Implementation of Software system for prevention of internal data leaks
In this article approaches on setting up software systems for prevention of internal data leaks is considered. It is stated that dishonest employee's behavior is different from behavior of other employees. One can detect the different parameters of user's behavior, the list of used often data sources, software instruments, performed often operations with data. Two approaches to development of the software system are proposed: the software system based on intermediate ODBC-driver, and the software system based on the user behavior of statistics agents. Generally, statistics agents are software components or plug-ins which send information about every performed action of an user. Both these architectures share the statistics processor component. The statistics processor is responsible for three main tasks: statistics storage, statistics transformation into users' profiles, and data leak detection. The first architecture is applied to the client-server (client-DBMS) software while the second architecture supports a wide range of multi-layer corporate software. Moreover, many of the client-servers software treat data not only from relational databases, but also from document-oriented databases, web-services, files and other sources. Second architecture gives an opportunity to collect statistics about the wider range of users' actions while the first architecture monitors data problems only. The main drawback of the second architecture is the necessity of the plug-in development for every application which requires protection. The formats and storages of users' behavior and users' profiles are described. The statistics entries, users' profiles, statistics processor settings, and notifications are stored as the JSON-documents for the simplicity and faster processing. The documents are stored in the MongoDB database. The statistics entries contain information about the user and the role name, software application name, software tool name, operation type. Periodically users' profiles are built or updated from statistical data. A profile contains the description of user's behavior. This description includes information how frequently one or another software application or tool is used, whether a user usually adds new data entries or read them, what data categories are usual for daily activity. Users' profiles are built not only for each of the users, but also for the different time periods. Thus, a user could have several profiles for the different time periods like previous month, last 30 days, last week, etc. Each of the activities is assessed as relevant or irrelevant to the profile. Nevertheless, false alarms are inevitable. We propose to use several profiles for every user as an approach for decrease of false alarms. The final evaluation of user's safety is formed as the composition result of independent assessments with each of the profiles.
Keywords
software system, software users' behavior, data leaks, DBMS, information security, СУБД, программная система для предотвращения утечек данных, внутренние утечки данных, поведение пользователей, утечки данных, информационная безопасностьAuthors
| Name | Organization | |
| Banokin Pavel I. | Tomsk Polytechnic University | pavel805@gmail.com |
| Vichugov Vladimir N. | Tomsk Polytechnic University | vlad@aics.ru |
References
