Title :
Molehunt: near-line semantic activity tracing
Author :
Wolthusen, Stephen D.
Author_Institution :
Fraunhofer-IGD, Germany
Abstract :
This paper discusses threats posed by low granularity in access to confidential (classified) data typically found at lower protection levels, namely direct access beyond need to know and the correlation of materials yielding more sensitive aggregate data by both insider threats and malware, an area of particular concern for intelligence analysis. It is argued that while active security controls at both the procedural and technical level are currently not pragmatically feasible, near-line semantic monitoring particularly at the file system but also at the network level can provide capabilities to detect anomalous and also directed malicious activity. A mechanism for implementing the tracing and monitoring mechanism on an COTS operating system is described.
Keywords :
data privacy; operating systems (computers); security of data; Molehunt; active security control; anomalous activity detection; classified data; confidential data; data access; data protection; intelligence analysis; malicious activity detection; malware; near-line semantic activity tracing; near-line semantic monitoring; operating system; sensitive aggregate data; Aggregates; Control systems; Data security; File systems; Information systems; Monitoring; Multilevel systems; National security; Operating systems; Protection;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495981
