Glavlit: Preventing Exfiltration at Wire Speed

Protecting sensitive data is no longer a problem restricted to governments whose national security is at stake. With ubiquitous Internet connectivity, it is challenging to secure a network – not only to prevent attack, but also to ensure that sensitive data are not released. In this paper, we consider the problem of ensuring that only pre-authorized data leave a network boundary using either overt or covert channels, i.e., preventing exfiltration. We identify the goals of transparency , performance, and simplicity. A system designed to prevent exfiltration should not adversely affect the transfer of authorized data and should work with existing protocols. Key to our approach is: i) separating the process of vetting authorized objects from line-speed data verification; and ii) employing a restricted, but compliant, HTTP subset to limit covert channels. In our evaluation, we show that Glavlit adds little overhead to the operation of a software network bridge.

[1]  Claus Brabrand,et al.  Static validation of dynamically generated HTML , 2001, PASTE '01.

[2]  Ira S. Moskowitz,et al.  The Pump: a decade of covert fun , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[3]  Theodore G. Handel,et al.  Hiding Data in the OSI Network Model , 1996, Information Hiding.

[4]  Peter Wayner,et al.  Disappearing Cryptography: Information Hiding: Steganography and Watermarking (2nd Edition) , 2002 .

[5]  Maxim Anikeev,et al.  Network Based Detection of Passive Covert Channels in TCP/IP , 2005, The IEEE Conference on Local Computer Networks 30th Anniversary (LCN'05)l.

[6]  Mike Fisk,et al.  Eliminating Steganography in Internet Traffic with Active Wardens , 2002, Information Hiding.

[7]  Carla E. Brodley,et al.  IP covert timing channels: design and detection , 2004, CCS '04.

[8]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.