Matús Harvan

MONPOLY: monitoring usage-control policies

Determining whether the usage of sensitive, digitally stored data complies with regulations and policies is a growing concern for companies, administrations, and end users alike. Classical examples of policies used for protecting and preventing the misuse of data are history-based access-control policies like the Chinese-wall policy and separation-of-duty constraints. Other policies from more specialized areas like banking involve retention, reporting, and transaction requirements. Simplified examples from this domain are that financial reports must be approved at most a week before they are published and that transactions over

State-Based Usage Control Enforcement with Data Flow Tracking using System Call Interposition

10,000 must be reported within two days.

Scalable Offline Monitoring

Usage control generalizes access control to what happens to data in the future. We contribute to the enforcement of usage control requirements at the level of system calls by also taking into account data flow: Restrictions on the dissemination of data, for instance, as stipulated by data protection regulations, of course relate not to just one file containing the data, but likely to all copies of that file as well. In order to enforce the dissemination restrictions on all copies of the sensitive data item, we introduce a data flow model that tracks how the content of a file flows through the system (files, network sockets, main memory). By using this model, the existence of potential copies of the data is reflected in the state of the data flow model. This allows us to enforce the dissemination restrictions by relating to the state rather than all sequences of events that possibly yield copies. Generalizing this idea, we describe how usage control policies can be expressed in a related state-based manner. Finally, we present an implementation of the data flow model and state-based policy enforcement as well as first encouraging performance measurements.

Monitoring Usage-Control Policies in Distributed Systems

We propose an approach to monitoring IT systems offline, where system actions are logged in a distributed file system and subsequently checked for compliance against policies formulated in an expressive temporal logic. The novelty of our approach is that monitoring is parallelized so that it scales to large logs. Our technical contributions comprise a formal framework for slicing logs, an algorithmic realization based on MapReduce, and a high-performance implementation. We evaluate our approach analytically and experimentally, proving the soundness and completeness of our slicing techniques and demonstrating its practical feasibility and efficiency on real-world logs with 400 GB of relevant data.

Prefix- and Lexicographical-order-preserving IP Address Anonymization

We have previously presented a monitoring algorithm for compliance checking of policies formalized in an expressive metric first-order temporal logic. We explain here the steps required to go from the original algorithm to a working infrastructure capable of monitoring an existing distributed application producing millions of log entries per day. The main challenge is to correctly and efficiently monitor the trace interleavings obtained by totally ordering actions that happen at the same time. We provide solutions based on formula transformations and monitoring representative traces. We also report, for the first time, on statistics on the performance of our monitor on real-world data, providing evidence of its suitability for nontrivial applications.

SNMP Trace Analysis Definitions

The anonymization of SNMP traffic traces requires an IP address anonymization scheme which is prefix-preserving and lexicographical-order-preserving. We present an anonymization scheme satisfying these two requirements which has been derived from the prefix-preserving cryptography-based scheme Crypto-PAn. We formally prove the correctness of the scheme and we describe an embeddable implementation. Limits of the proposed anonymization scheme and some security aspects are discussed as well

TinyOS Motes on the Internet: IPv6 over 802.15.4 (6lowpan)

The Network Management Research Group (NMRG) started an activity to collect traces of the Simple Network Management Protocol (SNMP) from operational networks. To analyze these traces, it is necessary to split potentially large traces into more manageable pieces that make it easier to deal with large data sets and simplify the analysis of the data. This document introduces some common definitions that have been found useful for implementing tools to support trace analysis.

Usage Control Enforcement with Data Flow Tracking for X11

ABSTRACT Wireless sensor networks have so far used custom, light-weight network protocols. Given the common presence of 802.15.4 radio interfaces, it becomes feasible to connect motes directly to the global Internet using the 6lowpan adaptation layer. By natively supporting IPv6, motes become first-class Internet citizens capable of communication with any other IPv6-enabled host and benefit from the standardized and already established technology. To this end, a 6lowpan/IPv6 stack has been implemented for TinyOS 2.0. The paper gives an overview of this implementation, describes the motivations behind design decisions, provides an evaluation of the implementation, and briefly compares it to other implementations.