SBIR-STTR Award

The goal of this effort is to provide an application program for the review and release of Microsoft Office file formats within information domains comprised of multiple security and/or privacy levels. This initiative proposes to develop a prototype, robust file inspection application designed to expose data hidden in files created by Microsoft Office applications including Microsoft Word, PowerPoint, and Excel. As part of the ISSE Guard initiative, Dolphin Technology developed a simple Microsoft Office File inspection tool capable of identifying five different types of hidden information in Microsoft office files. Specifically: After preliminary analysis, we have identified at least thirteen other ways of hiding information in these files that need to be analyzed. In order to be commercially viable, we believe we must analyze, design, and, if feasible, prototype a standalone application that includes Application Programmer Interfaces (APIs) allowing it to be easily integrated with a wide range of other security devices including other Guards, firewalls, Multi Level Security (MLS) devices, and workflow management applications.

Benefits:
1. The anticipated benefits of the MOFIA technology will come in the form of an application program interface for the review and release of Microsoft Office file formats within information domains comprised of multiple security levels (military) and/or levels of privacy (commercial). 2. The commercial applications will encompass companies who release private data such as financial institutions, medical records, etc.

Keywords:
microsoft office file inspection, boundary control

Virtually all DoD and commercial organizations have come to rely upon Microsoft (MS) Office applications for documenting and exchanging a wide range of information in text documents, briefings, spreadsheets, and multimedia documents. While the value of these applications is indisputable, not everyone is aware of their ability to carry far more information than meets the eye. Such information falls into two general categories: metadata and hidden objects. Metadata is placed in the file by the application itself, whereas hidden objects are placed in the file by the application's user, either inadvertently or intentionally. Phase I analysis revealed that almost exclusively, existing commercial products focused on the detection of metadata, for the most part ignoring hidden objects. Our Phase II approach will employ the spiral development methodology to incrementally build a file inspection product that addresses both sets of requirements, across the DoD and the commercial marketplace. The initial spiral will accomplish a thorough design and develop a filter set that includes a basic GUI. Through subsequent spirals, additional filters will be developed and the GUI will be enhanced. Testing and documentation will become more formal, and an API-based architecture will be developed to facilitate integration into external applications or systems.

Keywords:
Microsoft Office, Metadata, Hidden Objects, File Inspection, Inadvertent Disclosure, Corporate Privacy, Spiral Development, Information Leakage