Authors:
Guy Amit
1
;
Amir Yeshooroon
1
;
Michael Kiperberg
2
and
Nezer J. Zaidenberg
1
Affiliations:
1
School of Computer Science, The College of Management, Academic Studies, Israel
;
2
Software Engineering Department, Shamoon College of Engineering Beer-Sheva, Israel
Keyword(s):
Virtual Machine Monitors, Hypervisors, Trusted Computing Base, Data Leakage Prevention.
Abstract:
Data theft by insiders is considered by many organisations to be one of the most serious threats. Data leakage prevention (DLP) systems attempt to prevent intentional or accidental disclosure of sensitive information by monitoring the content or the context in which the information is transferred, for example, in a file system, an email server, instant messengers. We present a context-sensitive DLP system, called DLP-Visor, which is implemented as a thin hypervisor capable of intercepting system calls in Windows operating systems equipped with Kernel Patch Protection. By intercepting system calls that govern the file system, inter-process communications, networking, system register and system clipboard, DLP-Visor guarantees that sensitive information can never leave a predefined set of directories. The performance overhead of DLP-Visor (7.2%) allows its deployment in real-world applications.