Preventing Unauthorized Data Flows

Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.

[1]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[2]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[3]  William D. Young,et al.  Secure Ada Target: Issues, System Design, and Verification , 1985, 1985 IEEE Symposium on Security and Privacy.

[4]  Srdjan Marinovic,et al.  Rumpole: a flexible break-glass access control model , 2011, SACMAT '11.

[5]  Mihalis Yannakakis,et al.  Edge-Deletion Problems , 1981, SIAM J. Comput..

[6]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[7]  Hong Chen,et al.  Combining Discretionary Policy with Mandatory Information Flow in Operating Systems , 2011, TSEC.

[8]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[9]  R. Sekar,et al.  Provenance-based Integrity Protection for Windows , 2015, ACSAC.

[10]  Bei Yu,et al.  TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[11]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[12]  Mihalis Yannakakis,et al.  Node-and edge-deletion NP-complete problems , 1978, STOC.

[13]  Dawn Song,et al.  Privacy Scope: A Precise Information Flow Tracking System For Finding Application Leaks , 2009 .

[14]  Jason Crampton,et al.  Cryptographic Enforcement of Role-Based Access Control , 2010, Formal Aspects in Security and Trust.

[15]  Michael Franz,et al.  Dynamic taint propagation for Java , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[16]  Hong Chen,et al.  Trojan horse resistant discretionary access control , 2009, SACMAT '09.

[17]  Georg Fuchsbauer,et al.  Cryptographically Enforced RBAC , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[18]  Li Gong,et al.  The complexity and composability of secure interoperation , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[19]  Jörg Flum,et al.  Parameterized Complexity Theory (Texts in Theoretical Computer Science. An EATCS Series) , 2006 .

[20]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[21]  Christophe Bidan,et al.  An Improved Reference Flow Control Model for Policy-Based Intrusion Detection , 2003, ESORICS.

[22]  R. Sekar,et al.  Towards more usable information flow policies for contemporary operating systems , 2014, SACMAT '14.

[23]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[24]  Daniel F. Sterne,et al.  Practical Domain and Type Enforcement for UNIX , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[25]  Kotagiri Ramamohanarao,et al.  Role engineering using graph optimisation , 2007, SACMAT '07.

[26]  Helmut Petritsch Break-Glass - Handling Exceptional Situations in Access Control , 2014 .

[27]  Tzi-cker Chiueh,et al.  A General Dynamic Information Flow Tracking Framework for Security Applications , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[28]  Valérie Viet Triem Tong,et al.  Flow Based Interpretation of Access Control: Detection of Illegal Information Flows , 2011, ICISS.

[29]  R. Y. Kain,et al.  A further note on the confinement problem , 1996, 1996 30th Annual International Carnahan Conference on Security Technology.

[30]  Robert E. Tarjan,et al.  Fast exact and heuristic methods for role minimization problems , 2008, SACMAT '08.

[31]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[32]  Jörg Flum,et al.  Parameterized Complexity Theory , 2006, Texts in Theoretical Computer Science. An EATCS Series.