SECol allows users to tag files or device nodes with sensitive data. At runtime, SECol intercepts the information flow related system calls via kprobe and inspect memory content via virtual machine introspection to track the propagation of sensitive data.

SECol uses an innovative hybrid architecture for tracking sensitive data. It tracks both the flow and the content of data. SECol uses the virtual machine introspection to snoop the memory content, which isolates the target system from the monitoring mechanism and is also able to bypass transport layer encryption.

Tracking the flow of sensitive data is very important for both government agencies and corporates. Following the implementation of the Personal Data Protection Act,
businesses at any level and of any type all have to pay attention to the management and protection of personal data. The proposed technology can be materialized through various channels including IT equipment vendors, cybersecurity companies, or system integration companies.