SECURITY SYSTEMS AND METHODS TO REDUCE DATA LEAKS IN ENTERPRISE NETWORKS

US 20120137375A1
Filed: 09/20/2011
Published: 05/31/2012
Est. Priority Date: 09/20/2010
Status: Active Grant

First Claim

Patent Images

1. A security system for a plurality of resources in a network having a plurality of hosts, the security system comprising:

a plurality of taints, each taint being applicable to at least one of the plurality of resources, and each taint variably being in a first state or a second state;

a plurality of labels, each label comprising at least one taint;

a labeling system in communication with the plurality of hosts and configured to apply each of the plurality of labels to a corresponding resource of the plurality of resources; and

a enforcement system in communication with the plurality of hosts and configured to block outgoing network traffic from each host, if the outgoing network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are embodiments of a security system for reducing data leaks by checking information flows between resources of a network. When an information flow is attempted between a sending resource, which can be anywhere in the network, and a receiving resource residing at a specific host within the network, a host labeler can determine whether information is allowed to flow from the sending resource to the receiving resource. The sending resource and the receiving resource can each have an applicable label, and each label can comprise zero, one, or more taints. For each taint having an active secrecy characteristic in a label of the sending resource, the host labeler can require that there be a matching taint with active secrecy characteristic in the receiving resource. If this condition is not met, the security system can block the information flow between the sending and receiving resources.

60 Citations

View as Search Results

26 Claims

1. A security system for a plurality of resources in a network having a plurality of hosts, the security system comprising:
- a plurality of taints, each taint being applicable to at least one of the plurality of resources, and each taint variably being in a first state or a second state;
  
  a plurality of labels, each label comprising at least one taint;
  
  a labeling system in communication with the plurality of hosts and configured to apply each of the plurality of labels to a corresponding resource of the plurality of resources; and
  
  a enforcement system in communication with the plurality of hosts and configured to block outgoing network traffic from each host, if the outgoing network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The security system of claim 1, the enforcement system being configured to block an information flow from the first resource having the first label to a second resource having a second label, if the first label comprises a first taint in the first state and the second label lacks the first taint in the first state.
  - 3. The security system of claim 2, the labeling system applying an immutable label to the second resource, wherein the second resource leads outside the network.
  - 4. The security system of claim 2, the enforcement system being configured to block the information flow to the second resource absent content-scanning of the information flow.
  - 5. The security system of claim 2, the enforcement system being configured to determine provenance of the first resource based on the first label having the first taint in the first state.
  - 6. The security system of claim 2, further comprising a capability database associating each of a plurality of users with a corresponding capability set, wherein according to a first capability set of a first user, the first user has a capability to change the first taint from the second state to the first state in the second label to facilitate the information flow
  - 7. The security system of claim 6, wherein according to the first capability set, the first user has a capability to change the first taint from the first state to the second state to facilitate the information flow.
  - 8. The security system of claim 7, the labeling system being configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow.
  - 9. The security system of claim 6, wherein according to the first capability set, the first user lacks a capability to change the first taint from the first state to the second state.
  - 10. The security system of claim 6, wherein according to a second capability set of a second user, the second user lacks the capability to change the first taint from the second state to the first state.
  - 11. The security system of claim 1, the plurality of resources comprising a plurality of files or processes, wherein the labeling system is configured to apply a corresponding label to each of the plurality of the files or processes.
  - 12. The security system of claim 1, the plurality of resources comprising a plurality of database entries, wherein the labeling system is configured to apply a corresponding label to each of the plurality of database entries.
  - 13. The security system of claim 12, the enforcement system being further configured to identify login credentials of users who access a database from locations external to the enterprise, and to selectively allow authorized users to retrieve the database entries from locations external to the enterprise.
  - 14. The security system of claim 1, the first resource being a memory page, wherein the labeling system applies a label to each of a plurality of memory pages and receives notifications of attempted writes to the plurality of memory pages.

15. A security system for a plurality of resources in a network having a plurality of hosts, the security system comprising:
- a plurality of labels, including a first label and a second label, each label comprising at least one taint, and each taint being variable secret or non-secret;
  
  a host enforcer configured to analyze a first information flow from a first resource on the first host to a second resource on a first host; and
  
  a host labeler residing on a first host of the plurality of hosts, the host labeler being configured to apply the first label to the first resource and to apply the second label to a second resource;
  
  the host enforcer being further configured to block the first information flow if the first label comprises a secret first taint and the second label lacks the secret first taint.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The security system of claim 15, the host enforcer being further configured to allow the attempted information flow if the first label is absent any secret taint that is absent the second label.
  - 17. The security system of claim 15, the host enforcer being further configured to analyze a second information flow from the first resource on the first host to a third resource on a second host within the network.
  - 18. The security system of claim 17, further comprising a label repository in communication with the first host and in communication with the second host, the host labeler configured to transmit the first label to the label repository in response to the second information flow.
  - 19. The security system of claim 18, further comprising a second host enforcer at the second host, being configured to analyze the information flow from the first resource to the third resource, based on the first label and the third label.
  - 20. The security system of claim 15, the host enforcer being further configured to analyze a second information flow from the first resource on the first host to a third resource outside the network.
  - 21. The security system of claim 20, further comprising a network enforcer, the host enforcer configured to communicate the second information flow to the network enforcer, and the network enforcer configured to block the first information flow if the first label comprises a secret first taint.

22. A computer-implemented method comprising:
- providing a plurality of labels, each label comprising one or more taints, and each taint being changeably active or inactive;
  
  applying a first label to a first resource inside a network, the first label comprising a active first taint;
  
  applying a second label to a second resource leading outside the network, the second label lacking the active first taint;
  
  receiving an information flow from the first resource to the second resource;
  
  comparing, with a computer processor, the first label to the second label; and
  
  blocking the information flow in response to the second label lacking the active first taint.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The method of claim 22, the second label being an immutable label.
  - 24. The method of claim 22, further comprising:
    - receiving a second information flow from the first resource to a third resource leading outside the network;
      
      applying a third label to a third resource leading outside the network, the third label lacking the active first taint;
      
      determining that a first user who owns the first resource has a first capability to change the active first taint of the first label to inactive;
      
      modifying the first taint in the first label to inactive, after determining that the first user has the first capability;
      
      determining that the first label comprises no active taint lacked by the third label; and
      
      allowing the second information flow in response to determining that the first label has no active taint lacked by the third label.
  - 25. The method of claim 24, wherein modifying the first taint in the first label to inactive is performed automatically in response to determining that the first user has the first capability.
  - 26. The method of claim 24, wherein modifying the first taint in the first label to inactive is performed only when the first user has the first capability and successfully solves a proof-of-human test.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Georgia Tech Research Corporation (University System of Georgia)
Original Assignee
Georgia Tech Research Corporation (University System of Georgia)
Inventors
RAMACHANDRAN, Anirudh V., MUNDADA, Yogesh H., BIN TARIQ, Muhammad Mukarran, FEAMSTER, Nicholas G.

Granted Patent

US 8,893,300 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/105 Multiple levels of security

SECURITY SYSTEMS AND METHODS TO REDUCE DATA LEAKS IN ENTERPRISE NETWORKS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

SECURITY SYSTEMS AND METHODS TO REDUCE DATA LEAKS IN ENTERPRISE NETWORKS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others