Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1103

E-DRM-based Privacy Protection Technology for Overcoming Technical Limitations of DLP-based Solutions  

Choi, Jong-Uk (SangMyoung University)
Lee, Yong-Jin (MarkAny)
Park, Ju-Mi (SangMyoung University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1103-1113 More about this Journal
Abstract
DLP technology has been effectively enforcing privacy protection policy in on-line computing environment. However, with wide spread use of smart devices and promotion of smart-works, it has been pointed out that DLP technology cannot effectively prevent privacy leakage at smart devices and is comparatively weak at APT attack. In this paper, we suggests a hybrid approach, PPS, which integrates E-DRM system with DLP technology, taking advantages of both technologies. The technology basically uses encryption function and access control of E-DRM system, and thus it can effectively prevent leakage of privacy information of customers, even if the documents are in the hands of malicious third parties.
Keywords
PPS; DLP; E-DRM; contents filtering; APT; privacy;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 강태욱, "개인정보보호와 기업의 책임," 디지털 타임즈, May 29, 2012.
2 금융보안연구원, "개인정보 보호 기술 동향 보고서,"금보원, 금융보안연구원 동향보고서, 2011-09, Dec. 2011.
3 김명환, "미국, 온라인 개인정보 유출차단 나선다," 매경뉴스, Feb. 24, 2012.
4 김진형, 김형종, "정보유출방지와 프라이버시 침해에 대한 고찰," 정보보호학회, 정보보호학회지 v.21, no.5, pp.45-49, 2011.
5 김희연, "세계는 지금 '개인정보보호 열풍,'" ZDNet, Jan. 27, 2012.
6 이민형, "DLP 솔루션을 도입해야하는 이유는…," Ddaily, Ddaily.co.kr, Feb. 3, 2012.
7 이종현, "SK컴즈 100만원씩 보상땐 35조...해킹 후폭풍," 조선일보, April 26, 2012.
8 장윤정, "APT공격, 99.999% 당한다: 다계층 보안 및 전직원 보안교육 등 전방위 대비 필요," 보안닷컴, Nov. 2011.
9 정영철, "개인정보 유출방지를 위한 기술적 보호모델에 관한 연구," 석사학위논문, 성균관대학교, 2011.
10 조남용, "APT공격, 지능적 대응이 답이다," 보안닷컴, Jan. 2012.
11 행정안전부, 개인정보보호법, 법률 제10465호, 2011.3.29. 제정, 시행 2011.9.30., 2011.
12 Bardin J., "Data Loss Prevention . What the DLP Companies Don't Tell You?," Sept. 2009.
13 Barzilai Z., Shmulyian S., Feldman S.,"Enterprise Privacy Manager," US Patent 7,225,460, IBM, May 2007.
14 Curtin-Mestre K., Room S., Yngve S., "Privacy Concern with Adopting DLP Technology," RSA Conference Europe 2009, Oct. 2009.
15 Elena M. Zamora, Computer Method for Automatic Extraction of Commonly Specified Information from Business Correspondence, US Patent 4,965,763, IBM, Oct. 1990.
16 Frankie Li, "A Detailed Analysis of an Advanced Persistent Threat Malware," Whitepaper of SAN Institute, Oct. 2011.
17 Greg Hogland, "Advanced Persistent Threat: What means to your enterprise?," Presentation of ISSA Conference, Feb. 2010.
18 Mathew J. Schwartz, "Advanced Persistent Threats Get More Respect," Information Week, Feb. 9. 2012
19 Ra1an B., Dalal C. D., Kabra N., "Method and Apparatus for Detecting Web-based Electronic Mail in Network Traffic," US Patent 7,996,406 B1, Symantec, Aug. 2011.
20 Russell Stringham, Eduardo Suarez, "Systems and Methods for Processing and Managing Object-Related Data for use by a Plurality of Applications," US Patent 2011/0113466 A1, Symantec, May 2011.
21 Sam Cury, Bret Hartman, David P. Hunter, David Martin, Dennis R. Morean, Alina Oprea, Uri Rivner, Dana Elizabeth Wolf, "Mobilizing Intelligent Security Operations for Advanced Persistent Threat," RSA security brief, RSA, Feb. 2011.
22 Wootton B., Dandliker R., Tsibulya A., Brucening O., Kessler D., "Methods and Systems for Normalizating Data Loss Prevention Categorization Information," US Patent 8,060,596 B1, Symantec, Nov. 2011.
23 Zoppas M., Hermann J., O'Raghallaigh C., Bothwell E., Fontana A., "Method and Apparatus for Detecting Policy Violations in a Data Repository Having an Arbitrary Data Schema," US Patent No. 7,996,373, Aug. 2011.