Download presentation
Presentation is loading. Please wait.
Published byNeal Gyles Robinson Modified over 9 years ago
1
SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual Computer Security Applications Conference (ACSAC) 2013
2
Data Breach Incidents Sony Data Breach (SQL Injection, 2011) Citibank (Web application vulnerability, 2012) Twitter (2013) Adobe (2013) 90% of the data leakages occur at server. 95% of those leaks are from external attacks. 2
3
Common Server-Side Vulnerabilities Injection Attacks Broken Authentication and Session Management Insecure Direct Object References Security Misconfiguration Vulnerable Components and Libraries (Open Web Application Security Project) 3
4
Current Protection Mechanisms Penetration testing Automated code review Application firewalls Data loss prevention devices Shortcomings No protection against zero day attacks Once compromised, can’t stop data theft Focus on protecting data, rather than the underlying system 4
5
Design Goals Security: Decouple data protection from the application Deployment: Minimize changes to existing applications Performance: Minimize overhead 5
6
SilverLine Design Non-Goals Kernel-level vulnerabilities Covert channels Malicious software on the database Inside threats Data modification attacks 6
7
SilverLine Overview 7 Step #1: Tag Sensitive Data Step #2: Associate User with SessionStep #3: Retrieve Data with TaintsStep #4: Track DataStep #5: Declassify Response
8
SilverLine Components Authentication Module Database Proxy Information Flow Monitor Declassifier 8
9
9 Process Information Flow Tracking Kernel Webserver Process SilverLine Architecture 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database 7 8 9 10 14. Send Response 15. Check Session Permissions 16. Return Response Process Database Node Authentication Node Firewall Server
10
Step #1: Initial Configuration Indentify and mark sensitive tables Find unique user key Find foreign keys Find table groups Find tables to monitor for insert query Create taint-storage tables in each group 10
11
User-IDNameTransact-ID 1John Smith100 2Jane Doe200 Step #1: Configuration Example User Table Transact-IDTransact-noItem 20037DVD 20038PHONE 10089BRUSH Transaction Table User-IDTaint 1‘A’ 2‘B’ User-Taint Table SELECT Name FROM User WHERE User-ID = ‘2’ SELECT Name, Taint FROM User u, User-Taint ut WHERE User-ID = ‘2’ AND u.User-ID = ut.User-ID SELECT Item FROM Transaction WHERE Transact-ID = ‘200’ and Transact-no=‘37’ Transact-Taint Table Transact-IDTaint 100‘A’ 200‘B’ SELECT Item, Taint FROM Transaction t, Transact-Taint tt WHERE Transact-ID = ‘200’ and Transact-no=‘37’ and t.Transact-ID = tt.Transact-ID 11
12
Step #2a: Authenticate User 12 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server
13
Step #2b: Decide Session Capability 13 User- Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table Trusted Realm Process Database Tables 2. Authenticate {username, password} 3. Verify & Authenticate 4. Store {Cookie1, User1} 5. Store {SIP:SP-DIP:DP-Prot, Taint1} 4. Verify Cookie Authentication Node
14
Step #3: Retrieve Taints with Data 14 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server
15
Step #3: DB Proxy Operation Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Connection Taints Table 6. Execute query from Webserver 7. Match Regular Expression 8. Parse Query And generate Regular expressions 9. Store Query, Taint Query 10. Execute Data + Taint Retrieval Query 11. Store {5-tuple, Taint} 12. Return results To Webserver Trusted RealmProcessDatabase Tables 15
16
Database Server Database Proxy UserIDUsernameSSN 1Alice999-99-9999 2Bob888-88-8888 UserIDTaint 10xABCDEF 20x123456 user table user_taints table “SELECT name from user WHERE UserID=1” 1Alice999-99-9999 Taint applied to network connection 0xABCDEF Data Query “SELECT name, taint from user u, user- taints ut WHERE UserID=1 and u.UserID=ut.UserID” 1Alice999-99-9999 Modified Query by Proxy Query Results 16 Step #3: Apply Taint to Connection
17
Step #4: Track Data 17 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database 7 8 9 10 Process Database Node Authentication Node Firewall Server
18
Step #4: Information Flow Tracking Per-process taint records Monitors system calls – IPC {send, shmat, kill}, – File/Device operations {read, unlink}, – Process management {fork, execve}, – Memory {mmap}, – Kernel configuration{sysctl} Taint transfer with information exchange Network database “connection-taints” to transfer taints across machines 18
19
Step #5: Declassification 19 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database 7 8 9 10 14. Send Response 15. Check Session Permissions 16. Return Response Process Database Node Authentication Node Firewall Server
20
Implementation 60 lines in OSCommerce Information Flow Control – 8,000 lines of ‘C’ Linux kernel code – Redis key-value store User-Session Connection-Capabilities Connection-Taints Taint-Policy Database proxy – 350 lines of Lua code 20
21
Implementation Configuration – Identify primary keys – Table groups – Foreign key relationship – Insert query monitoring for each group 21 In OSCommerce application: Out of 50 tables, 15 were sensitive Tables were grouped in sets of 9, 5 and 1 In all we needed 3 taint-storage tables
22
Evaluation File fetch (small: 7%, large: 1%) Scalability: – Login slowdown (21%) – User session slowdown (30%) 22
23
Related Work Data Isolation – CLAMP, Nemesis – CryptDB Information Flow Control – HiStar, Dstar, Asbestos, Flume Language-level Taint Tracking – RESIN, Guardrails, PHPAspis, DBTaint Full-system Taint Tracking – TaintDroid, Neon, Panorama 23
24
Limitations Misconfiguration False positives and false negatives Data integrity Partial deployment Social networking applications Integration with SDN controllers 24
25
Conclusion Prevent exfiltration of sensitive data, even if the application is compromised Information flow: associate data with taints, only allow authorized user sessions to access Very little modification to existing applications Overhead is about 20–30% over unmodified applications 25 SilverLine: Protect data, rather than the application
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.