Presentation is loading. Please wait.

Presentation is loading. Please wait.

SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.

Published byNeal Gyles Robinson Modified over 9 years ago

Similar presentations

Presentation on theme: "SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual."— Presentation transcript:

1 SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual Computer Security Applications Conference (ACSAC) 2013

2 Data Breach Incidents Sony Data Breach (SQL Injection, 2011) Citibank (Web application vulnerability, 2012) Twitter (2013) Adobe (2013) 90% of the data leakages occur at server. 95% of those leaks are from external attacks. 2

3 Common Server-Side Vulnerabilities Injection Attacks Broken Authentication and Session Management Insecure Direct Object References Security Misconfiguration Vulnerable Components and Libraries (Open Web Application Security Project) 3

4 Current Protection Mechanisms Penetration testing Automated code review Application firewalls Data loss prevention devices Shortcomings  No protection against zero day attacks  Once compromised, can’t stop data theft Focus on protecting data, rather than the underlying system 4

5 Design Goals Security: Decouple data protection from the application Deployment: Minimize changes to existing applications Performance: Minimize overhead 5

6 SilverLine Design Non-Goals Kernel-level vulnerabilities Covert channels Malicious software on the database Inside threats Data modification attacks 6

7 SilverLine Overview 7 Step #1: Tag Sensitive Data Step #2: Associate User with SessionStep #3: Retrieve Data with TaintsStep #4: Track DataStep #5: Declassify Response

8 SilverLine Components Authentication Module Database Proxy Information Flow Monitor Declassifier 8

9 9 Process Information Flow Tracking Kernel Webserver Process SilverLine Architecture 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database 7 8 9 10 14. Send Response 15. Check Session Permissions 16. Return Response Process Database Node Authentication Node Firewall Server

10 Step #1: Initial Configuration Indentify and mark sensitive tables Find unique user key Find foreign keys Find table groups Find tables to monitor for insert query Create taint-storage tables in each group 10

11 User-IDNameTransact-ID 1John Smith100 2Jane Doe200 Step #1: Configuration Example User Table Transact-IDTransact-noItem 20037DVD 20038PHONE 10089BRUSH Transaction Table User-IDTaint 1‘A’ 2‘B’ User-Taint Table SELECT Name FROM User WHERE User-ID = ‘2’ SELECT Name, Taint FROM User u, User-Taint ut WHERE User-ID = ‘2’ AND u.User-ID = ut.User-ID SELECT Item FROM Transaction WHERE Transact-ID = ‘200’ and Transact-no=‘37’ Transact-Taint Table Transact-IDTaint 100‘A’ 200‘B’ SELECT Item, Taint FROM Transaction t, Transact-Taint tt WHERE Transact-ID = ‘200’ and Transact-no=‘37’ and t.Transact-ID = tt.Transact-ID 11

12 Step #2a: Authenticate User 12 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server

13 Step #2b: Decide Session Capability 13 User- Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table Trusted Realm Process Database Tables 2. Authenticate {username, password} 3. Verify & Authenticate 4. Store {Cookie1, User1} 5. Store {SIP:SP-DIP:DP-Prot, Taint1} 4. Verify Cookie Authentication Node

14 Step #3: Retrieve Taints with Data 14 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Process Database Node Authentication Node Firewall Server

15 Step #3: DB Proxy Operation Database Proxy Process Query Parser Process Query RegEx Table Web Application Database Connection Taints Table 6. Execute query from Webserver 7. Match Regular Expression 8. Parse Query And generate Regular expressions 9. Store Query, Taint Query 10. Execute Data + Taint Retrieval Query 11. Store {5-tuple, Taint} 12. Return results To Webserver Trusted RealmProcessDatabase Tables 15

16 Database Server Database Proxy UserIDUsernameSSN 1Alice999-99-9999 2Bob888-88-8888 UserIDTaint 10xABCDEF 20x123456 user table user_taints table “SELECT name from user WHERE UserID=1” 1Alice999-99-9999 Taint applied to network connection 0xABCDEF Data Query “SELECT name, taint from user u, user- taints ut WHERE UserID=1 and u.UserID=ut.UserID” 1Alice999-99-9999 Modified Query by Proxy Query Results 16 Step #3: Apply Taint to Connection

17 Step #4: Track Data 17 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database 7 8 9 10 Process Database Node Authentication Node Firewall Server

18 Step #4: Information Flow Tracking Per-process taint records Monitors system calls – IPC {send, shmat, kill}, – File/Device operations {read, unlink}, – Process management {fork, execve}, – Memory {mmap}, – Kernel configuration{sysctl} Taint transfer with information exchange Network database “connection-taints” to transfer taints across machines 18

19 Step #5: Declassification 19 Declassifier Process Information Flow Tracking Kernel Webserver Process 1. User sends Login request 2. Authenticate User Trusted Realm Untrusted Realm Database Table User-Sessions Table Connection- Capabilities Table User Authentication Module User-Auth Table 3. Authenticate 4. Cookies 5. 5-tuple taints 6. Execute query 12. Query Results Database Proxy Process Query Parser Process Query RegEx Table Web Application Database 7 8 9 10 14. Send Response 15. Check Session Permissions 16. Return Response Process Database Node Authentication Node Firewall Server

20 Implementation 60 lines in OSCommerce Information Flow Control – 8,000 lines of ‘C’ Linux kernel code – Redis key-value store User-Session Connection-Capabilities Connection-Taints Taint-Policy Database proxy – 350 lines of Lua code 20

21 Implementation Configuration – Identify primary keys – Table groups – Foreign key relationship – Insert query monitoring for each group 21 In OSCommerce application: Out of 50 tables, 15 were sensitive Tables were grouped in sets of 9, 5 and 1 In all we needed 3 taint-storage tables

22 Evaluation File fetch (small: 7%, large: 1%) Scalability: – Login slowdown (21%) – User session slowdown (30%) 22

23 Related Work Data Isolation – CLAMP, Nemesis – CryptDB Information Flow Control – HiStar, Dstar, Asbestos, Flume Language-level Taint Tracking – RESIN, Guardrails, PHPAspis, DBTaint Full-system Taint Tracking – TaintDroid, Neon, Panorama 23

24 Limitations Misconfiguration False positives and false negatives Data integrity Partial deployment Social networking applications Integration with SDN controllers 24

25 Conclusion Prevent exfiltration of sensitive data, even if the application is compromised Information flow: associate data with taints, only allow authorized user sessions to access Very little modification to existing applications Overhead is about 20–30% over unmodified applications 25 SilverLine: Protect data, rather than the application

Download ppt "SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual."

Similar presentations

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,
Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Operating System Security

Operating System Security
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.

It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Aaron Blankstein and Michael J. Freedman Princeton University Tuan Tran.

Aaron Blankstein and Michael J. Freedman Princeton University Tuan Tran.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.

1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.

Adversaries in Clouds: Protecting Data in Cloud-Based Applications Nick Feamster Georgia Tech.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.
Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.

Vulnerability-Specific Execution Filtering (VSEF) for Exploit Prevention on Commodity Software Authors: James Newsome, James Newsome, David Brumley, David.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Similar presentations

Ads by Google