SBIR Phase I: Automated Discovery and Removal of Hidden Data in Digital Documents

This Small Business Innovative Research Phase I project will demonstrate the information security risks posed by sharing desktop publishing documents, which occurs frequently over the Internet, and the feasibility of mitigating those risks using rigorous software techniques. Microsoft's Object Linking and Embedding (OLE) and Component Object Model (COM) standards permit seamless integration of software applications to produce professional looking documents commonly described as Desktop Publishing. Unfortunately, these standards do not consider privacy or security, leading to significant vulnerabilities. These security problems are created during the routine use of an application, and the user is generally unaware that this information has been included in the file. SRS Technologies will demonstrate the risks caused by embedded objects, Meta data, and file fragmentation using the Microsoft Office XP suite to generate digital documents with known problems that the average user is likely to unwittingly create. Next, SRS Technologies will demonstrate why existing review techniques are inadequate for identifying and removing unintended data. Finally, SRS Technologies will develop and demonstrate software techniques to decompose OLE/COM documents and expose the hidden data for sanitization.
Information sharing over the Internet is expanding exponentially. Any organization, Government or commercial, that has sensitive information to protect will benefit. Society will benefit from the availability of simple, reliable, easy-to-use tools for use by professionals (law, health, financial, etc.) with sensitive client information.