| With the rapid development of information networks, the application environment of data has become increasingly complex. The data owner would encounter various risk of leakage in the whole life-cycle of data.Traditional Data Leakage Prevention(DLP) technologies can effectively defend some attacks. However, these technologies provide appropriate protection mechanisms against special situations of data life-cycle with lack of unifying principles.So a failure at one point would break down all the protection mechanisms. What’s more, non-trusted environment brings new challenges to Data Leakage Prevention.This paper analyzes protection requirements in all stages of data life-cyclefrom the point of view of the data object.Because data must pass through the three major system components in the use, this paper analysisthe flow of information in the memory, storage and network of windows Operating System. Then it provides a data leak prevention solution, which try to ensure the security of the host data in the various stages of the life cycle.The main ideas and achievements of this paper include:1. This paper summarizes the data leakage common scene, most of which are caused by internal threats. By analyzing the existing solutions, which included access control and encryption, although they can prevent data leakage in some scenes, but there are still a risk of leakage.2. From the data perspective, the data life cycle is divided into seven stages:create, store, process, transfer, destruction, arrival and reception. Analysis of the data life cycle may occur at each stage of the threat of data leakage and data leak risk analyzed in detail in the process, and finally to identify their main leak point:memory access, file operations and network communications3. Through analyzing information flow in memory access, we found that the leak is mainly caused by the interprocess communication and other processes to read the process memory directly. Then we proposed a hardware-based virtualization application memory protection method.4. Through analyzing information flow in File operations, we found that the leakage threats may be encountered in the transfer of file data in the storage stack. After introducing the advantages and disadvantages of common protection methods, we provide a double protection program based on the file system filter driver and virtual disk driver.5. Through analyzing information flow in the network traffic, we found that the leakage may exist in the course of the network packets transmitting. After comparingthe common packet protection methods, we provide a multiple network packages protection package based on the Windows new network framework.6. This paper proposes a data leakage protection solution, which combined with the network protection module, the module of memory protection,the file protection module, and the user behavior monitoring module to prevent data leakage in various stages of the life cycle. |
PDF Full Text Request