A System for Identification of Potentially Sensitive Data in the Cloud
URL
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
2022-08-22
Department
Major/Subject
Security and Cloud Computing (SECCLO)
Mcode
SCI3113
Degree programme
Master’s Programme in Security and Cloud Computing (SECCLO)
Language
en
Pages
48
Series
Abstract
Due to the increasing amount of digital services that handle sensitive data such as personal information, health information or financial information, data breaches are becoming more common and more costly. The cost of an average data breach in 2021 was USD 4.24 million. DLP solutions present a new and developing security paradigm that focuses on preventing data breaches. Unlike traditional security mechanisms, which analyze metadata and access rights, DLP solutions focus on analyzing content. Depending on the type of data is being analyzed, a wide range of data analysis methods can be used, such as regular expressions, fingerprinting methods or statistical methods. While many DLP solutions offer novel approaches in the dimension of data analysis methods, they do not focus on the usability aspect of defining data protection policies. In this thesis we explore the possibility of a solution that supports data protection policy definition using an interpreted DSL. Our solution aims to provide users with the ability to define data protection policies in an easily readable format that is based on the core concepts of the DLP paradigm. However, the interpretation of the DSL incurs certain performance overhead compared to native execution. Due to this, we make suggestions as to how the solution can be further improved upon, allowing it to reach minimal to no performance overhead, while also providing users with a new approach for defining data protection policies.Description
Supervisor
Appuswamy, RajaThesis advisor
Burke, JoshuaKeywords
data leakage prevention, domain specific languages, log analysis, cloud security