System and method for detecting and mitigating the writing of sensitive data to memory
First Claim
1. A method for detecting an attempt to write sensitive data to a memory, comprising:
- detecting that an application has a function to write data to the memory;
rerouting the writing of the data to a separate memory location;
scanning the data for sensitive data content;
identifying sensitive data content within the data;
querying at least one security policy for an instruction whether to permit writing of the sensitive data content to the memory;
permitting the application to write the sensitive data content to the memory, depending on the at least one security policy;
waiting for an amount of time specified by the at least one security policy; and
determining if the sensitive data content is present in the memory after the amount of time.
6 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a system and method for detecting and mitigating the writing of sensitive or prohibited information to memory or communication media. The method includes detecting if an application is to write data to a memory, rerouting the writing of that data, and scanning the data for sensitive content or prohibited information. The scanning is done in accordance with one or more information security policies. If sensitive information is detected, the system has the option of issuing an alarm and/or preventing the sensitive information from being written, depending on the security policy. If the system permits the sensitive information to be written to memory, the system may spawn a file watcher object, which waits for a specified amount of time and then checks to see if the sensitive information has been deleted. If not, the system may issue an alarm or erase the sensitive information, depending on the security policy.
22 Citations
10 Claims
-
1. A method for detecting an attempt to write sensitive data to a memory, comprising:
-
detecting that an application has a function to write data to the memory; rerouting the writing of the data to a separate memory location; scanning the data for sensitive data content; identifying sensitive data content within the data; querying at least one security policy for an instruction whether to permit writing of the sensitive data content to the memory; permitting the application to write the sensitive data content to the memory, depending on the at least one security policy; waiting for an amount of time specified by the at least one security policy; and determining if the sensitive data content is present in the memory after the amount of time. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer readable medium encoded with instructions for detecting an attempt to write sensitive data to a memory, the instructions comprising:
-
detecting that an application has a function to write data to the memory; rerouting the writing of the data to a separate memory location; scanning the data for sensitive data content; identifying the sensitive data content within the data; querying at least one security policy for an instruction whether to permit writing of the sensitive data content to the memory; permitting the application to write the sensitive data content to the memory, depending on the at least one security policy; waiting for an amount of time specified by the at least one security policy; and determining if the sensitive data content is present in the memory after the amount of time. - View Dependent Claims (7, 8, 9, 10)
-
Specification
-
- Resources
-
Current AssigneeTrustwave Holdings Incorporated (Singapore Telecommunications Limited)
-
Original AssigneeTrustwave Corporation (Singapore Telecommunications Limited)
-
InventorsGreen, Kenneth, Carlson, Jacob
-
Application NumberUS12/081,247Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current726/1CPC Class CodesG06F 21/6218 to a system of files or obj...G06F 21/6245 Protecting personal data, e...G06F 21/78 to assure secure storage of...G06F 2221/2151 Time stamp
