Abstract
Preventing exfiltration of sensitive data is a central challenge facing many modern networking environments. In this paper, we propose a network-wide method of confining and controlling the flow of sensitive data within a network. Our approach is based on black-box differencing - we run two logical copies of the network, one with private data scrubbed, and compare outputs of the two to determine if and when private data is being leaked. To ensure outputs of the two copies match, we build upon recent advances that enable computing systems to execute deterministically at scale and with low overheads. We believe our approach could be a useful building block towards building general-purpose schemes that leverage black-box differencing to mitigate leakage of private data.
Original language | English (US) |
---|---|
State | Published - 2011 |
Event | 6th USENIX Workshop on Hot Topics in Security, HotSec 2011 - San Francisco, United States Duration: Aug 9 2011 → … |
Conference
Conference | 6th USENIX Workshop on Hot Topics in Security, HotSec 2011 |
---|---|
Country/Territory | United States |
City | San Francisco |
Period | 8/9/11 → … |
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems
- Safety, Risk, Reliability and Quality