File formats security - proprietary vs. open-source Edmund Laugasson (presenter) Tallinn University Kaido Kikkas Tallinn University Estonian IT College HCII 2014, Creta Maris, Heraklion, Crete, Greece http://www.tlu.ee/dsl The Digital Safety Lab is supported by the Tiger University Program of the Information Technology Foundation for Education.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
File formats security - proprietary vs. open-source
Edmund Laugasson (presenter)
Tallinn University
Kaido KikkasTallinn University
Estonian IT College
HCII 2014, Creta Maris, Heraklion, Crete, Greece
http://www.tlu.ee/dsl The Digital Safety Lab is supported by the Tiger University Program of the Information Technology Foundation for Education.
● different office documents from public sector web sites
were analyzed
● why: file sizes were too big
● the hypotheses: MS Office files (doc, docx, rtf) can contain
deleted and possibly sensitive information – new content is
often created on top of old one. Also, the same files are
smaller in OpenDocument format.
Research method
● document files (mostly MS Office) from Estonian
public sector web pages were analyzed
● files were renamed for easier indexing
● file content were replaced with new one and
examined using Emacs and Midnight Commander
to find out the actual content
● file sizes were registered – both original and
changed files and results were compared
Research method
Operating systems used:● 64-bit Ubuntu 12.04 LTS with 3.12.5 kernel● MS Windows XP Pro SP3, 32-bit (as virtual
machine in VirtualBox on Ubuntu 12.04 LTS)
Other software used:● MS Office 2003, 2010 (32-bit)● LibreOffice 4.1.3.2 (64-bit)● Emacs 23.3.1 (64-bit)● Midnight Commander 4.8.1 (64-bit)
Results
● first hypotesis: deleted information will remain inside file – was partially confirmed, as some small parts will remain
● second hypotesis: when saving DOC, DOCX, RTF into OpenDocument format ODT will reduce file size – was also partially confirmed. Usually DOC, DOCX will be smaller in ODT but RTF files saved in ODT will be bigger in some cases
● biggest surprise was: RTF files saved into ODT are occasionally bigger – this needs to be investigated further
Conclusions
● using MS Office file formats do not leak sensitive information but sizes are bigger than usually expected
● saving MS Word documents into OpenDocument will reduce file size in most cases
● keeping the same version of MS Word in all institutions at public sector is quite expensive
● file sharing should not be based on importing-exporting file formats – that is where the interoperability framework comes in
Question for the wider public● how is interoperability solved in your country?