, we employ system tracing facilities and data indexing services, and combine them in a novel way to detect data leaks. Our design consists of three components: uaudits are responsible for capturing the information that exits the system, while Inspectors use the indexing service to identify if the transmitted data belong to files that contain potentially sensitive information. The Trail Gateway handles the communication and synchronization of uaudits and Inspectors. We implemented iLeak on Mac OS X using DTrace and the Spotlight indexing service. Finally, we show that iLeak is indeed lightweight, since it only incurs 4% overhead on protected applications.