Enterprise Information Systems (EIS) continually face attacks ranging from data leaks to the spread of malware; these attacks cost companies billions of dollars annually and can result in critical loss or leakage of data. Existing defenses typically either attempt to secure the hosts within the enterprise or add a security perimeter to the network. These conventional defenses are ineffective in the face of compromised hosts, mobile devices, and insider threats. Dynamic Information-Flow Tracking (DIFT) techniques maintain data provenance information about objects within the system and control information flow by defining and implementing policies that dictate how that information should be allowed to flow. Although powerful, existing DIFT approaches are limited by the fact of targeting only a single layer on a single physical host, which limits their effectiveness and practical applicability.
This research will develop MEDITA, a multi-layer DIFT mechanism that can precisely, securely, and efficiently track data flowing within a networked EIS and across layers, and control the flow of such data based on the data provenance and the security policy in place. Multi-layer DIFT holds great promise for controlling information flow within an enterprise in many real-world scenarios. Despite its appeal, however, realizing a system that could implement such DIFT policies in practice is extremely challenging because of the wide variety of attacks that can be mounted, ranging from copying and pasting the sensitive data to writing the document to removable storage or a mobile device. To address these and other challenges, this research will (1) refine existing techniques for performing DIFT within the individual layers of an EIS, (2) design and implement the integration and inter-operation of DIFT techniques between layers, (3) define a language that can be used to express multi-layer security policies for the EIS and mechanisms for translating those policies to tainting and enforcement mechanisms; and (4) Develop a prototype implementation of MEDITA and perform experiments by using the prototype to apply MEDITA to realistic information-flow tracking control scenarios.
The overall goal of this project was to develop techniques for making Enterprise Information Systems (EIS) more secure and reliable. During the lifetime of this project, we targeted several issues with modern EIS and developed a family of techniques that addressed these issues. In the rest of this report, we summarize the main results achieved within the project in terms of intellectual merit and broader impact of the research. Silverline: One of the main outcomes of this project is the development of an information-flow tracking system, called Silverline, that allows networks to protect sensitive data even when vulnerable web applications are compromised. Web applications can have vulnerabilities that result in server-side data leaks. Silverline prevents bulk data leaks caused by either code injection or compromised server-side components in Web applications automatically, without any need for the developer to rewrite the web-application code. Our implementation of Silverline for PHP-based web applications demonstrates that Silverline can protect such applications from many of the most common server-side attacks while imposing an acceptable overhead for the users of the protected web applications. SAZO: With the growth of home networks consisting of a large number of often poorly managed devices, these devices tend to be open to attacks or compromises. Securing home networks is challenging as these networks are usually managed by people with no security background and little to no understanding of malware. Host-based antivirus solutions run inside the very hosts they are protecting, making them vulnerable to subversion by malware. Furthermore, antivirus solutions are not available for many devices, such as Internet TV, tablets, and game stations. Other "out of the box" solutions that employ antimalware technologies at the Internet service provider-level are more effective, but can only view the Internet side of a customer network. They can therefore detect whether or not the home network is compromised, but not knowing where. SAZO (SAfe ZOne) can detect and warn users about compromised devices by monitoring home network traffic at the wireless router: end users connect to the Internet using a SAZO box that monitors the entire home traffic and detects anomalies with the help of SAZO servers in the cloud. SAZO has several advantages compared to existing alternative solutions. In particular, it does not need to install a monitoring agent on each device, can offload malware detection logic to the cloud, and can precisely identify which devices on a network are compromised and suitably report them. Newton: Web applications use cookie-based authentication to provide different levels of access and authorization to their users; the complexity of web sites’ code and authentication cookies' policies introduce potentially serious vulnerabilities for these systems. Newton is an algorithm that determines the set of cookies that serve as authentication cookies for a particular site and can detect vulnerabilities that may allow an attacker to gain access to a user's sensitive information on various sites. Newton can also recommend more secure client authentication mechanisms that can reduce the likelihood of an attack. Therefore, web administrators and users alike can use Newton to assess the security of a site’s cookie-based authentication and possibly improve it. X-PERT: An important issue that can affect the reliability of web applications is the presence of cross-browser incompatibilities (XBIs). XBIs, which are discrepancies between a web application's appearance, behavior, or both, when the application is run on two different environments, are a serious concern for organizations that develop web-based software. To address XBIs, we developed X-PERT, a technique for detecting and reporting the entire range of XBI errors through a combination of information tracking, program analysis, and computer vision algorithms. Our implementation of X-PERT shows that it can identify XBIs in real-world web applications both effectively and with high precision. Given the widespread use of web applications and enterprise information systems in general, the techniques we developed, implemented, and made available through publications and tool releases are likely not only to have an impact within the specific area of the project, but also to indirectly benefit the increasingly large segment of society that relies on this kind of software systems.
