A Discretionary Access Control Method for Preventing Data Exfiltration (DE) via Removable Devices

One of the major challenges facing the security community today is how to prevent DE. DE is the unauthorized release of information from a computer system or network of systems. Current methods attempt to address this issue by controlling the information that is released over the Internet. In this paper, we present a host-level discretionary access control method that focuses on exfiltration via removable devices (e.g. thumb drives or external hard drives). Using XML to store extended file attributes, we classify files based on user-defined distribution levels and the community of interest to which they belong. Files are classified with a distribution statement upon creation and re-classified (if necessary) when modified. By monitoring the access to all classified files present on a file system, we allow or prevent release of this information based on predefined policies. With this approach, we show that the unauthorized release of information can be prevented by using a system of accounting that is tied to access control policies. Users are given the authority to transfer files to a removable device according to their current access rights. As a proof of concept, our method demonstrates the value of using accounting as a means of preventing data loss or theft. Our approach can be applied to a variety of data types found on a file system including: executables, archived files, images, and even audio or video files.