Protecting Sensitive Information in Directory Services Using Virtual Directories

Claycomb, William R.; Shin, Dongwan

doi:10.1007/978-3-642-03354-4_19

Cited by 2 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Virtual directory instances can be highly customized to modify, or transform, data prior to client use. Recently, we proposed a solution for protecting information in directory services using virtual directories [10]. This approach uses a three-layered architecture, placing a virtual directory server (VDS) between the client and destination directory server.…”

Section: Recent Workmentioning

confidence: 99%

See 1 more Smart Citation

An Enhanced Approach to using Virtual Directories for Protecting Sensitive Information

Shin¹,

Claycomb²

2009

Proceedings of the 7th International Workshop on Security in Information Systems

View full text Add to dashboard Cite

Enterprise directory services are commonly used in enterprise systems to store object information relating to employees, computers, contacts, etc. These stores can act as information providers or sources for authentication and access control decisions, and could potentially contain sensitive information. An insider attack, particularly if carried out using administrative privileges, could compromise large amounts of directory information. We present a solution for protecting directory services information from insider attacks using existing key management infrastructure and a new component called a Personal Virtual Directory Service. We show how impact to existing users, client applications, and directory services are minimized, and how we prevent insider attacks from revealing protected data. Additionally, our solution is supported by implementation results showing the impact to client performance and directory storage capacity.

show abstract

Section: Recent Workmentioning

confidence: 99%

“…Using the shared key K cv also adds an additional component of risk, because it could potentially be used to compromise information taken directly from the directory store itself. For more detailed implementation information, please see [10].…”

Section: Recent Workmentioning

confidence: 99%