GGrantIndex
← Search

CSR: Small: An Information Accountability Architecture for Distributed Enterprise Systems

$470,000FY2009CSENSF

Columbia University, New York NY

Investigators

Abstract

Personally identifiable or sensitive information (PII) has become a target of attackers seeking financial gain through its misuse. With the trend toward storing and processing PII on complex and insecure systems, the need for improved protection has become a goal of enterprise policy and legislative efforts. In this project, we investigate Concatenated Dynamic Information Flow Tracking (CDIFT), an architecture for performing dynamic information flow analysis at various system levels and across multiple processes in a distributed enterprise. CDIFT will allow administrators to ?map? the enterprise business logic (applications, network, storage) and determine where information of interest is stored or transmitted. The same mechanism can also be used to enforce an information flow policy, restricting where and by whom such information can be viewed. CDIFT will complement and enhance current compliance and auditing efforts, which require considerable recurrent effort and a large number of man-hours spent by administrators and auditors on understanding existing systems. We will develop and experimentally evaluate novel techniques for conducting fine-grained tracking of information of interest (as defined by the system operator or, in the future, by end-users, in a flexible, context-sensitive manner) toward mapping the paths that such information takes through the enterprise and providing a means for enforcing information flow and access control policies. Our hypothesis is that it is possible to create efficient fine-grained information tracking and access control mechanisms that operate throughout an enterprise legacy computing infrastructure through appropriate use of hypervisors and distributed tag propagation protocols.

View original record on NSF Award Search →