SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.

Slides:

Advertisements

Similar presentations

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

Advertisements

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Operating System Security

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Aaron Blankstein and Michael J. Freedman Princeton University Tuan Tran.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

OWASP Mobile Top 10 Why They Matter and What We Can Do

Martin Kruliš by Martin Kruliš (v1.0)1.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Brad Baker CS526 May 7 th, /7/ Project goals 2. Test Environment 3. The Problem 4. Some Solutions 5. ModSecurity Overview 6. ModSecurity.

SQL INJECTION COUNTERMEASURES &

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

AMNESIA: Analysis and Monitoring for NEutralizing SQL- Injection Attacks Published by Wiliam Halfond and Alessandro Orso Presented by El Shibani Omar CS691.

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

1 Vulnerability Assessment of Grid Software James A. Kupsch Computer Sciences Department University of Wisconsin Condor Week 2007 May 2, 2007.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

CS 1308 Computer Literacy and the Internet

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

Pedigree: Network-wide Protection Against Enterprise Data Leaks Team: Nick Feamster, Assistant Professor, School of CS Anirudh Ramachandran, PhD candidate,

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.

Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.

Cryptography and Network Security Sixth Edition by William Stallings.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.

DATA COMPROMISE Controlling the flow of sensitive electronic information remains a major challenge, ranging from theft to accidental violation of policies.

Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.

Database and Cloud Security

Hardware-rooted Trust for Secure Key Management & Transient Trust

Manuel Brugnoli, Elisa Heymann UAB

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

World Wide Web policy.

Secure Software Confidentiality Integrity Data Security Authentication

Security Issues.

Outline What does the OS protect? Authentication for operating systems

Marking Scheme for Semantic-aware Web Application Security

Outline What does the OS protect? Authentication for operating systems

Security concerns of web applications with database access

Chapter 13 Security Methods Part 3.

WWW安全國立暨南國際大學資訊管理學系陳彥錚.

Presentation transcript:

SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual Computer Security Applications Conference (ACSAC) 2013

Data Breach Incidents Sony Data Breach (SQL Injection, 2011) Citibank (Web application vulnerability, 2012) Twitter (2013) Adobe (2013) 90% of the data leakages occur at server. 95% of those leaks are from external attacks. 2

Common Server-Side Vulnerabilities Injection Attacks Broken Authentication and Session Management Insecure Direct Object References Security Misconfiguration Vulnerable Components and Libraries (Open Web Application Security Project) 3

Current Protection Mechanisms Penetration testing Automated code review Application firewalls Data loss prevention devices Shortcomings  No protection against zero day attacks  Once compromised, can’t stop data theft Focus on protecting data, rather than the underlying system 4

Design Goals Security: Decouple data protection from the application Deployment: Minimize changes to existing applications Performance: Minimize overhead 5

SilverLine Design Non-Goals Kernel-level vulnerabilities Covert channels Malicious software on the database Inside threats Data modification attacks 6

SilverLine Overview 7 Step #1: Tag Sensitive Data Step #2: Associate User with SessionStep #3: Retrieve Data with TaintsStep #4: Track DataStep #5: Declassify Response

SilverLine Components Authentication Module Database Proxy Information Flow Monitor Declassifier 8

9 Process Information Flow Tracking Kernel Webserver Process SilverLine Architecture 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Send Response 15. Check Session Permissions 16. Return Response Process Database Node Authentication Node Firewall Server

Step #1: Initial Configuration Indentify and mark sensitive tables Find unique user key Find foreign keys Find table groups Find tables to monitor for insert query Create taint-storage tables in each group 10

User-IDNameTransact-ID 1John Smith100 2Jane Doe200 Step #1: Configuration Example User Table Transact-IDTransact-noItem 20037DVD 20038PHONE 10089BRUSH Transaction Table User-IDTaint 1‘A’ 2‘B’ User-Taint Table SELECT Name FROM User WHERE User-ID = ‘2’ SELECT Name, Taint FROM User u, User-Taint ut WHERE User-ID = ‘2’ AND u.User-ID = ut.User-ID SELECT Item FROM Transaction WHERE Transact-ID = ‘200’ and Transact-no=‘37’ Transact-Taint Table Transact-IDTaint 100‘A’ 200‘B’ SELECT Item, Taint FROM Transaction t, Transact-Taint tt WHERE Transact-ID = ‘200’ and Transact-no=‘37’ and t.Transact-ID = tt.Transact-ID 11

Step #2a: Authenticate User 12 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server

Step #2b: Decide Session Capability 13 User- Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table Trusted Realm Process Database Tables 2. Authenticate {username, password} 3. Verify & Authenticate 4. Store {Cookie1, User1} 5. Store {SIP:SP-DIP:DP-Prot, Taint1} 4. Verify Cookie Authentication Node

Step #3: Retrieve Taints with Data 14 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server

Step #3: DB Proxy Operation Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Connection Taints Table 6. Execute query from Webserver 7. Match Regular Expression 8. Parse Query And generate Regular expressions 9. Store Query, Taint Query 10. Execute Data + Taint Retrieval Query 11. Store {5-tuple, Taint} 12. Return results To Webserver Trusted RealmProcessDatabase Tables 15

Database Server Database Proxy UserIDUsernameSSN 1Alice Bob UserIDTaint 10xABCDEF 20x user table user_taints table “SELECT name from user WHERE UserID=1” 1Alice Taint applied to network connection 0xABCDEF Data Query “SELECT name, taint from user u, user- taints ut WHERE UserID=1 and u.UserID=ut.UserID” 1Alice Modified Query by Proxy Query Results 16 Step #3: Apply Taint to Connection

Step #4: Track Data 17 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server

Step #4: Information Flow Tracking Per-process taint records Monitors system calls – IPC {send, shmat, kill}, – File/Device operations {read, unlink}, – Process management {fork, execve}, – Memory {mmap}, – Kernel configuration{sysctl} Taint transfer with information exchange Network database “connection-taints” to transfer taints across machines 18

Step #5: Declassification 19 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Send Response 15. Check Session Permissions 16. Return Response Process Database Node Authentication Node Firewall Server

Implementation 60 lines in OSCommerce Information Flow Control – 8,000 lines of ‘C’ Linux kernel code – Redis key-value store User-Session Connection-Capabilities Connection-Taints Taint-Policy Database proxy – 350 lines of Lua code 20

Implementation Configuration – Identify primary keys – Table groups – Foreign key relationship – Insert query monitoring for each group 21 In OSCommerce application: Out of 50 tables, 15 were sensitive Tables were grouped in sets of 9, 5 and 1 In all we needed 3 taint-storage tables

Evaluation File fetch (small: 7%, large: 1%) Scalability: – Login slowdown (21%) – User session slowdown (30%) 22

Related Work Data Isolation – CLAMP, Nemesis – CryptDB Information Flow Control – HiStar, Dstar, Asbestos, Flume Language-level Taint Tracking – RESIN, Guardrails, PHPAspis, DBTaint Full-system Taint Tracking – TaintDroid, Neon, Panorama 23

Limitations Misconfiguration False positives and false negatives Data integrity Partial deployment Social networking applications Integration with SDN controllers 24

Conclusion Prevent exfiltration of sensitive data, even if the application is compromised Information flow: associate data with taints, only allow authorized user sessions to access Very little modification to existing applications Overhead is about 20–30% over unmodified applications 25 SilverLine: Protect data, rather than the application