RedFlag: Reducing Inadvertent Leaks by Personal Machines

Reference monitors rely on correct access-control policies to prevent confidential data from leaking. Unfortunately, sensitive data is increasingly stored on personal machines operated by users who are either unwilling or unqualified to properly protect their sensitive files. This often leads to misconfigured applications and damaging leaks. In this paper, we describe RedFlag, a system designed to unobtrusively identify and protect sensitive files on personal machines. Our main insight is that personal machines often receive sensitive data from servers over encrypted network connections. Using this heuristic allows RedFlag to help prevent large classes of leaks, without requiring user-defined policies or changes to existing server-side and client-side applications.

[1]  Xiang Cao,et al.  Intentional access management: making access control usable for end-users , 2006, SOUPS '06.

[2]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[3]  Landon P. Cox,et al.  TightLip: Keeping Applications from Spilling the Beans , 2007, NSDI.

[4]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[5]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[6]  Yasushi Saito,et al.  Jockey: a user-space library for record-replay debugging , 2005, AADEBUG'05.

[7]  Andrew C. Myers,et al.  Untrusted hosts and confidentiality , 2001, SOSP.

[8]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[9]  Richard W. Hamming,et al.  Coding and Information Theory , 2018, Feynman Lectures on Computation.

[10]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[11]  Donald E. Porter,et al.  Laminar: practical fine-grained decentralized information flow control , 2009, PLDI '09.

[12]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[13]  Tal Garfinkel,et al.  VMwareDecoupling Dynamic Program Analysis from Execution in Virtual Environments , 2008, USENIX Annual Technical Conference.

[14]  Kevin Borders,et al.  Quantifying Information Leaks in Outbound Web Traffic , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[15]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[16]  Yali Liu,et al.  SIDD: A Framework for Detecting Sensitive Data Exfiltration by an Insider Attack , 2008, 2009 42nd Hawaii International Conference on System Sciences.

[17]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[18]  M. Eric Johnson,et al.  The Evolution of the Peer-to-Peer File Sharing Industry and the Security Risks for Users , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[19]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[20]  Adrian Perrig,et al.  CLAMP: Practical Prevention of Large-Scale Data Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[21]  Robert Lyda,et al.  Using Entropy Analysis to Find Encrypted and Packed Malware , 2007, IEEE Security & Privacy.

[22]  Qing Zhang,et al.  Glavlit: Preventing Exfiltration at Wire Speed , 2006, HotNets.

[23]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[24]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[25]  Martín Abadi,et al.  Authorizing applications in singularity , 2007, EuroSys '07.

[26]  Jason Flinn,et al.  Parallelizing security checks on commodity hardware , 2008, ASPLOS.

[27]  James A. Landay,et al.  Privacy risk models for designing privacy-sensitive ubiquitous computing systems , 2004, DIS '04.

[28]  Xiao Ma,et al.  AutoISES: Automatically Inferring Security Specification and Detecting Violations , 2008, USENIX Security Symposium.