1 / 11

Pedigree : Network-wide Protection Against Enterprise Data Leaks

Pedigree : Network-wide Protection Against Enterprise Data Leaks. Team: Nick Feamster, Assistant Professor, School of CS Anirudh Ramachandran, PhD candidate, School of CS Yogesh Mundada, PhD student, School of CS Mukarram Tariq , PhD Georgia Tech pedigree@gtnoise.net

idola
Download Presentation

Pedigree : Network-wide Protection Against Enterprise Data Leaks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pedigree: Network-wide Protection Against Enterprise Data Leaks Team: Nick Feamster, Assistant Professor, School of CS Anirudh Ramachandran, PhD candidate, School of CS Yogesh Mundada, PhD student, School of CS MukarramTariq, PhD Georgia Tech pedigree@gtnoise.net http://gtnoise.net/pedigree

  2. Motivation: Data Leakage Prevention • Security breaches skyrocketing; each incident costs $6.75 million on average[1] • Privacy Rights Clearinghouse reports 93.8 million personal records as lost or stolen since 2005 • Many companies dealing in sensitive information (e.g., financial information, source code, health records) have little to no DLP infrastructure [1] 2010 Global Cost of a Data Breach, April 2010; http://www.ponemon.org/data-security

  3. Problems with Existing Technology • Not cohesive: needs separate solutions for data leaks through email, USB, network, etc. • Not Comprehensive: rely on heuristics to identify and filter confidential data—susceptible to circumvention (e.g., format conversion, encryption) • Complicated Maintenance and Management: policies have to be maintained both at endpoints and in the network—needs constant updating

  4. Pedigree’s Vision • Pedigree aims to stop many data leaks in enterprises—accidental or intentional—using a content-agnostic, formal approach called Information Flow Control [1] • Advantages • Highly expressive, fine-grained policy controls for both operators and users • Impossible to circumvent by encrypting or copy-pasting sensitive data • Low deployment overhead D. E. Denning, “A Lattice Model of Secure Information Flow”, CACM 1976

  5. How does Pedigree work? • Pedigree requires a small module on the OS at endpoints called a labeler (eqvt to installing antivirus software) • Pedigree associates metadata—called labels—to sensitive information. Labels are tracked across the enterprise by labelers • Enforcers located at end-hosts (i.e., as an OS module) and in the network (i.e., a firewall) enforce policies each time information flows from one resource to another

  6. Example Enterprise Network Fileserver Alice F Bob Policy DB Bob can read F • Alice sets policies on F • Allow only Bob read access to F • Disallow sending outside enterprise Although Bob can read F, he cannot copy F to a removable drive or send F outside the enterprise Alice first creates sensitive file F on fileserver But other users cannot

  7. Use-case 1 • Protecting company-wide information not ready for public release (e.g., quarterly reports) • Pedigree solution • Report creator adds a sensitive “taint” to the label of the report • Any user who accesses the data can only read it; they cannot electronically leak the data without compromising their operating system (very hard)

  8. Use-case 2 • A user wants to get feedback on a document from a diverse group of users in the enterprise, but does not wish them to take the document outside the enterprise servers • Pedigree solution • The user uses a simple GUI to create a new group (distinct from OS groups) giving other users only “read” but not “export” access • Users in the group can read the data, but cannot copy it to removable drives or send it over email • Users not in the group cannot even read the data (done separately from OS permission checks)

  9. Technical Details • Pedigree software on endpoints performs checks each time two resources with incompatible labels interact • e.g., a process reads a file labeled “sensitive” • If a process reads a sensitive file, its own label acquires the sensitive status • All future communication by this process will be labeled “sensitive”, and can be checked by enforcers • Stops accidental data leakage • Not thwarted by encrypting the sensitive information

  10. Target Market • Large number of potential customers • Financial / banking institutions • Organizations that maintain health records, or seek regulatory compliance • Corporations that wish to safeguard their internal reports, source code, etc. • Ideally, any institution that deals with sensitive information can benefit from Pedigree deployment

  11. Competition • Many security companies offer DLP products • RSA Data Loss Prevention, McAfee Data Loss Prevention, CA Technologies Security DLP, etc. • Key advantages of Pedigree • Content-agnostic: cannot be thwarted by encryption • Comprehensive solution: no need to purchase many different products (e.g., Host DLP, Network DLP, Email DLP, etc.) • Key limitation: Does not identify sensitive data

More Related