File formats security - proprietary vs. open-source Edmund Laugasson (presenter) Tallinn University Kaido Kikkas Tallinn University Estonian IT College HCII 2014, Creta Maris, Heraklion, Crete, Greece http://www.tlu.ee/dsl The Digital Safety Lab is supported by the Tiger University Program of the Information Technology Foundation for Education.
HCII2014 presentation
Jul 08, 2015
HCII2014 presentation
http://2014.hci.international/
http://2014.hci.international/
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
File formats security - proprietary vs. open-source
Edmund Laugasson (presenter)
Tallinn University
Kaido KikkasTallinn University
Estonian IT College
HCII 2014, Creta Maris, Heraklion, Crete, Greece
http://www.tlu.ee/dsl The Digital Safety Lab is supported by the Tiger University Program of the Information Technology Foundation for Education.
Background
● digital information is shared as a file online
● the file has a format
● how to choose such document file format, that is
legible for all?
● computer-based format vs. online formats – this
paper focuses on computer-based formats
(interoperability framework->discussion)
Common office programs and file formats
MS Office● Text processing (MS Word)
– doc
– docx
● Spreadsheet (MS Excel)– xls
– xlsx
● Presentation (MS Powerpoint)– ppt
– pptx
– pps
– ppsx
LibreOffice● Text processing (Writer)
– odt
● Spreadsheet (Calc)– ods
● Presentation (Impress)– odp
● Math formula (Math)– odf
● Drawing (Draw)– odg
Background
● Estonia has adopted the interoperability framework,
based on a similar EU document
● among others, it regulates file formats for public
sector
– OpenDocument formats (ODT, ODS, ODP etc) for editing
– Portable Document Format (PDF) for viewing, printing
Problems
● interoperability framework is optional, not
mandatory and therefore often ignored
● people are using file formats not legible for all
(ignoring interoperability framework)
● files can have enormous size, may be corrupted
and contain sensitive data
● digital literacy is affected by influence of different file
formats – regardless of user skills
source: http://www.explainxkcd.com/wiki/index.php/1301:_File_Extensions
Our study
● research was carried out in Estonia
● autumn 2013
● different office documents from public sector web sites
were analyzed
● why: file sizes were too big
● the hypotheses: MS Office files (doc, docx, rtf) can contain
deleted and possibly sensitive information – new content is
often created on top of old one. Also, the same files are
smaller in OpenDocument format.
Research method
● document files (mostly MS Office) from Estonian
public sector web pages were analyzed
● files were renamed for easier indexing
● file content were replaced with new one and
examined using Emacs and Midnight Commander
to find out the actual content
● file sizes were registered – both original and
changed files and results were compared
Research method
Operating systems used:● 64-bit Ubuntu 12.04 LTS with 3.12.5 kernel● MS Windows XP Pro SP3, 32-bit (as virtual
machine in VirtualBox on Ubuntu 12.04 LTS)
Other software used:● MS Office 2003, 2010 (32-bit)● LibreOffice 4.1.3.2 (64-bit)● Emacs 23.3.1 (64-bit)● Midnight Commander 4.8.1 (64-bit)
Results
● first hypotesis: deleted information will remain inside file – was partially confirmed, as some small parts will remain
● second hypotesis: when saving DOC, DOCX, RTF into OpenDocument format ODT will reduce file size – was also partially confirmed. Usually DOC, DOCX will be smaller in ODT but RTF files saved in ODT will be bigger in some cases
● biggest surprise was: RTF files saved into ODT are occasionally bigger – this needs to be investigated further
Conclusions
● using MS Office file formats do not leak sensitive information but sizes are bigger than usually expected
● saving MS Word documents into OpenDocument will reduce file size in most cases
● keeping the same version of MS Word in all institutions at public sector is quite expensive
● file sharing should not be based on importing-exporting file formats – that is where the interoperability framework comes in
Question for the wider public● how is interoperability solved in your country?
– Do you have interoperability framework, that
regulates also used file formats?
– .... is it completely/partially fulfilled?
source: http://www.explainxkcd.com/wiki/index.php?title=1247:_The_Mother_of_All_Suspicious_Files
Thank you!
source: http://www.discoverhongkong.com/eng/images/plan-your-trip/large/5.4.5-Frequently-Asked-Questions_03.jpg
Contacts:Edmund [email protected]
Kaido [email protected]
The Digital Safety Lab is supported by the Tiger University Program of the Information Technology Foundation for Education.
Related Documents
