Abstract
A document management system (DMS) provides for secure operations on a distributed repository of digital documents. This paper presents a two-phase approach to address the problem of locating the sources of information leaks in a DMS. The initial monitoring phase treats user interactions in a DMS as a series of transactions, each involving content manipulation by a user; in addition to standard audit logging, relevant contextual information and user-related metrics for transactions are recorded. In the detection phase, leaked information is correlated with the existing document repository and context information to identify the sources of leaks. The monitoring and detecting phases are incorporated in a forensic extension module (FEM) to a DMS to combat the insider threat.
Chapter PDF
Similar content being viewed by others
References
S. Chawathe and H. Garcia-Molina, Meaningful change detection in structured data, ACM SIGMOD Record, vol. 26(2), pp. 26-37, 1997.
S. Chawathe, A. Rajaraman, H. Garcia-Molina and J. Widom, Change detection in hierarchically structured information, Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 493-504, 1996.
K. Eckstein and M. Jahnke, Data hiding in journaling file systems, Proceedings of the Fifth Annual Digital Forensics Research Workshop, 2005.
EMC Corporation, Authentica Software, Hopkinton, Massachusetts (software.emc.com/microsites/regional/authentica).
A. Garg, S. Pramanik, V. Shankaranarayanan and S. Upadhyaya, Dynamic document reclassification for preventing insider abuse, Proceedings of the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 218-225, 2004.
D. Grossman and O. Frieder, Information Retrieval: Algorithms and Heuristics, Springer, Dordrecht, The Netherlands, 2004.
Microsoft Corporation, Office 2003 Add-In: Word Redactionv1.2, Redmond, Washington (www.microsoft.com/downloads/details.aspx?FamilyID=028c0fd7-67c2-4b51-8e87-65cc9f30f2ed&displaylang=en).
Microsoft Corporation, Office 2003/XP Add-In: Remove Hidden Data, Redmond, Washington (www.microsoft.com/downloads/details.aspx?FamilyId=144E54ED-D43E-42CA-BC7B-5446D34E5360& displaylang=en).
A. Mehta, Office Space: Information rights management in Office 2003, TechNet, Microsoft Corporation, Redmond, Washington (technet.microsoft.com/en-us/magazine/cc160822.aspx), 2003.
E. Myers, An O(ND) difference algorithm and its variations, Algo- rithmica, vol. 1(2), pp. 251-266, 1986.
S. Pramanik, V. Sankaranarayanan and S. Upadhyaya, Security policies to mitigate insider threats in the document control domain, Proceedings of the Twentieth Annual Computer Security Applications Conference, pp. 304-313, 2004.
J. Rennie, 20 Newsgroups (people.csail.mit.edu/jrennie/20Newsgr oups).
V. Sankaranarayanan, S. Pramanik and S. Upadhyaya, Detecting masquerading users in a document management system, Proceedings of the IEEE International Conference on Communications, pp. 2296-2301, 2006.
B. Schneier and J. Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security, vol. 2(2), pp. 159-176, 1999.
K. Shanmugasundaram and N. Memon, Automatic reassembly of document fragments via context based statistical models, Proceedings of the Nineteenth Annual Computer Security Applications Conference, pp. 152-159, 2003.
L. von Ahn, M. Blum and J. Langford, Telling humans and computers apart automatically, Communications of the ACM, vol.47(2), pp. 56-60, 2004.
W. Wang and T. Daniels, Building evidence graphs for network forensics analysis, Proceedings of the Twenty-First Annual Computer Security Applications Conference, pp. 254-266, 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Chandrasekaran, M., Sankaranarayanan, V., Upadhyaya, S. (2008). Inferring Sources of Leaks in Document Management Systems. In: Ray, I., Shenoi, S. (eds) Advances in Digital Forensics IV. DigitalForensics 2008. IFIP — The International Federation for Information Processing, vol 285. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-84927-0_23
Download citation
DOI: https://doi.org/10.1007/978-0-387-84927-0_23
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84926-3
Online ISBN: 978-0-387-84927-0
eBook Packages: Computer ScienceComputer Science (R0)