Practical Data-Leak Prevention for Legacy Applications in Enterprise Networks

dc.contributor.author Mundada, Yogesh
dc.contributor.author Ramachandran, Anirudh
dc.contributor.author Tariq, Mukarram Bin
dc.contributor.author Feamster, Nick
dc.contributor.corporatename Georgia Institute of Technology. College of Computing
dc.contributor.corporatename Georgia Institute of Technology. School of Computer Science
dc.date.accessioned 2011-01-19T22:30:53Z
dc.date.available 2011-01-19T22:30:53Z
dc.date.issued 2011
dc.description Research area: Information Security & Cryptography
dc.description Research topic: Network Security
dc.description.abstract Organizations must control where private information spreads; this problem is referred to in the industry as data leak prevention. Commercial solutions for DLP are based on scanning content; these impose high overhead and are easily evaded. Research solutions for this problem, information flow control, require rewriting applications or running a custom operating system, which makes these approaches difficult to deploy. They also typically enforce information flow control on a single host, not across a network, making it difficult to implement an information flow control policy for a network of machines. This paper presents Pedigree, which enforces information flow control across a network for legacy applications. Pedigree allows enterprise administrators and users to associate a label with each file and process; a small, trusted module on the host uses these labels to determine whether two processes on the same host can communicate. When a process attempts to communicate across the network, Pedigree tracks these information flows and enforces information flow control either at end-hosts or at a network switch. Pedigree allows users and operators to specify network-wide information flow policies rather than having to specify and implement policies for each host. Enforcing information flow policies in the network allows Pedigree to operate in networks with heterogeneous devices and operating systems. We present the design and implementation of Pedigree, show that it can prevent data leaks, and investigate its feasibility and usability in common environments. en_US
dc.identifier.uri http://hdl.handle.net/1853/36612
dc.language.iso en_US en_US
dc.publisher Georgia Institute of Technology en_US
dc.relation.ispartofseries SCS Technical Report ; GT-CS-11-01 en_US
dc.subject Data leaks en_US
dc.subject Encryption en_US
dc.subject Information flow control en_US
dc.subject Information security en_US
dc.subject Label management en_US
dc.subject Network security en_US
dc.title Practical Data-Leak Prevention for Legacy Applications in Enterprise Networks en_US
dc.type Text
dc.type.genre Technical Report
dspace.entity.type Publication
local.contributor.corporatename College of Computing
local.contributor.corporatename School of Computer Science
local.relation.ispartofseries College of Computing Technical Report Series
local.relation.ispartofseries School of Computer Science Technical Report Series
relation.isOrgUnitOfPublication c8892b3c-8db6-4b7b-a33a-1b67f7db2021
relation.isOrgUnitOfPublication 6b42174a-e0e1-40e3-a581-47bed0470a1e
relation.isSeriesOfPublication 35c9e8fc-dd67-4201-b1d5-016381ef65b8
relation.isSeriesOfPublication 26e8e5bc-dc81-469c-bd15-88e6f98f741d
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
434.9 KB
Adobe Portable Document Format
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
1.76 KB
Item-specific license agreed upon to submission