Presentation is loading. Please wait.

Presentation is loading. Please wait.

Peter R. Pietzuch Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group ACM Cloud Computing.

Published byAshlie Eustacia Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "Peter R. Pietzuch Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group ACM Cloud Computing."— Presentation transcript:

1 Peter R. Pietzuch prp@doc.ic.ac.uk Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group http://lsds.doc.ic.ac.uk ACM Cloud Computing Security Workshop (CCSW), October 19, 2012 Department of Computing CloudFilter Practical Control of Sensitive Data Propagation to the Cloud

2 Can an employee store files online? 2

3 Can an employee store files online? Not really… Hi Yiannis, Can you send me that file from my Dropbox? Sure, here it is! Why?! 3

4 Can an employee store files online? Not really… Why?! Policy 1: Employees should not waste time online on personal matters! Policy 2: Employees should not be able to send company files to arbitrary recipients! 4

5 Can an employee store files online? Not really… Why?! Dropbox enables large scale data disclosure It’s very easy for employees to misunderstand and violate the data propagation policy of the bank The bank wants to be able to blame employees if a leak occurs 5

6 Current solution: network-level blocking Network-level blocking of cloud services is not perfect: Why prevent workflows that involve non-sensitive data? Employees are more likely to bypass company policy completely by using personal devices 6

7 Threat Model Users are not malicious: Employees are trusted to decide whether data are sensitive or not Employees are accountable for their actions The cloud provider: Is trusted to collaborate with organisations and help them control access to their data 7

8 Objectives and Ideas CloudFilter’s objectives: Support (most) cloud storage providers help employees comply with data propagation policy log attempts to disclose sensitive data control how data are accessed after they have been uploaded 8 Important ideas: Three different types of data (confidential, public and protected) Most cloud storage providers support HTTP for file transfers Data propagation is controlled via labels embedded inside files

9 Cloud Storage Provider Policy CloudFilter File Upload Client Proxy Browser plugin Service Proxy 1 1 HTTP 2 2 File 3 3 label File label 4 4 Policy 5 5 9

10 Cloud Storage Provider CloudFilter File Download Client Proxy Browser plugin Service Proxy 1 1 HTTP Policy 2 2 File label 3 3 4 4 10

11 File Embedding labels inside files <rdf:Description rdf:about="" xmlns:cf0="http://cloudfilter.doc.ic.ac.uk/0"> cf.doc.ic.ac.uk protected user ip108, prp policy id proxy addr parameters Labels can be embedded inside specific file types using Adobe’s eXtensible Metadata Platform (XMP) 11

12 Policy 1: Prevent all file uploads to Dropbox Client Proxy Browser plugin HTTP File Event {out} {put post} {(.*\.)*dropbox.com(/.*)* } Condition (none) Action return(“403”) 12

13 Policy 2: Only allow uploading public documents Client Proxy Browser plugin HTTP File Event {out} {put post} {(.*\.)*dropbox.com(/.*)* } Condition (none) Action form=createHTMLForm() resp=ask(form) if resp==“public”: log() return(issue()) else: return(“403”) 13

14 Cloud Storage Provider Policy 3: Only share documents across university staff Client ProxyService Proxy Policy (DN) Policy (DN) File UConfidential File Policy (UP) Policy (UP) University Student University Employee File UConfidential 14

15 CloudFilter++ 15

16 CloudFilter Limitations Limitations: No provenance » too irritating for the user User input is required to classify each file in a security category User input is required again after a file has been edited Restrictive data model » most web applications do not use files Web applications typically use a relational database and a custom data model Online document editors expose file export/import functionality but this does not preserve labels User files are typically stored online, edited locally 16

17 How will the future enterprise desktop look like? 17 start

18 The End 18 Ioannis Papagiannis DoC, Imperial College London ip108@doc.ic.ac.uk

19 Policy specification: Event-Condition-Action (ECA) Data propagation policies they specify the actions of CloudFilter proxies when file transfers are detected have 3 parts (Event-Condition-Action) may be sent across proxies at runtime Part 1: Event the event that triggers an ECA policy is the invocation of an HTTP method Match HTTP requests according to (1) direction of data flow, (2) HTTP method, (3) target URL 19 Part 2: Condition The condition that must be satisfied is the existence of labeled files inside the HTTP request/response Two type of conditions (service-agnostic, service-specific) Part 3: Action A python script that a proxy executes to handle the file transfer The script can access the file and the HTTP request/response

Download ppt "Peter R. Pietzuch Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group ACM Cloud Computing."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer

Introduction to PHP MIS 3501, Fall 2014 Jeremy Shafer
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
An integrated system for handling restricted use data Felicia LeClere, Ph.D. IASSIST 2009 Tampere, Finland.

An integrated system for handling restricted use data Felicia LeClere, Ph.D. IASSIST 2009 Tampere, Finland.
What is it? CLOUD COMPUTING.  Connects to the cloud via the Internet  Does computing tasks, or  Runs applications, or  Stores Data THE AVERAGE CLOUD.

What is it? CLOUD COMPUTING.  Connects to the cloud via the Internet  Does computing tasks, or  Runs applications, or  Stores Data THE AVERAGE CLOUD.
Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.

Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Mobility Methods for document access while away from the office.

Mobility Methods for document access while away from the office.
© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.

© 2011 Autodesk Securing AutoCAD IP in the era of WikiLeaks Presenter: Rahul Kopikar Co-Founder, Seclore Technology.
Company/Product Overview. You have lots of files all over the place.

Company/Product Overview. You have lots of files all over the place.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
A Seminar on Securities In Cloud Computing Presented by Sanjib Kumar Raul Mtech(ICT) Roll-10IT61B09 IIT Kharagpur Under the supervision of Prof. Indranil.

A Seminar on Securities In Cloud Computing Presented by Sanjib Kumar Raul Mtech(ICT) Roll-10IT61B09 IIT Kharagpur Under the supervision of Prof. Indranil.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
A Scalable Application Architecture for composing News Portals on the Internet Serpil TOK, Zeki BAYRAM. Eastern MediterraneanUniversity Famagusta Famagusta.

A Scalable Application Architecture for composing News Portals on the Internet Serpil TOK, Zeki BAYRAM. Eastern MediterraneanUniversity Famagusta Famagusta.

Similar presentations

Ads by Google