[plug] preventing data "theft"

Stuart Midgley stuart.midgley at ivec.org
Mon Dec 11 16:02:05 WST 2006 

hmmm... perhaps make the data owned by another user and NOT allow the  
assistants to read the files... then make the actual statistics  
package setuid user?

That way, when they run the package, it runs as a user who has read  
access to the files... still doesn't prevent them copying the files,  
but does make it harder...


On 11/12/2006, at 15:43, Denis Brown wrote:

> Dear PLUG list members,
>
> I have a couple of thoughts on this one but would like to tap the  
> collective knowledge base a.k.a. be hit with the clue bat :-)
>
> Linux file server holds data for analysis.
> The statistics programmes to be used, reside on the server.
> The principal researcher has full access to all files.
> Server runs ssh, vncserver and precious little else in the way of  
> communications pathways!
> Firewalled, patched, limited access by IP range, blah, blah, blah.
>
> BUT...
>
> Principal researcher also wants to make data available for analysis  
> by others who have accounts on the server but without any  
> possibility of the data leaving the server - assistants should not  
> be able to copy the data.   Some of those assistants are physically  
> off site so no means of verifying their compliance.
>
> One thought I had was to set file permissions on the data area to  
> prevent access by assistants - but they need to be able to drill  
> down to directories and pass filenames into the stats package(s)  
> for analysis.   Ergo at that level at least they will have access  
> and could conceivably copy files.   I cannot NOT set them for read  
> permissions because the data DOES need to be read by the statistics  
> suites.
>
> Another thought was to offer packaged or scripted analyses but this  
> defeats the purpose somewhat of having assistants who can respond  
> to intermediate results, fine tune their analyses, etc.
>
> I could assign the assistants' accounts a /dev/nul home directory  
> which prevents their staging files there for subsequent copying but  
> that could prove problematic if the statistics programmes need to  
> write errors, logs, etc into a valid directory.
>
> The principal researcher is worried that just getting the  
> assistants to sign off on a legal document might not prevent the  
> leakage of data, however innocently.   The data is not "sensitive"  
> in that it is de-identified but falling into the Wrong Hands (tm)  
> might lead to out-of-context analyses, publications, etc.
>
> I may of course be missing the entirely obvious :-(
>
> TIA for your creativity,
> Denis
>
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>



--
Dr Stuart Midgley
Industry Uptake Program Leader
ARRC Facility Director
iVEC, 'The hub of advanced computing in Western Australia'
26 Dick Perry Avenue, Technology Park
Kensington WA 6151
Australia

Phone: +61 8 6436 8545
Fax: +61 8 6436 8555
Email: industry at ivec.org
WWW:  http://www.ivec.org

More information about the plug mailing list