Information Centric Security: Innovative Protections to Mitigate the Insider Threat

Abstract

Security Innovation has been working in partnership with the Florida Institute of Technology to produce designs for tools and technology which will serve to protect sensitive electronic documents from those attackers that operate inside trusted network boundaries. Our focus has been to understand what computing resources and components are used in attacking documents and instrument those resources to log, identify and prevent malicious behavior dynamically. Our overall design protects sensitive documents at three critical times: while on disk, during transmission, and during use. While on disk and during transmission our design augments static cryptographic protections by introducing file locking : the ability to restrict access to documents statically, making cryptographic attacks measurably more difficult by denying access to the encrypted document. The major contribution of this work however is to protect documents when they are most vulnerable: during use. Controls have been designed to protect sensitive documents from attack while their data is being read, edited or executed.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 02, 2004
Accession Number
ADA421489

Entities

People

  • Herbert H. Thompson
  • James A. Whittaker

Tags

Communities of Interest

  • Ground and Sea Platforms
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Access Control
  • Computer Programs
  • Computer Science
  • Computers
  • Cryptography
  • Digital Information
  • Insider Threats
  • Military Research
  • Operating Systems
  • Security
  • Test Beds
  • Threats
  • User Interface
  • Virtual Machines
  • Web Browsers
  • Word Processors

Fields of Study

  • Computer science

Readers

  • Computer Science/Computer Engineering/Data Science/Digital Signal Processing.
  • Cybersecurity.
  • Library and Information Science

Technology Areas

  • Microelectronics