GLOBAL VIRTUAL VAULT: PREVENTING UNAUTHORIZED PHYSICAL DISCLOSURE BY THE INSIDER

Information providers on networks such as the Global Information Grid need to share sensitive information while still protecting that information from misuse. We show how common information-sharing mechanisms encourage and allow high-bandwidth, hard-to-detect information ex-filtration by malicious insiders, and by adversaries in the field. By leveraging netcentricity, modern stateless clients, and advances in distance visualization techniques, we can provide analysts and warfighters with highly-usable access to information that remains secured in high-availability, high-security data centers. We quantitatively analyze the intentional mid inadvertent data exfiltration paths of several off-the-shelf secure computing solutions and demonstrate how to re-engineer these systems to greatly reduce residual risk by limiting access to human-interaction protocols. This approach eliminates large classes of insider attacks that are largely unaddressed in most systems and concentrates traditional insider access to manageable, well-defended physical security perimeters.