Towards practical avoidance of information leakage in enterprise networks

Jason Croft, Matthew Caesar

Research output: Contribution to conferencePaperpeer-review

Abstract

Preventing exfiltration of sensitive data is a central challenge facing many modern networking environments. In this paper, we propose a network-wide method of confining and controlling the flow of sensitive data within a network. Our approach is based on black-box differencing - we run two logical copies of the network, one with private data scrubbed, and compare outputs of the two to determine if and when private data is being leaked. To ensure outputs of the two copies match, we build upon recent advances that enable computing systems to execute deterministically at scale and with low overheads. We believe our approach could be a useful building block towards building general-purpose schemes that leverage black-box differencing to mitigate leakage of private data.

Original languageEnglish (US)
StatePublished - 2011
Event6th USENIX Workshop on Hot Topics in Security, HotSec 2011 - San Francisco, United States
Duration: Aug 9 2011 → …

Conference

Conference6th USENIX Workshop on Hot Topics in Security, HotSec 2011
Country/TerritoryUnited States
CitySan Francisco
Period8/9/11 → …

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Towards practical avoidance of information leakage in enterprise networks'. Together they form a unique fingerprint.

Cite this