Reliably determining data leakage in the presence of strong attackers
Authors: 
Riccardo Bortolameotti, 
Andreas Peter, Maarten H. Everts, Willem Jonker, Pieter HartelAuthors Info & Claims
Riccardo Bortolameotti, Andreas Peter, Maarten H. Everts, Willem Jonker, Pieter HartelAuthors Info & ClaimsPages 484 - 495
Abstract
We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked.
In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services.
References
[1]
2015 Cost of data breach study: Global Analysis. url: http://www-03.ibm.com/security/data-breach/.
[2]
A. M. Bates, D. Tian, K. R. B. Butler, and T. Moyer. Trustworthy whole-system provenance for the linux kernel. In 24th USENIX security symposium, USENIX security 15, washington, d.c., usa, august 12--14, 2015. J. Jung and T. Holz, editors. USENIX Association, 2015, pp. 319--334.
[3]
BBC. The Interview: a guide to the cyber attack on Hollywood. url: http://www.bbc.com/news/entertainment-arts-30512032.
[4]
A. N. Bessani, J. Sousa, and E. A. P. Alchieri. State machine replication for the masses with BFT-SMART. In 44th annual IEEE/IFIP international conference on dependable systems and networks, DSN 2014, atlanta, ga, usa, june 23--26, 2014. IEEE, 2014, pp. 355--362.
[5]
M. Castro and B. Liskov. Practical byzantine fault tolerance and proactive recovery. ACM trans. comput. syst., 20(4):398--461, 2002.
[6]
A. Clement, E. L. Wong, L. Alvisi, M. Dahlin, and M. Marchetti. Making byzantine fault tolerant systems tolerate byzantine faults. In Proceedings of the 6th USENIX symposium on networked systems design and implementation, NSDI 2009, april 22--24, 2009, boston, ma, USA. J. Rexford and E. G. Sirer, editors. USENIX Association, 2009, pp. 153--168.
[7]
1. Congress. S.177 - Data Security and Breach Notification Act of 2015. url: https://www.congress.gov/bill/114th-congress/senate-bill/177.
[8]
J. Daugman. How iris recognition works. IEEE trans. circuits syst. video techn., 14(1):21--30, 2004.
[9]
Epic.org. EU Data Protection Directive. url: https://epic.org/privacy/intl/eu_data_protection_directive.html.
[10]
M. J. Fischer, N. A. Lynch, and M. Paterson. Impossibility of distributed consensus with one faulty process. J. ACM, 32(2):374--382, 1985.
[11]
A. Gehani and D. Tariq. SPADE: support for provenance auditing in distributed environments. In Middleware 2012 - ACM/IFIP/USENIX 13th international middleware conference, montreal, qc, canada, december 3--7, 2012. proceedings. P. Narasimhan and P. Triantafillou, editors. Vol. 7662. In Lecture Notes in Computer Science. Springer, 2012, pp. 101--120.
[12]
C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the 41st annual ACM symposium on theory of computing, STOC 2009, bethesda, md, usa, may 31 - june 2, 2009. M. Mitzenmacher, editor. ACM, 2009, pp. 169--178.
[13]
J. Halpert and M. J. Anderson. State breach notification laws - updates from the 2015 legislative sessions, 6 action steps for companies. url: https://www.dlapiper.com/en/us/insights/publications/2015/07/state-breach-notification-laws/.
[14]
R. Hasan, R. Sion, and M. Winslett. The case of the fake picasso: preventing history forgery with secure provenance. In 7th USENIX conference on file and storage technologies, february 24--27, 2009, san francisco, ca, USA. proceedings. M. I. Seltzer and R. Wheeler editors. USENIX, 2009, pp. 1--14.
[15]
A. Hern. Did your Adobe password leak? now you and 150m others can check. url: http://www.theguardian.com/technology/2013/nov/07/adobe-password-leak-can-check.
[16]
R. Kotla, L. Alvisi, M. Dahlin, A. Clement, and E. L. Wong. Zyzzyva: speculative byzantine fault tolerance. ACM trans. comput. syst., 27(4), 2009.
[17]
LinkedIn lost 167 million account credentials in data breach. url: http://fortune.com/2016/05/18/linkedin-data-breach-email-password/.
[18]
P. Macko and M. Seltzer. A general-purpose provenance library. In 4th workshop on the theory and practice of provenance, tapp'12, boston, ma, usa, june 14--15, 2012. U. A. Acar and T. J. Green, editors. USENIX Association, 2012.
[19]
McAfee. Rise of rootkits. url: http://www.mcafee.com/us/security-awareness/articles/rise-of-rootkits.aspx.
[20]
D. McMillen. Wiper malware analysis. url: http://www.ibm.com/developerworks/library/se-wiper-analysis/index.html.
[21]
K. Muniswamy-Reddy, U. Braun, D. A. Holland, P. Macko, D. L. MacLean, D. W. Margo, M. I. Seltzer, and R. Smogor. Layering in provenance systems. In 2009 USENIX annual technical conference, san diego, ca, usa, june 14--19, 2009. G. M. Voelker and A. Wolman, editors. USENIX Association, 2009.
[22]
K. Muniswamy-Reddy, D. A. Holland, U. Braun, and M. I. Seltzer. Provenance-aware storage systems. In Proceedings of the 2006 USENIX annual technical conference, boston, ma, usa, may 30 - june 3, 2006. A. Adya and E. M. Nahum, editors. USENIX, 2006, pp. 43--56.
[23]
E. Munoz. JP Morgan hack exposed data of 83 million, among biggest breaches in history. url: http://www.reuters.com/article/us-jpmorgan-cybersecurity-idUSKCN0HR23T20141003.
[24]
I. Papagiannis and P. R. Pietzuch. CloudFilter: practical control of sensitive data propagation to the cloud. In Proceedings of the 2012 ACM workshop on cloud computing security, CCSW 2012, raleigh, nc, usa, october 19, 2012. T. Yu, S. Capkun, and S. Kamara, editors. ACM, 2012, pp. 97--102.
[25]
V. Pappas, V. P. Kemerlis, A. Zavou, M. Polychronakis, and A. D. Keromytis. CloudFence: data flow tracking as a cloud service. In Research in attacks, intrusions, and defenses - 16th international symposium, RAID 2013, rodney bay, st. lucia, october 23--25, 2013. proceedings. S. J. Stolfo, A. Stavrou, and C. V. Wright, editors. Vol. 8145. In Lecture Notes in Computer Science. Springer, 2013, pp. 411--431.
[26]
D. J. Pohly, S. E. McLaughlin, P. McDaniel, and K. R. B. Butler. Hi-Fi: collecting high-fidelity whole-system provenance. In 28th annual computer security applications conference, ACSAC 2012, orlando, fl, usa, 3--7 december 2012. R. H. Zakon, editor. ACM, 2012, pp. 259--268.
[27]
Proof of Stake. bitcoin wiki. url: https://en.bitcoin.it/wiki/Proof_of_Stake.
[28]
Proof of Work. bitcoin wiki. url: https://en.bitcoin.it/wiki/Proof_of_work.
[29]
J. K. Resch and J. S. Plank. AONT-RS: blending security and performance in dispersed storage systems. In 9th USENIX conference on file and storage technologies, san jose, ca, usa, february 15--17, 2011. G. R. Ganger and J. Wilkes, editors. USENIX, 2011, pp. 191--202.
[30]
A. Shamir. How to share a secret. Commun. ACM, 22(11):612--613, 1979.
[31]
J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. N. Soules, and G. R. Ganger. Self-securing storage: protecting data in compromised systems. In 4th symposium on operating system design and implementation (OSDI 2000), san diego, california, usa, october 23--25, 2000. M. B. Jones and M. F. Kaashoek, editors. USENIX Association, 2000, pp. 165--180.
[32]
G. E. Suh and S. Devadas. Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th design automation conference, DAC 2007, san diego, ca, usa, june 4--8, 2007. IEEE, 2007, pp. 9--14.
[33]
J. Wires and M. J. Feeley. Secure file system versioning at the block level. In Proceedings of the 2007 eurosys conference, lisbon, portugal, march 21--23, 2007. P. Ferreira, T. R. Gross, and L. Veiga, editors. ACM, 2007, pp. 203--215.
[34]
A. C. Yao. Protocols for secure computations (extended abstract). In 23rd annual symposium on foundations of computer science, chicago, illinois, usa, 3--5 november 1982. IEEE Computer Society, 1982, pp. 160--164.
[35]
W. Zhou, Q. Fei, A. Narayan, A. Haeberlen, B. T. Loo, and M. Sherr. Secure network provenance. In Proceedings of the 23rd ACM symposium on operating systems principles 2011, SOSP 2011, cascais, portugal, october 23--26, 2011. T. Wobber and P. Druschel, editors. ACM, 2011, pp. 295--310. isbn: 978-1-4503-0977-6.
[36]
D. Zhu, J. Jung, D. Song, T. Kohno, and D. Wetherall. TaintEraser: protecting sensitive data leaks using application-level taint tracking. Operating systems review, 45(1):142--154, 2011.
Recommendations
Data exfiltration
ContextOne of the main targets of cyber-attacks is data exfiltration, which is the leakage of sensitive or private data to an unauthorized entity. Data exfiltration can be perpetrated by an outsider or an insider of an organization. Given the increasing ...
BAF and FI-BAF: Efficient and Publicly Verifiable Cryptographic Schemes for Secure Logging in Resource-Constrained Systems
Audit logs are an integral part of modern computer systems due to their forensic value. Protecting audit logs on a physically unprotected machine in hostile environments is a challenging task, especially in the presence of active adversaries. It is ...
A novel approach for privacy homomorphism using attribute-based encryption
In CRYPTO'13, Gentry et al. proposed the first homomorphic encryption HE scheme for the attribute-based encryption ABE. However, Gentry's scheme requires the same index for encryption of each ciphertext and supports only the key-policy ABE. Indeed, in ...
Comments
Information & Contributors
Information
Published In
December 2016
614 pages
ISBN:9781450347716
DOI:10.1145/2991079
- Conference Chair:
- Stephen Schwab,
- Program Chairs:
- Wil Robertson,
- Davide Balzarotti
Copyright © 2016 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
- ACSA: Applied Computing Security Assoc
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 December 2016
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ACSAC '16
Sponsor:
- ACSA
ACSAC '16: 2016 Annual Computer Security Applications Conference
December 5 - 8, 2016
California, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 104 of 497 submissions, 21%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 532Total Downloads
- Downloads (Last 12 months)36
- Downloads (Last 6 weeks)5
Reflects downloads up to 01 Sep 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in