Smart India Hackathon
Hackathons are always awesome !! You build a product, interact with other hackers and overdose yourself off caffeine. And if we get unlimited RedBull, then it's just 10X Awesomeness.
My team was selected into the finals of Smart India Hackathon. We were selected for the Indian Space Research Organisation category.
Problem Statement: Novel Solution for preventing a breach of the confidential file from the organization other than already available methods in networking. The solution should also prevent uploading of data to the internet.
Solution: Our idea for this was a client-side solution: On every employee system, we will partition the system volume into two parts: Public and Confidential. Public Volume contains all the data that can go outside organization without any concern. Confidential Area contains all the confidential data deployed by system admin into this volume.
The Confidential Area will be completely isolated i.e. None of the following can be done on files of this area: Cut, Copy, Send To, Save As, Paste, Delete, Drag and Drop and many more commands. This ensures that none of the files from the confidential area can move to the public area or external drives.
What about uploading to Internet/Mail/Backend Script ?? How can we stop this ??
Our solution to this problem was: When the user wants to open confidential area, the user has to use our File Viewer tool to open the files.
At all other times, all the permission on file of the Confidential area will be revoked. This means that if the user tries to upload a file, it will be corrupt. The user may try bash script, program or any other way, it will not work because file simply does not exist without permissions.
File permissions will only be granted when the user opens the confidential file in File Viewer. Also, during this time (when File Viewer is opened), we are checking that FileViewer is in focus. Because the user can open File Viewer and then take advantage of granted file permissions.
We also handled a lot of other edge cases and were able to develop 60% of our product (Isolation part was done completely using a combination of registry modification, clipboard listeners to clear clipboard when copied data comes in, etc).
The further product development will be carried on after instructions from Indian Space Research Organisation.
My team was selected into the finals of Smart India Hackathon. We were selected for the Indian Space Research Organisation category.
Problem Statement: Novel Solution for preventing a breach of the confidential file from the organization other than already available methods in networking. The solution should also prevent uploading of data to the internet.
Solution: Our idea for this was a client-side solution: On every employee system, we will partition the system volume into two parts: Public and Confidential. Public Volume contains all the data that can go outside organization without any concern. Confidential Area contains all the confidential data deployed by system admin into this volume.
The Confidential Area will be completely isolated i.e. None of the following can be done on files of this area: Cut, Copy, Send To, Save As, Paste, Delete, Drag and Drop and many more commands. This ensures that none of the files from the confidential area can move to the public area or external drives.
What about uploading to Internet/Mail/Backend Script ?? How can we stop this ??
Our solution to this problem was: When the user wants to open confidential area, the user has to use our File Viewer tool to open the files.
At all other times, all the permission on file of the Confidential area will be revoked. This means that if the user tries to upload a file, it will be corrupt. The user may try bash script, program or any other way, it will not work because file simply does not exist without permissions.
File permissions will only be granted when the user opens the confidential file in File Viewer. Also, during this time (when File Viewer is opened), we are checking that FileViewer is in focus. Because the user can open File Viewer and then take advantage of granted file permissions.
We also handled a lot of other edge cases and were able to develop 60% of our product (Isolation part was done completely using a combination of registry modification, clipboard listeners to clear clipboard when copied data comes in, etc).
The further product development will be carried on after instructions from Indian Space Research Organisation.
0 comments