Enterprise Digital Rights Management: Solutions against Information Theft by Insiders

Insider attack is one of the most serious cybersecurity threats to corporate America. Among all insider threats, information theft is considered the most damaging in terms of potential financial loss. Moreover, it is also especially difficult to detect and prevent, because in many cases the attacker has the proper authority to access the stolen information. Enterprise Digital Rights Management (E-DRM) protects sensitive information by managing and enforcing access and usage rights to the information throughout its lifecycle, no matter where the information is distributed. However, the self-protection strength of the DRM client software has always been a potential weakness for all DRM solutions, and application-specific implementation also restricts the deployment of many E-DRM systems. In this report, we review the general DRM architecture and several commercial systems, and describe the design, implementation and evaluation of an industrial-strength system called Display-Only File Server (DOFS), which can transparently and effectively stop information theft by insiders in most cases, even if the insiders have proper authorities to read/write the protected information. The DOFS architecture ensures that bits of a sensitive file never leave a protected server after the file is checked in and users can still interact with the protected file in the same way as if it is stored locally. Essentially, DOFS decouples "display access" from other types of accesses to a protected file, and provides users only the "display image" rather than bits of the file. Therefore, DOFS can have less dependency on the trusted client software against information theft by insiders.