Bypassing information leakage protection with trusted applications

by J Blasco, J C Hernandez-Castro, J E Tapiador, A Ribagorda
Computers and Security ()


Insider threats are an increasing concern for most modern organizations. Information leakage is one of the most important insider threats, particularly according to its potential financial impact. Data Leakage Protection (DLP) systems have been developed to tackle this issue and they constitute the main solution to protect information systems against leaks. They work by tracking sensitive information flows and monitoring executed applications to ensure that sensitive information is not leaving the organization. However, current DLP systems do not fully consider that trusted applications represent a threat to sensitive information confidentiality. In this paper, we demonstrate how to use common trusted applications to evade current DLP systems. Thanks to its wide range, trusted applications such as Microsoft Excel can be transformed into standardized block ciphers. Information can thus be encrypted in such a way that current DLP techniques cannot detect that sensitive information is being leaked. This method could be used by non-skilled malicious insiders and leaves almost no traces. We have successfully tested our method against a well-known DLP solution from a commercial provider (TrendMicro LeakProof). Finally, we also analyze the proposed evasion technique from the malicious insider point of view and discuss some possible countermeasures to mitigate its use to steal information. © 2012 Elsevier Ltd. All rights reserved.

Cite this document (BETA)

Readership Statistics

1 Reader on Mendeley

Sign up today - FREE

Mendeley saves you time finding and organizing research. Learn more

  • All your research in one place
  • Add and import papers easily
  • Access it anywhere, anytime

Start using Mendeley in seconds!

Sign up & Download

Already have an account? Sign in