Go home now Header Background Image
Submission Procedure
share: |
Follow us
Volume 15 / Issue 15

available in:   PDF (242 kB) PS (6 MB)
Similar Docs BibTeX   Write a comment
Links into Future
DOI:   10.3217/jucs-015-15-2999


A User Controlled Approach for Securing Sensitive Information in Directory Services

William Claycomb (Sandia National Laboratories Albuquerque, USA)

Dongwan Shin (New Mexico Tech University, USA)

Abstract: Enterprise directory services are commonly used in enterprise systems to store object information relating to employees, computers, contacts, etc. These stores can act as information providers or sources for authentication and access control decisions, and could potentially contain sensitive information. An insider attack, particularly if carried out using administrative privileges, could compromise large amounts of directory information. We present two solutions for protecting directory services information from insider attacks. The first is a centralized approach utilizing a customized virtual directory server. The second is a distributed approach using existing key management infrastructure and a new component called a Personal Virtual Directory Service. We explain how these solutions interact with existing directory services and client applications. We also show how impact to existing users, client applications, and directory services are minimized, and how we prevent insider attacks from revealing protected data. We compare and contrast both solutions, including potential tradeoffs, administrative overhead, and enterprise systems impact. Additionally, our solution is supported by implementation results showing the impact to client performance and directory storage capacity.

Keywords: directory, security and protection

Categories: H.2.7, K.6.5