Security systems and methods to reduce data leaks in enterprise networks

US 8,893,300 B2
Filed: 09/20/2011
Issued: 11/18/2014
Est. Priority Date: 09/20/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A security system for a plurality of resources in a computer network having a plurality of hosts, the security system comprising:

a computer processor;

a memory operatively coupled to the computer processor and configured for storing data and instructions;

a plurality of taints, each taint configured to be applied by a labeling system to at least one of the plurality of resources, and each taint having a plurality of characteristics including identification data, secrecy data, and integrity data, the characteristics variably being in a first state or a second state;

a plurality of labels, each label comprising at least one taint;

the labeling system in communication with the plurality of hosts and configured to apply, by the processor, a label of the plurality of labels to a corresponding operating system resource of the plurality of resources, and to receive notifications of attempted writes to the operating system resource, wherein the operating system resource includes one or more of a file, process, socket, thread, or memory page;

a capability database configured for associating each of a plurality of users with a respective corresponding capability set for each respective taint of the plurality of taints, wherein according to a first capability set of a first user for a first taint, the first user has a capability to change the characteristics of the first taint from the second state to the first state, and from the first state to the second state, in the first label,wherein the labeling system is further configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow; and

an enforcement system in communication with the plurality of hosts and configured to block outgoing computer network traffic from each host, responsive to determining the outgoing computer network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are embodiments of a security system for reducing data leaks by checking information flows between resources of a network. When an information flow is attempted between a sending resource, which can be anywhere in the network, and a receiving resource residing at a specific host within the network, a host labeler can determine whether information is allowed to flow from the sending resource to the receiving resource. The sending resource and the receiving resource can each have an applicable label, and each label can comprise zero, one, or more taints. For each taint having an active secrecy characteristic in a label of the sending resource, the host labeler can require that there be a matching taint with active secrecy characteristic in the receiving resource. If this condition is not met, the security system can block the information flow between the sending and receiving resources.

22 Citations

View as Search Results

16 Claims

1. A security system for a plurality of resources in a computer network having a plurality of hosts, the security system comprising:
- a computer processor;
  
  a memory operatively coupled to the computer processor and configured for storing data and instructions;
  
  a plurality of taints, each taint configured to be applied by a labeling system to at least one of the plurality of resources, and each taint having a plurality of characteristics including identification data, secrecy data, and integrity data, the characteristics variably being in a first state or a second state;
  
  a plurality of labels, each label comprising at least one taint;
  
  the labeling system in communication with the plurality of hosts and configured to apply, by the processor, a label of the plurality of labels to a corresponding operating system resource of the plurality of resources, and to receive notifications of attempted writes to the operating system resource, wherein the operating system resource includes one or more of a file, process, socket, thread, or memory page;
  
  a capability database configured for associating each of a plurality of users with a respective corresponding capability set for each respective taint of the plurality of taints, wherein according to a first capability set of a first user for a first taint, the first user has a capability to change the characteristics of the first taint from the second state to the first state, and from the first state to the second state, in the first label,wherein the labeling system is further configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow; and
  
  an enforcement system in communication with the plurality of hosts and configured to block outgoing computer network traffic from each host, responsive to determining the outgoing computer network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The security system of claim 1, the enforcement system being configured to block an information flow from the first resource having the first label to a second resource having a second label, responsive to determining the first label comprises a first taint with characteristics in the first state and the second label lacks the first taint with characteristics in the first state.
  - 3. The security system of claim 2, the labeling system applying an immutable label to the second resource, wherein the second resource leads outside the computer network.
  - 4. The security system of claim 2, the enforcement system being configured to block the information flow to the second resource absent content-scanning of the information flow.
  - 5. The security system of claim 2, the enforcement system being configured to determine provenance of the first resource based on the first label having the first taint with characteristics in the first state.
  - 6. The security system of claim 1, wherein according to a second capability set of a second user for the first taint, the second user lacks the capability to change the characteristics of the first taint from the second state to the first state.
  - 7. The security system of claim 1, the plurality of resources comprising a plurality of database entries, wherein the labeling system is configured to apply a corresponding label to each of the plurality of database entries.
  - 8. The security system of claim 7, wherein the computer network is an enterprise network, the enforcement system being further configured to identify login credentials of users who access a database from locations external to the enterprise network, and to selectively allow authorized users to retrieve the database entries from locations external to the enterprise.

9. A security system for a plurality of resources in a computer network having a plurality of hosts, the security system comprising:
- a computer processor;
  
  a memory operatively coupled to the computer processor and configured for storing data and instructions;
  
  a plurality of taints, each taint configured to be applied by a labeling system to at least one of the plurality of resources, and each taint having a plurality of characteristics including identification data, secrecy data, and integrity data, the characteristics variably being in a first state or a second state;
  
  a plurality of labels, each label comprising at least one taint;
  
  the labeling system in communication with the plurality of hosts and configured to apply, by the processor, a label of the plurality of labels to a corresponding operating system resource of the plurality of resources, and to receive notifications of attempted writes to the operating system resource, wherein the operating system resource includes one or more of a file, process, socket, thread, or memory page;
  
  a capability database configured for associating each of a plurality of users with a respective corresponding capability set for each respective taint of the plurality of taints, wherein according to a first capability set of a first user for a first taint, the first user has a capability to change the characteristics of the first taint from the second state to the first state, but not from the first state to second state, in the first label,wherein the labeling system is further configured to automatically modify the state of the first label on behalf of the first user, to facilitate the information flow; and
  
  an enforcement system in communication with the plurality of hosts and configured to block outgoing computer network traffic from each host, responsive to determining the outgoing computer network traffic includes a first resource where at least one taint in a first label of the first resource is in the first state.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The security system of claim 9, the enforcement system being configured to block an information flow from the first resource having the first label to a second resource having a second label, responsive to determining the first label comprises a first taint with characteristics in the first state and the second label lacks the first taint with characteristics in the first state.
  - 11. The security system of claim 9, the labeling system applying an immutable label to the second resource, wherein the second resource leads outside the computer network.
  - 12. The security system of claim 9, the enforcement system being configured to block the information flow to the second resource absent content-scanning of the information flow.
  - 13. The security system of claim 9, the enforcement system being configured to determine provenance of the first resource based on the first label having the first taint with characteristics in the first state.
  - 14. The security system of claim 9, wherein according to a second capability set of a second user for the first taint, the second user lacks the capability to change the first taint from the second state to the first state.
  - 15. The security system of claim 9, the plurality of resources comprising a plurality of database entries, wherein the labeling system is configured to apply a corresponding label to each of the plurality of database entries.
  - 16. The security system of claim 15, wherein the computer network is an enterprise network, the enforcement system being further configured to identify login credentials of users who access a database from locations external to the enterprise network, and to selectively allow authorized users to retrieve the database entries from locations external to the enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Georgia Tech Research Corporation (University System of Georgia)
Original Assignee
Georgia Tech Research Corporation (University System of Georgia)
Inventors
Feamster, Nicholas G., Ramachandran, Anirudh V., Mundada, Yogesh H., Bin Tariq, Muhammad Mukarram
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US13/237,618
Publication Number

US 20120137375A1
Time in Patent Office

1,155 Days
Field of Search

726/19, 726 22- 25, 726/27, 726/28, 707/687
US Class Current

726/28
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/105 Multiple levels of security

Security systems and methods to reduce data leaks in enterprise networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Security systems and methods to reduce data leaks in enterprise networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links