Posture-based data protection
Organizations deal with an ever-increasing amount of sensitive data. To get their jobs done, employees copy such data to mobile and home devices – making it vulnerable to device theft and malware. We introduce Posture-Based Data Protection (PBDP), which encrypts data using keys available to a device only when it has been verified to be in a known good state, and has not subsequently performed any actions which place it at risk. This ensures that the sensitive data cannot be accessed, even by software with full system privileges, if there is a significant risk that the device could be compromised. Our prototype implementation of PBDP offers an attractive balance of security and ease-of-use, with performance competitive with alternative approaches.
- download PDF (272K)
Durfee, G. E.; Smetters, D. K.; Balfanz, D. Posture-based data protection . PARC technical report 06-11; September 2006.
Copyright © 2006 Palo Alto Research Center, Incorporated. All rights reserved.