A DLP Module Design Based on Plug-in for MS Word

Year 2020, Volume: 24 Issue: 4, 770 - 781, 01.08.2020

Hussein Al-sanabani Murat İskefiyeli

https://doi.org/10.16984/saufenbilder.655984

Abstract

Inadvertent Data leakage by insiders is considered a serious problem for many organizations. Organizations are increasingly implementing Data Leakage/Loss Prevention solutions also know as (DLP), to protect the confidentiality of their data. Currently, DLP solutions have difficulties to identify confidential data as well as lack the ability to allow users to distinguish confidential from non-confidential data. Moreover, they are limited to work outside organizations. In order to solve this problem, it is important to introduce a DLP-Plugins model where the data owners can identify the privacy of the files during their entire lifecycle (creating, editing, etc.) by classifying them. This model uses security measures such as data encryption and access control to prevent accidental leakage of the classified files by the insiders. The proposed model guarantees that the right user will have access to the correct files according to their security access privilege inside or outside the organization. By always keeping classified files encrypted this will protect them all the time and everywhere. The DLP-Plugins model guarantees the usability for the users, all that will be required is to simply open and close the file as they do normally. As an example of the DLP-Plugins model, we have built a DLP-Plugin for Microsoft Word.

Keywords

Data loss prevention, data leakage prevention, encryption, access control, plugin

References

• [1] S. Liu and R. Kuhn, “Data loss prevention,” IT Prof., vol. 12, no. 2, pp. 10–13, Mar. 2010.
• [2] J.-S. Wu, Y.-J. Lee, S.-K. Chong, C.-T. Lin, and J.-L. Hsu, “Key Stroke Profiling for Data Loss Prevention,” in 2013 Conference on Technologies and Applications of Artificial Intelligence, pp. 7–12, 2013.
• [3] R. Tahboub and Y. Saleh, “Data Leakage/Loss Prevention Systems (DLP),” in 2014 World Congress on Computer Applications and Information Systems (WCCAIS), vol. 1, pp. 1–6, 2014.
• [4] S. Alneyadi, E. Sithirasenan, and V. Muthukkumarasamy, “A survey on data leakage prevention systems,” J. Netw. Comput. Appl., vol. 62, pp. 137–152, Feb. 2016.
• [5] A. Shabtai, Y. Elovici, and L. Rokach, A Survey of Data Leakage Detection and Prevention Solutions. Boston, MA: Springer US, 2012.
• [6] Symantec, “Internet Security Threat Report,” vol. 22, no. April, 2017.
• [7] PwC, “Managing cyber risks in an interconnected world: Key fndings from The Global State of Information Security Survey 2015,” 2014.
• [8] PwC, “The Global State of Information Security Survey 2018,” pwc.com, 2018. [Online]. Available: https://www.pwc.com/us/en/services/consulting/cybersecurity/library/information-security-survey.html. [Accessed: 09-May-2020].
• [9] N. Mickelberg, Kevin; Schive, Laurie; Pollard, “US cybercrime: Rising risks, reduced readiness Key fndings from the 2014 US State of Cybercrime Survey,” 2014.
• [10] S. Alneyadi, E. Sithirasenan, and V. Muthukkumarasamy, “Detecting Data Semantic: A Data Leakage Prevention Approach,” in 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 910–917, 2015.
• [11] R. Mogull and M. Rothman, “Understanding and Selecting a Data Loss Prevention Solution,” 2017.
• [12] B. Reed and N. Wynne, “Magic Quadrant for Content-Aware Data Loss Prevention,” 2016.
• [13] T. Wuchner and A. Pretschner, “Data Loss Prevention Based on Data-Driven Usage Control,” in 2012 IEEE 23rd International Symposium on Software Reliability Engineering, pp. 151–160, 2012.
• [14] M. Petkovic, M. Popovic, I. Basicevic, and D. Saric, “A Host Based Method for Data Leak Protection by Tracking Sensitive Data Flow,” in 2012 IEEE 19th International Conference and Workshops on Engineering of Computer-Based Systems, pp. 267–274, 2012.
• [15] M. H. Matthee, “Tagging Data to Prevent Data Leakage (Forming Content Repositories),” SANS Inst., pp. 1–26, 2016.
• [16] I. McAfee, “McAfee Host Data Loss Prevention 2.2.1 Product Guide.” McAfee, Inc, pp. 1–80, 2008.
• [17] I. McAfee, “McAfee Data Loss Prevention 11.0.300 Product Guide.” McAfee, Inc, pp. 1–211, 2020.
• [18] S. S. Dandavate, P.P.; Dhotre, “Data Leakage Detection using Image and Audio Files,” Int. J. Comput. Appl., vol. 115, no. 8, pp. 1–4, 2015.
• [19] P. S. V. Kale, Sandip A.; Kulkarni, “Data Leakage Detection,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 1, no. 9, pp. 668–678, 2012.
• [20] Microsoft, “Overview of data loss prevention,” microsoft.com, 2019. [Online]. Available: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide. [Accessed: 09-May-2020].
• [21] J. Andress, “What is Information Security?,” in The Basics of Information Security, Elsevier, pp. 1–22, 2014.
• [22] B. Guttman and E. Roback, An Introduction to Computer Security : The NIST Handbook, vol. SP800, no. 12. 1995.
• [23] L. Arbel, “Data loss prevention: the business case,” Comput. Fraud Secur., vol. 2015, no. 5, pp. 13–16, May 2015.
• [24] T. Caldwell, “Data loss prevention – not yet a cure,” Comput. Fraud Secur., vol. 2011, no. 9, pp. 5–9, Sep. 2011.
• [25] B. Hauer, “Data and Information Leakage Prevention Within the Scope of Information Security,” IEEE Access, vol. 3, pp. 2554–2565, 2015.
• [26] M. Diri, Mustafa; Gülçiçek, “Türkiye’de Kamu Hizmetinin Görülmesinde Kullanılmakta Olan Gizlilik Derecesi Tanımları: Uygulamadaki Sorunlar ve Çözüm Önerileri,” Maliye Derg., vol. 162y, pp. 497–537, 2012.
• [27] Office Cabinet UK, Government Security Classifications April 2014, pp. 1–35, 2013.