Data Loss Prevention Solution for Linux Endpoint Devices

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00131647" target="_blank" >RIV/00216224:14330/23:00131647 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1145/3600160.3605036" target="_blank" >http://dx.doi.org/10.1145/3600160.3605036</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3600160.3605036" target="_blank" >10.1145/3600160.3605036</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Data Loss Prevention Solution for Linux Endpoint Devices

Popis výsledku v původním jazyce

Endpoint data loss prevention (DLP) software monitors and protects data on the endpoint against accidental and malicious leakage. While the risk of such leakage is widely present in current systems, it is more so within the intelligent infrastructures due to potential impact, heterogeneity, and complexity. However, there is a significant gap in open solutions for wide Linux-based endpoints. Therefore, this paper discusses possible approaches towards Linux endpoint DLP solution, which would be widely available on Linux distributions, not relying on fragile assumptions and not undermining security controls. Namely, the focus is on audit and control of file system operations and external USB devices. The viable approaches are discussed, and a prototype solution is implemented using the ftrace framework for file system operations and combining the udev subsystem and the sysfs virtual file system for external USB devices. While the solution is demonstrated in scenarios involving various DLP channels, it also established a platform for further research based on the data from intercepted events.

Název v anglickém jazyce

Data Loss Prevention Solution for Linux Endpoint Devices

Popis výsledku anglicky

Endpoint data loss prevention (DLP) software monitors and protects data on the endpoint against accidental and malicious leakage. While the risk of such leakage is widely present in current systems, it is more so within the intelligent infrastructures due to potential impact, heterogeneity, and complexity. However, there is a significant gap in open solutions for wide Linux-based endpoints. Therefore, this paper discusses possible approaches towards Linux endpoint DLP solution, which would be widely available on Linux distributions, not relying on fragile assumptions and not undermining security controls. Namely, the focus is on audit and control of file system operations and external USB devices. The viable approaches are discussed, and a prototype solution is implemented using the ftrace framework for file system operations and combining the udev subsystem and the sysfs virtual file system for external USB devices. While the solution is demonstrated in scenarios involving various DLP channels, it also established a platform for further research based on the data from intercepted events.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

ISBN

9798400707728

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

1-10

Název nakladatele

Association for Computing Machinery

Místo vydání

United States

Místo konání akce

Benevento, Italy

Datum konání akce

29. 8. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001122662500126