TY - GEN
T1 - SCIFFS
T2 - 26th ACM Symposium on Access Control Models and Technologies, SACMAT 2021
AU - Polinsky, Isaac
AU - Datta, Pubali
AU - Bates, Adam
AU - Enck, William
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/6/11
Y1 - 2021/6/11
N2 - Third-party security analytics allow companies to outsource threat monitoring tasks to teams of experts and avoid the costs of in-house security operations centers. By analyzing telemetry data from many clients these services are able to offer enhanced insights, identifying global trends and spotting threats before they reach most customers. Unfortunately, the aggregation that drives these insights simultaneously risks exposing sensitive client data if it is not properly sanitized and tracked. In this work, we present SCIFFS, an automated information flow monitoring framework for preventing sensitive data exposure in third-party security analytics platforms. SCIFFS performs decentralized information flow control over customer data it in a serverless setting, leveraging the innate polyinstantiated nature of serverless functions to assure precise and lightweight tracking of data flows. Evaluating SCIFFS against a proof-of-concept security analytics framework on the widely-used OpenFaaS platform, we demonstrate that our solution supports common analyst workflows data ingestion, custom dashboards, threat hunting) while imposing just 3.87% runtime overhead on event ingestion and the overhead on aggregation queries grows linearly with the number of records in the database (e.g., 18.75% for 50,000 records and 104.27% for 500,000 records) as compared to an insecure baseline. Thus, SCIFFS not only establishes a privacy-respecting model for third-party security analytics, but also highlights the opportunities for security-sensitive applications in the serverless computing model.
AB - Third-party security analytics allow companies to outsource threat monitoring tasks to teams of experts and avoid the costs of in-house security operations centers. By analyzing telemetry data from many clients these services are able to offer enhanced insights, identifying global trends and spotting threats before they reach most customers. Unfortunately, the aggregation that drives these insights simultaneously risks exposing sensitive client data if it is not properly sanitized and tracked. In this work, we present SCIFFS, an automated information flow monitoring framework for preventing sensitive data exposure in third-party security analytics platforms. SCIFFS performs decentralized information flow control over customer data it in a serverless setting, leveraging the innate polyinstantiated nature of serverless functions to assure precise and lightweight tracking of data flows. Evaluating SCIFFS against a proof-of-concept security analytics framework on the widely-used OpenFaaS platform, we demonstrate that our solution supports common analyst workflows data ingestion, custom dashboards, threat hunting) while imposing just 3.87% runtime overhead on event ingestion and the overhead on aggregation queries grows linearly with the number of records in the database (e.g., 18.75% for 50,000 records and 104.27% for 500,000 records) as compared to an insecure baseline. Thus, SCIFFS not only establishes a privacy-respecting model for third-party security analytics, but also highlights the opportunities for security-sensitive applications in the serverless computing model.
KW - Decentralized information flow control
KW - Security analytics
KW - Serverless computing
UR - http://www.scopus.com/inward/record.url?scp=85108154661&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85108154661&partnerID=8YFLogxK
U2 - 10.1145/3450569.3463567
DO - 10.1145/3450569.3463567
M3 - Conference contribution
AN - SCOPUS:85108154661
T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
SP - 175
EP - 186
BT - SACMAT 2021 - Proceedings of the 26th ACM Symposium on Access Control Models and Technologies
PB - Association for Computing Machinery
Y2 - 16 June 2021 through 18 June 2021
ER -