An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information
Dongwan Shin, William Claycomb
2009
Abstract
Enterprise directory services are commonly used in enterprise systems to store object information relating to employees, computers, contacts, etc. These stores can act as information providers or sources for authentication and access control decisions, and could potentially contain sensitive information. An insider attack, particularly if carried out using administrative privileges, could compromise large amounts of directory information. We present a solution for protecting directory services information from insider attacks using existing key management infrastructure and a new component called a Personal Virtual Directory Service. We show how impact to existing users, client applications, and directory services are minimized, and how we prevent insider attacks from revealing protected data. Additionally, our solution is supported by implementation results showing the impact to client performance and directory storage capacity.
References
- Jakobsson, M.: Modeling and preventing phishing attacks. In: Phishing Panel at Financial Cryptography. (2005)
- Kowalski, E., Cappelli, D., Conway, T., Willke, B., Keverline, S., Moore, A., Williams, M.: Insider threat study: Illicit cyber activity in the government sector. Technical report, U.S. Secret Service and CERT (2008)
- Keeney, M., Capelli, D., Kowalski, E., Moore, A., Shimeall, T., Rogers, S.: Insider threat study: Computer system sabotage in critical infrastructure sectors. Technical report, U.S. Secret Service and CERT/SEI (2005)
- Shaw, E., Ruby, K., Post, J.: The insider threat to information systems. Security Awareness Bulletin (1998)
- Microsoft Corporation: How to mark an attribute as confidential in windows server 2003 service pack 1. (http://support.microsoft.com/kb/922836)
- Red Hat, Inc.: Fedora directory server. (http://directory.fedoraproject.org/)
- Claycomb, W., Shin, D., Hareland, D.: Towards privacy in enterprise directory services: A user-centric approach to attribute management. In: Proceedings of the 41th IEEE International Carnahan Conference on Security Technology, Ottawa, Canada (2007)
- Radiant Logic, Inc.: Using virtualization to leverage your investment in active directory. Technical report, (Radiant Logic, Inc.)
- Radiant Logic, Inc.: Radiantone vds. (http://www.radiantlogic.com/main/)
- Claycomb, W., Shin, D.: Protecting sensitive information in directory services using virtual directories. In: Proceedings of the 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom). (2008)
- Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and publickey cryptosystems. Commun. ACM 21 (1978) 120-126
- Microsoft Corporation: Windows server 2003 active directory application mode. (http://www.microsoft.com/windowsserver2003/adam/default.mspx)
Paper Citation
in Harvard Style
Shin D. and Claycomb W. (2009). An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information . In Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009) ISBN 978-989-8111-91-3, pages 36-45. DOI: 10.5220/0002202800360045
in Bibtex Style
@conference{wosis09,
author={Dongwan Shin and William Claycomb},
title={An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information},
booktitle={Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009)},
year={2009},
pages={36-45},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002202800360045},
isbn={978-989-8111-91-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 7th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2009)
TI - An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information
SN - 978-989-8111-91-3
AU - Shin D.
AU - Claycomb W.
PY - 2009
SP - 36
EP - 45
DO - 10.5220/0002202800360045