DLPFS: The Data Leakage Prevention FileSystem

TL;DR

DLPFS is a filesystem layer designed to prevent data leaks caused by human error or misconfiguration, seamlessly integrating with existing systems to enhance data security without significant performance impact.

Contribution

It introduces a novel filesystem interface that systematically protects against data leakage, complementing existing access controls and addressing human error in data sharing environments.

Findings

DLPFS effectively prevents unauthorized data access due to misconfigurations.

The system maintains acceptable performance levels in empirical evaluations.

It seamlessly integrates with existing security infrastructure.

Abstract

Shared folders are still a common practice for granting third parties access to data files, regardless of the advances in data sharing technologies. Services like Google Drive, Dropbox, Box, and others, provide infrastructures and interfaces to manage file sharing. The human factor is the weakest link and data leaks caused by human error are regrettable common news. This takes place as both mishandled data, for example stored to the wrong directory, or via misconfigured or failing applications dumping data incorrectly. We present Data Leakage Prevention FileSystem (DLPFS), a first attempt to systematically protect against data leakage caused by misconfigured application or human error. This filesystem interface provides a privacy protection layer on top of the POSIX filesystem interface, allowing for seamless integration with existing infrastructures and applications, simply augmenting existing security controls. At the same time, DLPFS allows data administrators to protect files shared within an organisation by preventing unauthorised parties to access potentially sensitive content. DLPFS achieves this by transparently integrating with existing access control mechanisms. We empirically evaluate the impact of DLPFS on system's performances to demonstrate the feasibility of the proposed solution.