Security of Big Data: Focus on Data Leakage Prevention (DLP)

Nyarko, Richard

January 2018

Data has become an indispensable part of our daily lives in this era of information age. The amount of data which is generated is growing exponentially due to technological advances. This voluminous of data which is generated daily has brought about new term which is referred to as big data. Therefore, security is of great concern when it comes to securing big data processes. The survival of many organizations depends on the preventing of these data from falling into wrong hands. Because if these sensitive data fall into wrong hands it could cause serious consequences. For instance, the credibility of several businesses or organizations will be compromised when sensitive data such as trade secrets, project documents, and customer profiles are leaked to their competitors (Alneyadi et al, 2016).  In addition, the traditional security mechanisms such as firewalls, virtual private networks (VPNs), and intrusion detection systems/intrusion prevention systems (IDSs/IPSs) are not enough to prevent against the leakage of such sensitive data. Therefore, to overcome this deficiency in protecting sensitive data, a new paradigm shift called data leakage prevention systems (DLPSs) have been introduced. Over the past years, many research contributions have been made to address data leakage. However, most of the past research focused on data leakage detection instead of preventing against the leakage. This thesis contributes to research by using the preventive approach of DLPS to propose hybrid symmetric-asymmetric encryption to prevent against data leakage.  Also, this thesis followed the Design Science Research Methodology (DSRM) with CRISP-DM (CRoss Industry Standard Process for Data Mining) as the kernel theory or framework for the designing of the IT artifact (method). The proposed encryption method ensures that all confidential or sensitive documents of an organization are encrypted so that only users with access to the decrypting keys can have access. This is achieved after the documents have been classified into confidential and non-confidential ones with Naïve Bayes Classifier (NBC).  Therefore, any organizations that need to prevent against data leakage before the leakage occurs can make use of this proposed hybrid encryption method.

Big data

big data security

data leakage prevention

data leakage prevention system

Computer Sciences

Datavetenskap (datalogi)

Improving DLP system security / Förbättring av säkerheten av DLP system

Ghorbanian, Sara, Fryklund, Glenn

January 2014

Context. Data leakage prevention (DLP), a system designed to prevent leakage and loss of secret sensitive data and at the same time not affect employees workflow. The aim is to have a system covering every possible leakage point that exist. Even if these are covered, there are ways of hiding information such as obfuscating a zip archive within an image file, detecting this hidden information and preventing it from leaking is a difficult task. Companies pay a great deal for these solutions and yet, as we uncover, the information is not safe. Objectives. In this thesis we evaluate four different existing types of DLP systems out on the market today, disclosing their weaknesses and found ways of improving their security. Methods. The four DLP systems tested in this study cover agentless, agent based, hybrids and regular expression DLP tools. The test cases simulate potential leakage points via every day used file transfer applications and media such as USB, Skype, email, etc. Results. We present a hypothetical solution in order to amend these weaknesses and to improve the efficiency of DLP systems today. In addition to these evaluations and experiments, a complementing proof of concept solution has been developed that can be integrated with other DLP solutions. Conclusions. We conclude that the exisiting DLP systems are still in need of improvement, none of the tested DLP solutions fully covered the possible leakage points that could exist in the corporate world. There is a need for continued evaluation of DLP systems, aspects and leakage points not covered in this thesis as well as a follow up on our suggested solution.

Data leakage prevention (DLP)

API hooking

agent based

agentless.

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

資料外洩稽核工具之設計與實作 / Design and implementation of an audit tool for data leakage

高華志, Kao, Hua Chih

Unknown Date

隨著國內法令規範對於隱私政策更加重視，國內外企業組織因應鉅額罰款與政策的施行，再加上個人資料外洩事件頻傳，各企業無不擔心客戶資料的保護與落實內部資料控制。而大型政府機關或企業，由於服務範圍廣大，應用系統繁多，針對資料外洩的保護與落實，將更加的複雜。大部份的組織針對實體文件、安全性儲存設備管制、使用採購防火牆設備等，皆有進行相關的管理與設備的採購，但上述機制未能解決應用系統的資料外洩問題。對稽核人員而言稽查應用程式是否有資料外洩之虞，由應用程式原始程式碼相當實為不易，而新制定一套更安全存取控管的介面更需投入相當高的成本與時間。 / 本研究在設計與實作資料外洩稽核工具，參考國際標準ISO27002與ISO 13569資訊安全作法，摘選出應用系統資訊安全指引，並根據實務經驗與金融產業的系統特性，找出資料外洩存取規則(Rules)。除此之外需搭配資料庫執行指令記錄器(DB Logger)，由大量的資料庫指令紀錄中快速產生稽核報表，藉以協助稽核人員查核資料外洩的線索並督促組織內部問題的改善，以落實內部資料控管政策與外部法令要求。 / The rapid spread of information technologies into every facet of our life results in a surge in attention to privacy recently. Bills are enacted and a comprehensive privacy policy becomes a sign of a responsible corporation. However, the complexity and diversity of application systems of information makes it very difficult to ensure that the information systems conform to all the privacy regulations and polices. Although most corporations have established some privacy policies for controlling physical documents and various hardware devices, the main problem for data leakage is at application layer. Application developers could retrieve sensitive data by exploiting application flaws. This poses great challenges to information system auditors. Firstly, it is rather difficult for auditors to review the code to spot the flaws. Secondly, it is impractical to make a new coding standard and re-write the legacy applications accordingly. Thirdly, application developers lack the motivation to improve the protection level of existing systems. / This thesis argues that a database audit tool can partly address the above difficulties faced by auditors. Specifically, we design and implement a tool for data leakage auditing. We derive right rules for identifying the potential sources of data leakage by referencing to information security practices such as ISO27002 and ISO 13569, and our practical experience in financial industry. Our tool makes good use of the database logger to produce an audit report based on those rules. The audit reports provide not only useful hints for auditors to detect possible data leakage, but also good evidence for urging developers to enhance their applications for privacy protection.

資料外洩

稽核工具

資訊安全

隱碼攻擊

ISO27002

ISO 13569

Data Leakage Prevention

Audit Tools

Information Security

ISO27002

ISO 13569

Injection Flaws

SQL Injection

DLP