TC: Small: Taint-Based Information Tracking in Networked Systems

TC：小型：网络系统中基于污点的信息跟踪

• 批准号: 0916732
• 负责人: Nicholas Feamster
• 金额: $ 45万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2009
• 资助国家: 美国
• 起止时间: 2009-09-15 至 2014-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0916732&HistoricalAwards=false
• 关键词: TC; Small; Taint; Based; Information

TC: Small: Taint-Based Information Tracking in Networked SystemsPI: Nick Feamster (Georgia Tech)Network operators must control and monitor the flow of information within and across their networks. Existing mechanisms for controlling information flow are primarily host-based: operating systems can "taint" portions of memory or applications based on the inputs to a particular process or resource. Unfortunately, if a host is compromised or otherwise breached, that information may propagate in unintended ways. Once information has leaked, tracking the provenance of the leaked data is challenging. This project is developing a mechanism for tracking and controlling information flow across the network to cope with these problems. This mechanism would allow operators to control how information propagates within and between networks and to devise more complex policies; for example, it might be used to control which application traffic was allowed on which part of the network. The information carried in the network traffic might ultimately be attributed to a specific user or process, thus allowing operators to express policies according to the process and user that generated the traffic.We are addressing several research challenges. First, we are exploring the appropriate granularity for tainting that preserves semantics without imposing unacceptable memory and performance overhead. Second, we are designing the system to minimize performance overhead on applications. Third, we are exploring translation mechanisms between host-based taints and network-based taints, so that taints carried in network traffic convey meaningful semantics without imposing prohibitive network overhead. The research will result in an information tracking and control system that is deployedin experimental settings (e.g., the Georgia Tech campus network) using the existing and forthcoming programmable switch implementations, and integrated into undergraduate and graduate networking and security courses.

技术委员会：小：网络系统中基于污点的信息跟踪PI：Nick Feamster（格鲁吉亚技术）网络运营商必须控制和监控网络内部和网络之间的信息流。现有的控制信息流的机制主要是基于主机的：操作系统可以根据对特定进程或资源的输入来“污染”内存或应用程序的部分。不幸的是，如果主机受到损害或以其他方式被破坏，则该信息可能会以意想不到的方式传播。一旦信息泄露，追踪泄露数据的来源就具有挑战性。该项目正在开发一种机制，用于跟踪和控制网络上的信息流，以科普这些问题。 这种机制将允许运营商控制信息如何在网络内部和网络之间传播，并设计更复杂的策略;例如，它可以用于控制网络的哪一部分允许哪些应用程序流量。网络流量中携带的信息最终可能归因于特定的用户或进程，从而允许运营商根据生成流量的进程和用户来表达策略。首先，我们正在探索适当的污染粒度，保留语义，而不强加不可接受的内存和性能开销。 其次，我们正在设计系统，以最大限度地减少应用程序的性能开销。 第三，我们正在探索基于主机的污点和基于网络的污点之间的翻译机制，使网络流量中携带的污点传达有意义的语义，而不施加禁止网络开销。这项研究将导致一个信息跟踪和控制系统，部署在实验设置（例如，格鲁吉亚理工学院校园网），并将其整合到本科生和研究生的网络和安全课程中。