Posture-based data protection


Durfee, G. E.; Smetters, D. K.; Balfanz, D. Posture-based data protection . PARC TR-2006-11; 2006 September.


Organizations deal with an ever-increasing amount of sensitive data. To get their jobs done, employees copy such data to mobile and home devices making it vulnerable to device theft and malware. We introduce Posture-Based Data Protection (PBDP), which encrypts data using keys available to a device only when it has been verified to be in a known good state, and has not subsequently performed any actions which place it at risk. This ensures that the sensitive data cannot be accessed, even by software with full system privileges, if there is a significant risk that the device could be compromised. Our prototype implementation of PBDP offers an attractive balance of security and ease-of-use, with performance competitive with alternative approaches.

Read more from SRI