Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Published byDiego Blackburn Modified over 11 years ago

Similar presentations

Presentation on theme: "Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq."— Presentation transcript:

1 Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq

2 Motivation Main goal: Control the flow of traffic within an enterprise network Two scenarios –Preventing confidential documents from leaving the enterprise ~1/3 of companies victims of insider fraud –Controlling the spread of malware Damages from malware exceed $13 Billion

3 Scenario #1: Confidential Documents

4 Existing Approaches Network firewalls –Inspecting content may require deep-packet inspection: difficult at high-speed Host firewalls –Must implement policies on host Restricted use (or separate machines)

5 Scenario #2: Malware Spreading Malware enters enterprise over thenetwork (e.g., remote exploit, Web application), mobile device, etc. System administrators rely on virus scanners, host AV, etc. –Problem: Payloads may change, hard to keep AV up- to-date

6 Pedigree Design Trusted tagging component on host Arbiter on network switch

7 Tag Structure and Function

8 Design Decisions Specify and enforce policy in the network (not at the host). Taint files and processes. Implement tagger as a kernel module. Use a separate control channel to associate tags with network connections.

9 Transferring Taints System calls (e.g., read, write ) intercepted, used to track taints Sets of taints stored in separate tag store –Mounted on separate device Implementation: Linux Security Modules

10 Assumptions and Trust Model Network elements dont modify tags End host has a trusted component –Privileged process –Kernel module –Hypervisor –Outside the host

11 Scenario: Exfiltration Prevention Users can use a tainting service to assign security classes to files.

12 Concerns Performance Overhead –Connection setup overhead –System call overhead –Storage overhead Overflow of taint set –Size of taint set could become quite large How to identify taints that reflect a certain class of traffic?

13 Connection Setup 1 MB TCP Transfers: < 30% Overhead for < 10 concurrent connection initiations.

14 System Call Overhead 18-30% overhead on read- intensive processes

15 How Many Taints? Our research group: 15,000 unique binaries Ways to deal with large sets of taints –Compression (Bloom filter) –Aggregation (Second-level taints) –Bottom security level

16 Summary Enterprises need to control information flow within their networks –Data leak/loss prevention –Malware containment Idea: Track information flow across processes. Implement control in network.

Download ppt "Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq."

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.

11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.
1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,
Packets with Provenance Anirudh, Mukarram, Nick, Kaushik.

Packets with Provenance Anirudh, Mukarram, Nick, Kaushik.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Any Questions?.

Any Questions?.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.

SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
A Guide to major network components

A Guide to major network components

Similar presentations

Ads by Google