1,956 research outputs found
Towards Secure and Leak-Free Workflows Using Microservice Isolation
Data leaks and breaches are on the rise. They result in huge losses of money
for businesses like the movie industry, as well as a loss of user privacy for
businesses dealing with user data like the pharmaceutical industry. Preventing
data exposures is challenging, because the causes for such events are various,
ranging from hacking to misconfigured databases. Alongside the surge in data
exposures, the recent rise of microservices as a paradigm brings the need to
not only secure traffic at the border of the network, but also internally,
pressing the adoption of new security models such as zero-trust to secure
business processes.
Business processes can be modeled as workflows, where the owner of the data
at risk interacts with contractors to realize a sequence of tasks on this data.
In this paper, we show how those workflows can be enforced while preventing
data exposure. Following the principles of zero-trust, we develop an
infrastructure using the isolation provided by a microservice architecture, to
enforce owner policy. We show that our infrastructure is resilient to the set
of attacks considered in our security model. We implement a simple, yet
realistic, workflow with our infrastructure in a publicly available proof of
concept. We then verify that the specified policy is correctly enforced by
testing the deployment for policy violations, and estimate the overhead cost of
authorization
Composition and Declassification in Possibilistic Information Flow Security
Formal methods for security can rule out whole classes of security vulnerabilities, but applying them in practice remains challenging. This thesis develops formal verification techniques for information flow security that combine the expressivity and scalability strengths of existing frameworks. It builds upon Bounded Deducibility (BD) Security, which allows specifying and verifying fine-grained policies about what information may flow when to whom. Our main technical result is a compositionality theorem for BD Security, providing scalability by allowing us to verify security properties of a large system by verifying smaller components. Its practical utility is illustrated by a case study of verifying confidentiality properties of a distributed social media platform. Moreover, we discuss its use for the modular development of secure workflow systems, and for the security-preserving enforcement of safety and security properties other than information flow control
CONFLLVM: A Compiler for Enforcing Data Confidentiality in Low-Level Code
We present an instrumenting compiler for enforcing data confidentiality in
low-level applications (e.g. those written in C) in the presence of an active
adversary. In our approach, the programmer marks secret data by writing
lightweight annotations on top-level definitions in the source code. The
compiler then uses a static flow analysis coupled with efficient runtime
instrumentation, a custom memory layout, and custom control-flow integrity
checks to prevent data leaks even in the presence of low-level attacks. We have
implemented our scheme as part of the LLVM compiler. We evaluate it on the SPEC
micro-benchmarks for performance, and on larger, real-world applications
(including OpenLDAP, which is around 300KLoC) for programmer overhead required
to restructure the application when protecting the sensitive data such as
passwords. We find that performance overheads introduced by our instrumentation
are moderate (average 12% on SPEC), and the programmer effort to port OpenLDAP
is only about 160 LoC.Comment: Technical report for CONFLLVM: A Compiler for Enforcing Data
Confidentiality in Low-Level Code, appearing at EuroSys 201
- …