Takayuki Sasaki

Towards Detecting Suspicious Insiders by Triggering Digital Data Sealing

Insider threats, such as information leakages, are big problems in many organizations. They are difficult to detect and control, because insiders such as employees have legitimate rights to access the organizations resources in order to carry out their responsibilities. For this reason, existing security systems such as firewalls, intrusion detection systems, and access control mechanisms are ineffective countermeasures. Therefore, a framework is being developed for detecting suspicious insiders by triggering monitoring and analysis of suspicious actions done to hide digital evidence. This framework first creates an event (called a trigger) that will impel malicious members to behave suspiciously, for example, deleting digital data that may be evidence of their malicious behavior. In addition, the framework also monitors and analyzes actions by comparing operational logs before/after the trigger. This work is still in progress. Here, a system architecture based on the detection framework and cases in which it is used are described. Also, the effectiveness and the limitations of the proposed framework are discussed.

SDNsec: Forwarding Accountability for the SDN Data Plane

SDN promises to make networks more flexible, programmable, and easier to manage. Inherent security problems in SDN today, however, pose a threat to the promised benefits. First, the network operator lacks tools to proactively ensure that policies will be followed or to reactively inspect the behavior of the network. Second, the distributed nature of state updates at the data plane leads to inconsistent network behavior during reconfigurations. Third, the large flow space makes the data plane susceptible to state exhaustion attacks. This paper presents SDNsec, an SDN security extension that provides forwarding accountability for the SDN data plane. Forwarding rules are encoded in the packet, ensuring consistent network behavior during reconfigurations and limiting state exhaustion attacks due to table lookups. Symmetric-key cryptography is used to protect the integrity of the forwarding rules and enforce them at each switch. A complementary path validation mechanism allows the controller to reactively examine the actual path taken by the packets. Furthermore, we present mechanisms for secure link-failure recovery.

Content oriented virtual domains for secure information sharing across organizations

Secure information sharing across different organizations is an emerging issue for collaborative software development, product design, etc. Virtual domains have been proposed for this issue so far. A virtual domain is a collaborative workspace comprising virtual computer resources dedicated to a particular collaborative activity, and it is subject to information sharing policies that restrict the scope of information sharing within the domain.n This paper proposes a method of constructing Content Oriented Virtual Domains, which leverages existing common services such as e-mail, Web, and file servers, therefore enabling us to construct a secure collaborative workspace at lower cost than existing methods that require such services to be reconstructed in the same domain. This paper also shows an experimental implementation of the method and its performance evaluation results.

SAFES: Sand-boxed Architecture for Frequent Environment Self-measurement

Monitoring software of low-end devices is a key part of defense in depth for IoT systems. These devices are particularly susceptible to memory corruption vulnerabilities because the limited computational resources restrict the types of countermeasures that can be implemented. Run-time monitoring therefore is fundamental for the security of these devices. We propose a monitoring architecture for untrusted software at the I/O event granularity for TrustZone-enabled devices. The architecture enables us to measure the integrity of the code immediately before its execution is triggered by any input. To verify the integrity in a lightweight manner, we statically determine the minimal code region that needs to be measured based on the I/O operation. We develop a prototype of the architecture using TrustZone-M and demonstrate that our prototype has a low processing overhead and small ROM memory footprint.

Control-plane isolation and recovery for a secure SDN architecture

Software Defined Networking (SDN) allows scalable and flexible network management without requiring costly hardware changes. However, this technology is relatively new, and creates new security risks. More specifically, in current SDN designs (1) a compromised component can affect the whole SDN network due to its centralized architecture, and (2) existing designs do not allow recovery of compromised components. To solve these problems, we propose a secure SDN architecture which (1) limits damage due to a compromised controller and switch processes by using strong software isolation mechanisms, and (2) allows recovery of compromised controller and switch processes by regularly and automatically rolling them back to a pristine state. We show detailed designs of these mechanisms. We discuss the main aspects of our systems design and show preliminary evaluation results of a prototype implementation.