Towards Quantification of Network-Based Information Leaks via HTTP
暂无分享,去创建一个
As the Internet grows and network bandwidth continues to increase, administrators are faced with the task of keeping confidential information from leaving their networks. Today's network traffic is so voluminous that manual inspection would be unreasonably expensive. In response, researchers have created data loss prevention systems that check outgoing traffic for known confidential information. These systems stop naive adversaries from leaking data, but are fundamentally unable to identify encrypted or obfuscated information leaks. What remains is a wide open pipe for sending encrypted data to the Internet.
We present an approach for quantifying network-based information leaks. Instead of trying to detect the presence of sensitive data--an impossible task in the general case--our goal is to measure and constrain its maximum volume. We take advantage of the insight that most network traffic is repeated or determined by external information, such as protocol specifications or messages sent by a server. By discounting this data, we can isolate and quantify true information leakage. In this paper, we present leak measurement algorithms for the Hypertext Transfer Protocol (HTTP), the main protocol for web browsing. When applied to real web traffic from different scenarios, the algorithms show a reduction of 94-99.7% over a raw measurement and are able to effectively isolate true information flow.
[1] Carla E. Brodley,et al. IP covert timing channels: design and detection , 2004, CCS '04.
[2] DoD 5200 . 28-STD-DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION , 2002 .
[3] Martin Vetterli,et al. Communication using phantoms: covert channels in the Internet , 2001, Proceedings. 2001 IEEE International Symposium on Information Theory (IEEE Cat. No.01CH37252).
[4] Kevin Borders,et al. Web tap: detecting covert web traffic , 2004, CCS '04.