The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2012 vol.14)
pp: 30-36
John R. Michener , Casaba Security
ABSTRACT
Users routinely mix security contexts, and modern commercial operating systems don't provide strong barriers against user-level compromise and data exfiltration. Additional defensive measures are needed in environments where the potential for data exfiltration or account misuse poses unacceptable risks.
INDEX TERMS
Computer security, Operating systems, Network security, Electronic mail, Privacy, Internet, networking, security and privacy, software engineering, access controls, communication
CITATION
John R. Michener, "Defending Against User-Level Information Exfiltration", IT Professional, vol.14, no. 6, pp. 30-36, Nov.-Dec. 2012, doi:10.1109/MITP.2011.112
REFERENCES
1. "Virus Alert about the Blaster Worm and its Variants," Microsoft Support, article ID: 826955, 2012; http://support.microsoft.com/kb826955.
2. D. Moore et al., "Inside the Slammer Worm," IEEE Security and Privacy, vol. 1, no. 4, 2003, pp. 33–39.
3. "CERT Advisory CA-2000-04: Love Letter Worm," CERT/CC, May 2000; www.cert.org/advisoriesCA-2000-04.html.
4. "Security Intelligence Report: Volume 9, January through June 2010," Microsoft, 2010; www.microsoft.com/security/sir/archivedefault.aspx.
5. K. Zetter, "Google Hack Attack Was Ultra Sophisticated, New Details Show," Wired,14 Jan. 2010; www.wired.com/threatlevel/2010/01operation-aurora.
6. D. Goodin, "RSA Breach Leaks Data for Hacking SecurID Tokens," The Register,18 Mar. 2011; www.theregister.co.uk/2011/03/18rsa_breach_leaks_securid_data.
7. M. Mondok, "Microsoft: Security was Priority for Office 2007," Ars Technica,1 May 2007; http://arstechnica.com/microsoft/news/2007/ 05microsoft-security-was-priority-for-office-2007.ars.
8. J. Rutkowska and R. Wojtczuk, "Qubes OS Architecture, V0.3," Jan. 2010; http://qubes-os.org/files/docarch-spec-0.3.pdf .
9. M.S. Miller, J. Donnelley, and A.H. Karp, "Delegating Responsibility in Digital Systems: Horton's," Proc. 2nd Usenix Workshop on Hot Topics in Security, 2007, p. 5; http://research.google.com/pubs/archive33037.pdf .
10. M.S. Miller, "Tradeoffs in Retrofitting Security: An Experience Report," Proc. 2007 Symp. Dynamic Languages, ACM, 2007, http://portal.acm.orgcitation.cfm?doid=1297081.1297082.
42 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool