powered by TMCnet

Wire Speed

Wire Speed Feature

December 09, 2010

Study Looks at Preventing Exfiltration at Wire Speed

By David Sims, TMCnet Contributing Editor

Protecting sensitive data is no longer a problem restricted to governments whose national security is at stake, saytheauthors of a recent study titled “Glavlit: Preventing Ex?ltration at Wire Speed.”

Nabil Schear, Carmelo Kintana, Qing Zhang and Amin Vahdat note that with

ubiquitous Internet connectivity, “it is challenging to secure a network -- not only to prevent attack, but also to ensure that sensitive data are not released.”

In the study, far too complex and involved to adequately summarize here, they “consider the problem of ensuring that only pre-authorized data leave a network boundary using either overt or covert channels, i.e., preventing ex?ltration. We identify the goals of transparency, performance,

and simplicity.”

They caution that a system designed to prevent ex?ltration “should not adversely affect the transfer of authorized data and should work with existing protocols. Key to our approach is separating the process of vetting authorized objects from line-speed data veri?cation, and employing a restricted, but compliant, HTTP subset to limit covert channels.”

In their evaluation, then, they show that Glavlit “adds little overhead to the operation of a software network bridge.”

The goal of their work, they say, is to ensure that only approved data exit an organization’s protected internal network: “We wish to prevent the transmission of data either overtly in the payload channel of layer 7 protocols such as HTTP or FTP or in hidden covert channels in the protocol channel of these protocols. To prevent information leaks through these channels, everything beyond the TCP header must be veri?ed before allowing each packet to exit the network.”

They have developed a system, Glavlit, which they say “can prevent unauthorized release from a protected network while allowing authorized information to pass unhindered. Our goals for Glavlit are transparency, performance, and simplicity. Glavlit provides stringent security guarantees by enforcing complex exit policies while trusting only the systems responsible for authorizing individual ?les for release and for inspecting the packets leaving the network.”

In their estimation, they present a network content protection system that avoids many of the drawbacks with previous attempts to ensure that only authorized data cross a network boundary. “Speci?cally,” they say, “the system maintains client-server transparency, while only marginally decreasing throughput. Additionally, our system can secure all ?les on a network regardless of the security at a particular host.”

The key insight behind their approach is the decoupling of the object-vetting process (which can be variably slow) and the object-veri?cation process (which can be performed at high speed and on a per-packet basis): “Our prototype implementation of Glavlit performs nearly as well as a standard software bridge.”


David Sims is a contributing editor for TMCnet. To read more of David’s articles, please visit his columnist page. He also blogs for TMCnet here.

Edited by Erin Monda