Securing Enterprise Networks using Traffic Tainting

Enterprises must control the dissemination of sensitive information. Unfortunately, existing approaches to this problem ("information flow control") require rewriting applications or even the entire operating system, making these approaches difficult to deploy in practice. They also typically do not enforce information-flow control across a network. This project presents Pedigree, which applies information flow control across a network, for legacy applications; it prevents data leaks that may occur due to either malicious insiders or malware. Pedigree associates each file and process with a label; a small, trusted module on the host uses these labels to determine whether two processes on the same host can communicate. When a process wishes to communicate across the network, Pedigree can enforce information-flow control either at the receiving host or at a network switch. Pedigree guarantees that unauthorized processes or users cannot export confidential information from anywhere in the network. Unlike previous approaches, deploying Pedigree does not require modifying applications, and it even operates in environments with heterogeneous devices (some that may not run any special software). Additionally, Pedigree allows enterprise users and operators to specify network-wide information flow policies, rather than having to specify and implement policies for each host. We present the design and implementation of Pedigree, show that it can prevent common data leaks in enterprises, and discuss its applicability to other domains.

Contact

Please get in touch wtih us if you are interested in the commercial applications of Pedigree (email: "pedigree at gtnoise dot net").