| Abstract | Enterprise networks are vulnerable to attacks ranging from dataleaks to the spread of malware to insider threats. Previous defenses
have largely focused on securing hosts; unfortunately, when hosts
are compromised, these defenses become ineffective. Rather than
attempting to harden the host against every possible attack (which
is impractical) or constraining the software that can run on a host
(which is inconvenient), we place a small amount of trusted code
on the host to assist with tracking the provenance of network traf-
fic, moving the rest of the trust and function to the network. We
present Pedigree, a system that tracks information flow across pro-
cesses and hosts within a network by annotating traffic with taints
that reflect the process that generated the traffic and the inputs that
process has taken (we call this function traffic tainting). A tagger
on the host annotates network traffic with information about the
“taints” that the sending process has acquired. Network devices act
as arbiters to take appropriate actions (e.g., blocking) based on the
taints associated with the traffic and the enterprise network’s secu-
rity policy. We have implemented Pedigree’s host-based tagger as a
Linux kernel module and the arbiter using the OpenFlow platform.
This demonstration presents a prototype deployment of Pedigree
that identifies and prevents both sensitive data leaks and the spread
of malware in a typical enterprise network setting. The demon-
stration will show that Pedigree can defend against these attacks
without significant overhead at the host or the filtering device.
|
