TY - GEN
T1 - iLeak
T2 - 6th European Conference on Computer Network Defense, EC2ND 2010
AU - Kemerlis, Vasileios P.
AU - Pappas, Vasilis
AU - Portokalidis, Georgios
AU - Keromytis, Angelos D.
PY - 2010
Y1 - 2010
N2 - Data loss incidents, where data of sensitive nature are exposed to the public, have become too frequent and have caused damages of millions of dollars to companies and other organizations. Repeatedly, information leaks occur over the Internet, and half of the time they are accidental, caused by user negligence, misconfiguration of software, or inadequate understanding of an application's functionality. This paper presents iLeak, a lightweight, modular system for detecting inadvertent information leaks. Unlike previous solutions, iLeak builds on components already present in modern computers. In particular, we employ system tracing facilities and data indexing services, and combine them in a novel way to detect data leaks. Our design consists of three components: uaudits are responsible for capturing the information that exits the system, while Inspectors use the indexing service to identify if the transmitted data belong to files that contain potentially sensitive information. The Trail Gateway handles the communication and synchronization of uaudits and Inspectors. We implemented iLeak on Mac OS X using DTrace and the Spotlight indexing service. Finally, we show that iLeak is indeed lightweight, since it only incurs 4% overhead on protected applications.
AB - Data loss incidents, where data of sensitive nature are exposed to the public, have become too frequent and have caused damages of millions of dollars to companies and other organizations. Repeatedly, information leaks occur over the Internet, and half of the time they are accidental, caused by user negligence, misconfiguration of software, or inadequate understanding of an application's functionality. This paper presents iLeak, a lightweight, modular system for detecting inadvertent information leaks. Unlike previous solutions, iLeak builds on components already present in modern computers. In particular, we employ system tracing facilities and data indexing services, and combine them in a novel way to detect data leaks. Our design consists of three components: uaudits are responsible for capturing the information that exits the system, while Inspectors use the indexing service to identify if the transmitted data belong to files that contain potentially sensitive information. The Trail Gateway handles the communication and synchronization of uaudits and Inspectors. We implemented iLeak on Mac OS X using DTrace and the Spotlight indexing service. Finally, we show that iLeak is indeed lightweight, since it only incurs 4% overhead on protected applications.
KW - Desktop search
KW - Information leaks
KW - System tracing
UR - http://www.scopus.com/inward/record.url?scp=78650879119&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650879119&partnerID=8YFLogxK
U2 - 10.1109/EC2ND.2010.13
DO - 10.1109/EC2ND.2010.13
M3 - Conference contribution
AN - SCOPUS:78650879119
SN - 9780769543116
T3 - Proceedings - European Conference on Computer Network Defense, EC2ND 2010
SP - 21
EP - 28
BT - Proceedings - European Conference on Computer Network Defense, EC2ND 2010
Y2 - 28 October 2010 through 29 October 2010
ER -