A4 Article in conference proceedings
Efficient DLP-visor : An efficient hypervisor-based DLP (2021)


Kiperberg, M., Amit, G., Yeshooroon, A., & Zaidenberg, N. J. (2021). Efficient DLP-visor : An efficient hypervisor-based DLP. In L. Lefevre, S. Patterson, Y. C. Lee, H. Shen, S. Ilager, M. Goudarzi, A. N. Toosi, & R. Buyya (Eds.), CCGrid 2021 : 21st IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing (pp. 344-355). IEEE. https://doi.org/10.1109/CCGrid51090.2021.00044


JYU authors or editors


Publication details

All authors or editors: Kiperberg, Michael; Amit, Guy; Yeshooroon, Amir; Zaidenberg, Nezer J.

Parent publication: CCGrid 2021 : 21st IEEE/ACM International Symposium on Cluster, Cloud and Internet Computing

Parent publication editors: Lefevre, Laurent; Patterson, Stacy; Lee, Young Choon; Shen, Haiying; Ilager, Shashikant; Goudarzi, Mohammad; Toosi, Adel N.; Buyya, Rajkumar

Place and date of conference: Melbourne, Australia, 10-13.5.2021

eISBN: 978-1-7281-9586-5

Publication year: 2021

Pages range: 344-355

Number of pages in the book: 842

Publisher: IEEE

Publication country: United States

Publication language: English

DOI: https://doi.org/10.1109/CCGrid51090.2021.00044

Publication open access: Not open

Publication channel open access:


Abstract

Many organization consider insider threat for data theft to be one of the most severe threats. An insider may also leak sensitive information without malicious intent (as a result of social engineering) Data leakage prevention (DLP) systems attempt to prevent intentional or accidental disclosure of sensitive information by monitoring the content or the context in which the information is transferred, for example, in a file system, an email server, instant messengers. We present a context-sensitive DLP system, called Efficient DLP-Visor. We implemented DLP-visor as a thin hypervisor capable of intercepting system calls in Windows operating systems equipped with Kernel Patch Protection. By intercepting system calls that govern the file system, inter-process communications, networking, system register and system clipboard, DLP-Visor guarantees that sensitive information can never leave a predefined set of directories. The performance overhead of Efficient DLP-Visor (7.2%) allows its deployment in real-world applications. Efficient DLP-visor logs were improved for better detection and logging of a DLP event. On idle time Efficient DLP-visor deletes most of the data log while maintaining the important data of leaks and attack.


Keywords: data security; files; access control; virtualisation; Windows 10


Contributing organizations


Ministry reporting: Yes

Preliminary JUFO rating: 1


Last updated on 2021-22-10 at 10:13