1. Field of the Invention
This invention pertains in general to computer security and in particular to using taint analysis to secure an enterprise from attacks from within the enterprise.
2. Description of the Related Art
Corporate computer networks store large amounts of sensitive confidential and proprietary data. The release of sensitive data such as source code, design documents, trade secrets, confidential customer information, or business plans to outsiders represents a significant threat to companies and enterprises. Security systems have largely focused on protecting corporate data from hackers through a variety of means including encryption, restricted access protocols, firewalls, and monitoring services.
While these measures are largely directed towards fending off external attacks, the release of sensitive data from insider sources also represents a significant problem. Sensitive information can “leak” out of organizations in various ways. An employee may inadvertently forward or send such information to an external recipient. The information may also be mistakenly copied to an external drive along with the employee's personal files. Employees away from the office may transfer sensitive files to a home computer or other unsecured environment.
Conventional methods of extrusion detection are directed at combating such innocent leaks. For instance, filters can be applied based on particular keywords or other ways of identifying sensitive documents. When the filter detects that a confidential document is to be released, an administrator is alerted or the release is blocked from taking place.
Such methods are largely ineffective in preventing leaks of sensitive data that has been compressed, encrypted or otherwise obfuscated. Techniques of obfuscation are more likely to be undertaken by malicious insiders, who represent a greater threat to the enterprise. Such insiders hide sensitive data by transforming it into a form that cannot be recognized by existing extrusion detection techniques. The data is transferred in its obfuscated form to external systems, where it is processed into a form suitable for unauthorized use. Corporations have few ways of preventing motivated insiders who know about data loss prevention systems in place from easily evading them through data obfuscation.
Thus, there is a need for a way to detect and prevent the leakage of obfuscated sensitive data from an enterprise.