Peter R. Pietzuch [email protected]Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group http://lsds.doc.ic.ac.uk ACM Cloud Computing Security Workshop (CCSW), October 19, 2012 Department of Computing CloudFilter Practical Control of Sensitive Data Propagation to the Cloud
19
Embed
Peter R. Pietzuch [email protected] Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group ACM Cloud Computing.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Large-Scale Distributed Systems Grouphttp://lsds.doc.ic.ac.uk
ACM Cloud Computing Security Workshop (CCSW), October 19, 2012
Department of Computing
CloudFilterPractical Control of Sensitive Data Propagation to
the Cloud
Can an employee store files online?
2
Can an employee store files online? Not really…
Hi Yiannis,
Can you send me that file from my Dropbox?
Sure, here it is!
Why?!
3
Can an employee store files online? Not really…
Why?!
• Policy 1:Employees should not waste time online on personal matters!
• Policy 2:Employees should not be able to send company files to arbitrary recipients!
4
Can an employee store files online? Not really…
Why?!
• Dropbox enables large scale data disclosure• It’s very easy for employees to misunderstand and
violate the data propagation policy of the bank• The bank wants to be able to blame employees if a leak
occurs
5
Current solution: network-level blocking
Network-level blocking of cloud services is not perfect:• Why prevent workflows that involve non-sensitive data?• Employees are more likely to bypass company policy
completely by using personal devices
6
Threat Model
Users are not malicious:• Employees are trusted to decide whether
data are sensitive or not• Employees are accountable for their
actions
The cloud provider:• Is trusted to collaborate with
organisations and help them control access to their data
7
Objectives and Ideas
CloudFilter’s objectives:• Support (most) cloud storage providers• help employees comply with data propagation policy• log attempts to disclose sensitive data• control how data are accessed after they have been
uploaded
8
Important ideas:• Three different types of data (confidential, public and
protected)• Most cloud storage providers support HTTP for file
transfers• Data propagation is controlled via labels embedded
Data propagation policies• they specify the actions of CloudFilter proxies when file transfers are
detected• have 3 parts (Event-Condition-Action)• may be sent across proxies at runtimePart 1: Event• the event that triggers an ECA policy is the invocation of an HTTP
method• Match HTTP requests according to (1) direction of data flow, (2) HTTP
method, (3) target URL
19
Part 2: Condition• The condition that must be satisfied is the existence of labeled
files inside the HTTP request/response• Two type of conditions (service-agnostic, service-specific)
Part 3: Action• A python script that a proxy executes to handle the file transfer• The script can access the file and the HTTP request/response