Title
Reliably determining data leakage in the presence of strong attackers
Author
Bortolameotti, R.
Peter, A.
Everts, M.H.
Jonker, W.
Hartel, P.
Publication year
2016
Abstract
We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked. In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services. Applied Computer Security Associates (ACSA)
Subject
ICT
CSR - Cyber Security & Robustness
TS - Technical Sciences
Applied cryptography
Data leakage
Distributed systems security
Forensics
Cryptography
Hardware
Network security
Security of data
Security systems
Applied cryptography
Concrete applications
Data breach notifications
Data leakage
Distributed systems security
Forensics
Malicious adversaries
Trusted hardwares
Computer hardware
To reference this document use:
http://resolver.tudelft.nl/uuid:c0b6870f-7c61-4aea-b543-58a267f57186
DOI
https://doi.org/10.1145/2991079.2991095
TNO identifier
575671
Publisher
Association for Computing Machinery
ISBN
9781450347716
Source
32nd Annual Computer Security Applications Conference, ACSAC 2016. 5 December 2016 through 9 December 2016, 5, 484-495
Series
ACM International Conference Proceeding Series
Document type
conference paper