logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-07032023-165231


Tipo di tesi
Tesi di laurea magistrale
Autore
PIERAMI, NICOLO'
URN
etd-07032023-165231
Titolo
Data Loss Prevention in enterprise public cloud application with confidential data management
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Bernardeschi, Cinzia
relatore Ferrari, Gian Luigi
tutor Giusti, Marco
Parole chiave
  • data loss prevention
  • entropy
  • ransomware
Data inizio appello
21/07/2023
Consultabilità
Non consultabile
Data di rilascio
21/07/2063
Riassunto
Data Loss Prevention is a technique that allows to identify, monitor, and protect data in motion, in use and at rest. Ransomware is a type of malware and being infected with it is one of the biggest risks for an enterprise. The function of ransomware is to encrypt files and then ask the victim for a ransom. Ransomwares currently in use, offered under the Ransomware-as-a-Service (RaaS) model, can be configured to exfiltrate data and doubly extort victims with the integrity and confidentiality of the attacked data. This pattern increases the number of attacks because attackers don't need to have the technical knowledge to launch these attacks.
In this thesis, Data Loss Prevention (DLP) issue in a public cloud environment for an enterprise is studied. In particular, a technique based on entropy has been designed, implemented, and validated to detect in almost instantaneous time all types of ransomwares, including zero-day ones. The quantity on which this technique is based is the entropy, that measures the “randomness” of a file. One of the characteristics of ciphers is that they make the text appear random. It is possible to assume that an encrypted file has a higher entropy value than the same file but unencrypted. Using well-known algorithms proposed by the National Institute of Standards and Technology, different estimates of the entropy of a given file are obtained. At this point it is possible to compare the estimate obtained with a threshold to decide whether the file has been encrypted or not, and then to detect ransomwares.
File