Preventing unauthorized data flows
Preventing unauthorized data flows
Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.
41-62
Uzun, Emre
6a346a23-8598-41b1-9d67-d13419d25f9f
Parlato, Gennaro
c28428a0-d3f3-4551-a4b5-b79e410f4923
Atluri, Vijayalakshmi
f4401f35-3e76-4846-9ce8-4bb8362079fe
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Vaidya, Jaideep
7dfa994e-6422-4a65-b938-ad19fd283930
Sural, Shamik
60e4c319-a321-4613-b598-f2c20032d184
Lorenzi, David
544781b1-dfa7-4e2a-94db-a81ffeef4f81
July 2017
Uzun, Emre
6a346a23-8598-41b1-9d67-d13419d25f9f
Parlato, Gennaro
c28428a0-d3f3-4551-a4b5-b79e410f4923
Atluri, Vijayalakshmi
f4401f35-3e76-4846-9ce8-4bb8362079fe
Ferrara, Anna Lisa
6bc9ff9b-aa7d-4124-8de1-73aeda822d7e
Vaidya, Jaideep
7dfa994e-6422-4a65-b938-ad19fd283930
Sural, Shamik
60e4c319-a321-4613-b598-f2c20032d184
Lorenzi, David
544781b1-dfa7-4e2a-94db-a81ffeef4f81
Uzun, Emre, Parlato, Gennaro, Atluri, Vijayalakshmi, Ferrara, Anna Lisa, Vaidya, Jaideep, Sural, Shamik and Lorenzi, David
(2017)
Preventing unauthorized data flows.
Livraga, G. and Zhu, S.
(eds.)
In Data and Applications Security and Privacy XXXI. DBSec 2017.
vol. 10359,
Springer.
.
(doi:10.1007/978-3-319-61176-1_3).
Record type:
Conference or Workshop Item
(Paper)
Abstract
Trojan Horse attacks can lead to unauthorized data flows and can cause either a confidentiality violation or an integrity violation. Existing solutions to address this problem employ analysis techniques that keep track of all subject accesses to objects, and hence can be expensive. In this paper we show that for an unauthorized flow to exist in an access control matrix, a flow of length one must exist. Thus, to eliminate unauthorized flows, it is sufficient to remove all one-step flows, thereby avoiding the need for expensive transitive closure computations. This new insight allows us to develop an efficient methodology to identify and prevent all unauthorized flows leading to confidentiality and integrity violations. We develop separate solutions for two different environments that occur in real life, and experimentally validate the efficiency and restrictiveness of the proposed approaches using real data sets.
Text
DBSEC17
- Accepted Manuscript
More information
Accepted/In Press date: 5 May 2017
e-pub ahead of print date: 22 June 2017
Published date: July 2017
Venue - Dates:
Conference on Data and Applications Security and Privacy: 31st Annual IFIP WG 11.3, Temple University Center City (TUCC), Philadelphia, United States, 2017-07-19 - 2017-07-21
Organisations:
Electronics & Computer Science, Electronic & Software Systems
Identifiers
Local EPrints ID: 410623
URI: http://eprints.soton.ac.uk/id/eprint/410623
PURE UUID: 4b38b6a0-59c6-4274-b517-c66635095fc2
Catalogue record
Date deposited: 09 Jun 2017 09:15
Last modified: 16 Mar 2024 05:37
Export record
Altmetrics
Contributors
Author:
Emre Uzun
Author:
Gennaro Parlato
Author:
Vijayalakshmi Atluri
Author:
Anna Lisa Ferrara
Author:
Jaideep Vaidya
Author:
Shamik Sural
Author:
David Lorenzi
Editor:
G. Livraga
Editor:
S. Zhu
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics