Transforming data for secure information exchange
Gateways can provide the Transform component in our Secure Information eXchange Architecture (SIXA). They modify the content or protocol for interoperability or security purposes.
The importance of transformation
The Transform component is used to change the format of the data and potentially the actual information. Examples include:
- transformation of emails from SMTP to X.400;
- transformation of documents from Microsoft Word to PDF;
- and translation of security labels from UK format to US format.
Transformation of data from one format to a different format can be useful to aid interoperability, but also can be useful in the overall reduction of malware by:
- Reducing the number of different types of data that the Validate component has to verify;
- Reducing the complexity of the data that the Validate component has to verify;
- Removing malware during the transition between the formats by only taking the relevant data and leaving behind potential malware hidden in unused areas of the format.
This is the cleansing of data to remove parts of the data that could contain either hidden data or malicious content. When data is being imported into a domain, there is a risk of malicious code being brought in. When data is being exported from a domain, there is a risk of accidental or intended information leakage.
Sanitisation of the data can be used to:
- Remove data that is hidden within the format. This may have been accidentally left in (for example Tracked Changes in Microsoft Word) or a deliberate attempt to hide information from manual inspection (for example sending white text on a white background or hiding text behind an image in a document);
- Modify data that is deemed to be sensitive to something that is benign;
- Remove data that is, or could potentially be, considered malware.
One way of sanitising data is to use regeneration.
This is rebuilding of the data into the same format that it started. Regeneration works by firstly breaking the data up into its constituent parts according to the format’s structure. Once this is done, it is possible to determine which sections of the content conform and which do not conform to a given policy.
Finally, the data is regenerated by taking the conformant data and placing it in a completely new version of the same format. The reason for doing this is to take only the known good parts of the data and leave behind potential malware hidden in the format.
By modifying the data either at a transport layer or higher application layer, a gateway is effectively acting as a protocol break which can disrupt certain protocol-level attacks.
FEATURED CASE STUDY
Connecting Multiple Networks Securely (European-based Programme) - Seamlessly moving data between networks is a key requirement for many large organisations to meet their operational needs. A cross-domain gateway and technology integration specialist can help your organisation adopt more modern ways of working in a secure manner. MORE DETAILS
FEATURED WHITE PAPER
Preventing Document Based Malware from Devastating Your Business - Viruses used to be the province of hackers whose aim was to demonstrate their technical prowess by defacing web sites. Today, security attacks are becoming much more sophisticated and infinitely more dangerous. MORE DETAILS
Be the first to know about developments in secure information exchange