Enterprise Digital Rights Management:Solutions against Information Theft by Insiders

Insider attack is one of the most serious cybersecurity threats to corporate America. Among all insider threats, information theft is considered the most damaging in terms of potential financial loss. Moreover, it is also especially difficult to detect and prevent, because in many cases the attacker has the proper authority to access the stolen information. Enterprise Digital Rights Management (E-DRM) protects sensitive information by managing and enforcing access and usage rights to the information throughout its lifecycle, no matter where the information is distributed. However, the self-protection strength of the DRM client software has always been a potential weakness for all DRM solutions, and application-specific implementation also restricts the deployment of many E-DRM systems. In this report, we review the general DRM architecture and several commercial systems, and describe the design, implementation and evaluation of an industrial-strength system called Display-Only File Server (DOFS), which can transparently and effectively stop information theft by insiders in most cases, even if the insiders have proper authorities to read/write the protected information. The DOFS architecture ensures that bits of a sensitive file never leave a protected server after the file is checked in and users can still interact with the protected file in the same way as if it is stored locally. Essentially, DOFS decouples “display access” from other types of accesses to a protected file, and provides users only the “display image” rather than bits of the file. Therefore, DOFS can have less dependency on the trusted client software against information theft by insiders. 1. INFORMATION THEFT Nowadays most organizations such as government agencies, financial institutions and professional companies have been storing and processing their confidential information in digital format in their daily life. The confidential information might include product overviews, marketing plans, customer lists and sales reports in the format of Microsoft Office, Adobe pdf, HTML, etc. Organizations normally process the information by sharing those digital files from protected file servers and distributing them by downloads or email messages. Compared with the traditional print format, the digital format can significantly improve the efficiency of handling the confidential information as well as maintaining its reliability. However, the digital format also makes the