SHF: Medium: MEDITA - Multi-Layer Enterprise-Wide Dynamic Information-Flow Tracking and Assurance
Georgia Tech Research Corporation, Atlanta GA
Investigators
Abstract
Enterprise Information Systems (EIS) continually face attacks ranging from data leaks to the spread of malware; these attacks cost companies billions of dollars annually and can result in critical loss or leakage of data. Existing defenses typically either attempt to secure the hosts within the enterprise or add a security perimeter to the network. These conventional defenses are ineffective in the face of compromised hosts, mobile devices, and insider threats. Dynamic Information-Flow Tracking (DIFT) techniques maintain data provenance information about objects within the system and control information flow by defining and implementing policies that dictate how that information should be allowed to flow. Although powerful, existing DIFT approaches are limited by the fact of targeting only a single layer on a single physical host, which limits their effectiveness and practical applicability. This research will develop MEDITA, a multi-layer DIFT mechanism that can precisely, securely, and efficiently track data flowing within a networked EIS and across layers, and control the flow of such data based on the data provenance and the security policy in place. Multi-layer DIFT holds great promise for controlling information flow within an enterprise in many real-world scenarios. Despite its appeal, however, realizing a system that could implement such DIFT policies in practice is extremely challenging because of the wide variety of attacks that can be mounted, ranging from copying and pasting the sensitive data to writing the document to removable storage or a mobile device. To address these and other challenges, this research will (1) refine existing techniques for performing DIFT within the individual layers of an EIS, (2) design and implement the integration and inter-operation of DIFT techniques between layers, (3) define a language that can be used to express multi-layer security policies for the EIS and mechanisms for translating those policies to tainting and enforcement mechanisms; and (4) Develop a prototype implementation of MEDITA and perform experiments by using the prototype to apply MEDITA to realistic information-flow tracking control scenarios.
View original record on NSF Award Search →