Data Loss Prevention Solution for Linux Endpoint Devices

D 2023

Data Loss Prevention Solution for Linux Endpoint Devices

DAUBNER, Lukáš a Adam POVAŽANEC

Základní údaje

Originální název

Data Loss Prevention Solution for Linux Endpoint Devices

Autoři

DAUBNER, Lukáš (203 Česká republika, garant, domácí) a Adam POVAŽANEC (703 Slovensko, domácí)

Vydání

United States, ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security, od s. 1-10, 10 s. 2023

Nakladatel

Association for Computing Machinery

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Kód RIV

RIV/00216224:14330/23:00131647

Organizační jednotka

Fakulta informatiky

ISBN

979-8-4007-0772-8

DOI

http://dx.doi.org/10.1145/3600160.3605036

UT WoS

001122662500126

Klíčová slova anglicky

Data Loss Prevention; Auditing; Kernel Hooking; DLP; Data Leakage

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 7. 4. 2024 23:23, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Endpoint data loss prevention (DLP) software monitors and protects data on the endpoint against accidental and malicious leakage. While the risk of such leakage is widely present in current systems, it is more so within the intelligent infrastructures due to potential impact, heterogeneity, and complexity. However, there is a significant gap in open solutions for wide Linux-based endpoints. Therefore, this paper discusses possible approaches towards Linux endpoint DLP solution, which would be widely available on Linux distributions, not relying on fragile assumptions and not undermining security controls. Namely, the focus is on audit and control of file system operations and external USB devices. The viable approaches are discussed, and a prototype solution is implemented using the ftrace framework for file system operations and combining the udev subsystem and the sysfs virtual file system for external USB devices. While the solution is demonstrated in scenarios involving various DLP channels, it also established a platform for further research based on the data from intercepted events.

Návaznosti

MUNI/A/1389/2022, interní kód MU

Název: Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice

Investor: Masarykova univerzita, Aplikovaný výzkum na FI: Bezpečnost počítačových systémů, softwarových architektur kritických infrastruktur s forenzními aspekty, zpracování dat pokročilých sensorů a algoritmy plánování v dopravě a logistice

MUNI/G/1142/2022, interní kód MU

Název: Forensic Support for Building Trust in Smart Software Ecosystems

Investor: Masarykova univerzita, Forensic Support for Building Trust in Smart Software Ecosystems, INTERDISCIPLINARY - Mezioborové výzkumné projekty

Citovat

DAUBNER, Lukáš a Adam POVAŽANEC. Data Loss Prevention Solution for Linux Endpoint Devices. Online. In ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security. United States: Association for Computing Machinery, 2023, s. 1-10. ISBN 979-8-4007-0772-8. Dostupné z: https://dx.doi.org/10.1145/3600160.3605036.

@inproceedings{2309498,
   author = {Daubner, Lukáš and Považanec, Adam},
   address = {United States},
   booktitle = {ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security},
   doi = {http://dx.doi.org/10.1145/3600160.3605036},
   keywords = {Data Loss Prevention; Auditing; Kernel Hooking; DLP; Data Leakage},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {United States},
   isbn = {979-8-4007-0772-8},
   pages = {1-10},
   publisher = {Association for Computing Machinery},
   title = {Data Loss Prevention Solution for Linux Endpoint Devices},
   url = {https://doi.org/10.1145/3600160.3605036},
   year = {2023}
}

TY  - JOUR
ID  - 2309498
AU  - Daubner, Lukáš - Považanec, Adam
PY  - 2023
TI  - Data Loss Prevention Solution for Linux Endpoint Devices
PB  - Association for Computing Machinery
CY  - United States
SN  - 9798400707728
KW  - Data Loss Prevention
KW  - Auditing
KW  - Kernel Hooking
KW  - DLP
KW  - Data Leakage
UR  - https://doi.org/10.1145/3600160.3605036
N2  - Endpoint data loss prevention (DLP) software monitors and protects data on the endpoint against accidental and malicious leakage. While the risk of such leakage is widely present in current systems, it is more so within the intelligent infrastructures due to potential impact, heterogeneity, and complexity. However, there is a significant gap in open solutions for wide Linux-based endpoints. Therefore, this paper discusses possible approaches towards Linux endpoint DLP solution, which would be widely available on Linux distributions, not relying on fragile assumptions and not undermining security controls. Namely, the focus is on audit and control of file system operations and external USB devices. The viable approaches are discussed, and a prototype solution is implemented using the ftrace framework for file system operations and combining the udev subsystem and the sysfs virtual file system for external USB devices. While the solution is demonstrated in scenarios involving various DLP channels, it also established a platform for further research based on the data from intercepted events.
ER  -

DAUBNER, Lukáš a Adam POVAŽANEC. Data Loss Prevention Solution for Linux Endpoint Devices. Online. In \textit{ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security}. United States: Association for Computing Machinery, 2023, s.~1-10. ISBN~979-8-4007-0772-8. Dostupné z: https://dx.doi.org/10.1145/3600160.3605036.

Podrobný výpis o publikaci