Proposal for Effective Information Flow Control Model for Sharing and Protecting Sensitive Information

Information leakage has become a serious problem for computer systems that handle a company’s sensitive information, such as intellectual properties and manufacturing know-how. The majority of the causes can be attributed to loss or theft of information or worms and viruses. As a countermeasure, forbidding the sharing of information through removable media or the Internet is effective, but it also places restriction on the handling of general information that can be made public. Also, the sandbox model can be used to segregate sensitive information from environments that can easily be infected by worms or viruses; however, even sensitive information is sent as email attachments to various locations within the organization, and this model cannot be applied to business cases where information must be stored and carried out on removable media. In this article, we propose an information flow control model that is suitable for both sharing and protecting sensitive information on computer systems in which general information that can be made public and sensitive information that cannot be exposed outside the company are mixed. In the proposed model, sensitive information are protected from environments that can be easily infected by worms or viruses by segregating the environment for programs that use the Internet and the environment in which programs handling sensitive information are executed, using existing techniques such as the sandbox model. At the same time, by combining automatic file encryption and encrypted file access control, sensitive information can be safely transmitted as encrypted text through removable media or the Internet as the need arises.