Efficient Network-Based Enforcement of Data Access Rights

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8642)


Today, databases, especially those serving/connected to the Internet need strong protection against data leakage stemming from misconfiguration, as well as from attacks, such as SQL injection.

Other insider and Advanced Persistent Threat (APT) attacks are also increasingly common threats in the security landscape.

We introduce access control list (ACL)-based policy checking and enforcement system designed specifically to prevent unauthorized (malicious or accidental) exfiltration of database records from real-life large scale systems. At the center of our approach is a trusted small-footprint and lightweight policy checker (e.g., implemented as a router function) that filters all outgoing traffic. We provably guarantee that only authorized data may be sent outside, and to the right recipients.

We design and formally prove security of two access control schemes, with distinct security and performance guarantees: one based on authenticated Bloom filters, and one based on either long or short (e.g. 16-bits long) aggregated MAC codes. The use of the short codes, while providing a clear performance benefit, cannot be proven secure by a simple reduction to existing aggregated MAC tools, and required careful handling and a concrete security analysis. The advantage of our schemes is that they are both simple yet much more efficient than the naive MAC-based access control.

Our solution requires explicit designation of each record-attribute-user tuple as permitted or disallowed. We rely on shared secret key cryptography, and our system can scale even for use by large organizations.

We implemented and deployed our algorithms in an industrial system setup. Our tests mimic usage scenarios of medium-size DB (10M records) of telephone company call records. Our experiments show that we achieve high (scalable) efficiency both in the server and checker computation, as well as extremely low communication overhead.


provably secure access control aggregate MAC Bloom filter implementation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. In: SACMAT, pp. 185–194 (2008)Google Scholar
  2. 2.
    Becker, M.Y., Fournet, C., Gordon, A.D.: Secpal: Design and semantics of a decentralized authorization language. Journal of Computer Security 18(4), 619–665 (2010)Google Scholar
  3. 3.
    Bellare, M., Goldreich, O., Mityagin, A.: The power of verification queries in message authentication and authenticated encryption. Cryptology ePrint Archive, Report 2004/309 (2004),
  4. 4.
    Blaze, M., Feigenbaum, J., Keromytis, A.D.: KeyNote: Trust management for public-key infrastructures. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 59–625. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, 1996, pp. 164–173. IEEE (1996)Google Scholar
  6. 6.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13, 422–426 (1970)CrossRefzbMATHGoogle Scholar
  7. 7.
    Boyd, S.W., Keromytis, A.D.: SQLrand: Preventing SQL injection attacks. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 292–302. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Cash, D., Jarecki, S., Jutla, C., Krawczyk, H., Roşu, M.-C., Steiner, M.: Highly-scalable searchable symmetric encryption with support for boolean queries. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 353–373. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Curtmola, R., Garay, J.A., Kamara, S., Ostrovsky, R.: Searchable symmetric encryption: Improved definitions and efficient constructions. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S., (eds.) ACM CCS 2006, October/November, pp. 79–88. ACM Press (2006)Google Scholar
  10. 10.
    Giani, A., Berk, V.H., Cybenko, G.V.: Data exfiltration and covert channels. In: Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense (2006)Google Scholar
  11. 11.
    Halfond, W.G., Viegas, J., Orso, A.: A classification of sql-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, pp. 65–81. IEEE (2006)Google Scholar
  12. 12.
    Jarecki, S., Jutla, C.S., Krawczyk, H., Rosu, M.-C., Steiner, M.: Outsourced symmetric private information retrieval. In: Sadeghi, A.-R., Gligor, V.D., Yung, M. (eds.) ACM CCS 2013, pp. 875–888. ACM Press (November 2013)Google Scholar
  13. 13.
    Jim, T.: Sd3: A trust management system with certified evaluation. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 106–115. IEEE (2001)Google Scholar
  14. 14.
    Katz, J., Lindell, A.Y.: Aggregate message authentication codes. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 155–169. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Kolesnikov, V.: MAC aggregation with message multiplicity. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 445–460. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    Li, N., Mitchell, J.C.: Rt: A role-based trust-management framework. In: Proceedings of DARPA Information Survivability Conference and Exposition 2003, vol. 1, pp. 201–212. IEEE (2003)Google Scholar
  17. 17.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust-management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy 2002, pp. 114–130. IEEE (2002)Google Scholar
  18. 18.
    Liu, Y., Corbett, C., Chiang, K., Archibald, R., Mukherjee, B., Ghosal, D.: Sidd: A framework for detecting sensitive data exfiltration by an insider attack. In: 42nd Hawaii International Conference on System Sciences, HICSS 2009, pp. 1–10. IEEE (2009)Google Scholar
  19. 19.
    Rivest, R.L., Lampson, B.: SDSI – a simple distributed security infrastructure. In: Crypto (1996)Google Scholar
  20. 20.
    Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys & Tutorials 9(3), 44–57 (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.AT&T Security Research CenterNew YorkUSA
  2. 2.Bell LabsMurray HillUSA
  3. 3.New York UniversityNew YorkUSA
  4. 4.BionymTorontoCanada

Personalised recommendations