Abstract

Insider attack is one of the most serious cybersecurity threats to corporate America. Among all insider threats, information theft is considered the most damaging in terms of potential financial loss. Moreover, it is also especially difficult to detect and prevent, because in many cases the attacker has the proper authority to access the stolen information. Enterprise Digital Rights Management (E-DRM) protects sensitive information by managing and enforcing access and usage rights to the information throughout its lifecycle, no matter where the information is distributed. However, the self-protection strength of the DRM client software has always been a potential weakness for all DRM solutions, and application-specific implementation also restricts the deployment of many E-DRM systems. In this report, we review the general DRM architecture and several commercial systems, and describe the design, implementation and evaluation of an industrial-strength system called Display-Only File Server (DOFS), which can transparently and effectively stop information theft by insiders in most cases, even if the insiders have proper authorities to read/write

Links

• Citeseerx

Citation

Yu, Y., Chiueh, T., 2004. Enterprise Digital Rights Management: Solutions against Information Theft by Insiders. Research proficiency examination (RPE) report TR-169, department of computer science, stony brook university.