DOI: 10.62520/fujece.1915740 ISSN: 2822-2881

An Endpoint-Oriented DLP Architecture for Preventing USB-Based Data Leakage in Air-Gapped Environments

Yusuf Mert Velioğlu, Berna Gürler Ari
In air-gapped network architectures, where physical isolation is critical, traditional network security controls are limited in nature, and data leakages are often facilitated by portable storage devices such as USB devices. This research proposes the design and experimental evaluation of Data Leak Prevention architecture, which has been specially designed to counter data leakages due to USB devices in air-gapped architectures. The Data Leak Prevention architecture is an offline architecture and relies on mandatory transfer interface control at the endpoints. The proposed methodology has also aimed at addressing the issues associated with Analog Hole scenarios by incorporating an OCR engine in the rule-based content analysis for scanned documents and image files. Additionally, to ensure uninterrupted operation and to overcome issues due to contextual ambiguity, a Human-in-the-Loop mechanism has also been integrated into this architecture.The evaluation process was performed using balanced data sets for texts, images, and mixed scenarios. Normalized and proportional performance metrics were used for presenting the experimental outcomes. Experimental outcomes have shown that high and consistent levels of detection are achieved for text-based content analysis scenarios, and the OCR support for the pipeline has helped in achieving higher levels in image-based scenarios with a few instances of failure due to sensitivity to image quality. For mixed scenarios, balanced levels are achieved using both methods combined, and it is validated that attempts for unauthorized copying outside the mandatory transfer stream can be prevented using the anti-bypass approach.Moreover, the functionality of the management layer with minimal resource usage was validated, making it appropriate for environments that require minimal power usage, such as those in the Raspberry Pi family. In conclusion, the proposed approach in this research provides a DLP solution that is endpoint-centric, content-sensitive, and operationally viable, particularly for environments that are air-gapped and resource-scarce.

More from our Archive