Efficient Network-Based Enforcement of Data Access Rights
Today, databases, especially those serving/connected to the Internet need strong protection against data leakage stemming from misconfiguration, as well as from attacks, such as SQL injection.
Other insider and Advanced Persistent Threat (APT) attacks are also increasingly common threats in the security landscape.
We introduce access control list (ACL)-based policy checking and enforcement system designed specifically to prevent unauthorized (malicious or accidental) exfiltration of database records from real-life large scale systems. At the center of our approach is a trusted small-footprint and lightweight policy checker (e.g., implemented as a router function) that filters all outgoing traffic. We provably guarantee that only authorized data may be sent outside, and to the right recipients.
We design and formally prove security of two access control schemes, with distinct security and performance guarantees: one based on authenticated Bloom filters, and one based on either long or short (e.g. 16-bits long) aggregated MAC codes. The use of the short codes, while providing a clear performance benefit, cannot be proven secure by a simple reduction to existing aggregated MAC tools, and required careful handling and a concrete security analysis. The advantage of our schemes is that they are both simple yet much more efficient than the naive MAC-based access control.
Our solution requires explicit designation of each record-attribute-user tuple as permitted or disallowed. We rely on shared secret key cryptography, and our system can scale even for use by large organizations.
We implemented and deployed our algorithms in an industrial system setup. Our tests mimic usage scenarios of medium-size DB (10M records) of telephone company call records. Our experiments show that we achieve high (scalable) efficiency both in the server and checker computation, as well as extremely low communication overhead.
Keywordsprovably secure access control aggregate MAC Bloom filter implementation
Unable to display preview. Download preview PDF.
- 1.Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. In: SACMAT, pp. 185–194 (2008)Google Scholar
- 2.Becker, M.Y., Fournet, C., Gordon, A.D.: Secpal: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)Google Scholar
- 3.Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive, Report 2004/309 (2004), http://eprint.iacr.org/
- 5.Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996, pp. 164–173. IEEE (1996)Google Scholar
- 9.Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S., (eds.) ACM CCS 2006, October/November, pp. 79–88. ACM Press (2006)Google Scholar
- 10.Giani, A., Berk, V.H., Cybenko, G.V.: Data exfiltration and covert channels. In: Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense (2006)Google Scholar
- 11.Halfond, W.G., Viegas, J., Orso, A.: A classification of sql-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, pp. 65–81. IEEE (2006)Google Scholar
- 12.Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.-C., Steiner, M.: Outsourced symmetric private information retrieval. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 875–888. ACM Press (November 2013)Google Scholar
- 13.Jim, T.: Sd3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 106–115. IEEE (2001)Google Scholar
- 16.Li, N., Mitchell, J.C.: Rt: A role-based trust-management framework. In: Proceedings of DARPA Information Survivability Conference and Exposition 2003, vol. 1, pp. 201–212. IEEE (2003)Google Scholar
- 17.Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy 2002, pp. 114–130. IEEE (2002)Google Scholar
- 18.Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., Ghosal, D.: Sidd: A framework for detecting sensitive data exfiltration by an insider attack. In: 42nd Hawaii International Conference on System Sciences, HICSS 2009, pp. 1–10. IEEE (2009)Google Scholar
- 19.Rivest, R.L., Lampson, B.: SDSI – a simple distributed security infrastructure. In: Crypto (1996)Google Scholar