Reliably determining data leakage in the presence of strong attackers

Riccardo Bortolameotti; Andreas Peter; Maarten Hinderik Everts; Willem Jonker; Pieter H. Hartel

doi:10.1145/2991079.2991095

Reliably determining data leakage in the presence of strong attackers

Riccardo Bortolameotti, Andreas Peter, Maarten Hinderik Everts, Willem Jonker, Pieter H. Hartel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked. In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services.

Original language	Undefined
Title of host publication	Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016
Place of Publication	New York
Publisher	Association for Computing Machinery
Pages	484-495
Number of pages	12
ISBN (Print)	978-1-4503-4771-6
DOIs	https://doi.org/10.1145/2991079.2991095
Publication status	Published - Dec 2016
Event	32nd Annual Computer Security Applications Conference, ACSAC 2016 - Hilton Los Angeles/Universal Cit, Los Angeles, United States Duration: 5 Dec 2016 → 9 Dec 2016 Conference number: 32

Conference

Conference	32nd Annual Computer Security Applications Conference, ACSAC 2016
Abbreviated title	ACSAC
Country/Territory	United States
City	Los Angeles
Period	5/12/16 → 9/12/16

Keywords

EWI-27921
SCS-Cybersecurity

Access to Document

10.1145/2991079.2991095

http://eprints.eemcs.utwente.nl/secure2/27921/01/ACSAC2016.pdf

Cite this

@inproceedings{2d5e05d75ea345b5a83fb81e62fd591c,

title = "Reliably determining data leakage in the presence of strong attackers",

abstract = "We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked. In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services.",

keywords = "EWI-27921, SCS-Cybersecurity",

author = "Riccardo Bortolameotti and Andreas Peter and Everts, {Maarten Hinderik} and Willem Jonker and Hartel, {Pieter H.}",

year = "2016",

month = dec,

doi = "10.1145/2991079.2991095",

language = "Undefined",

isbn = "978-1-4503-4771-6",

pages = "484--495",

booktitle = "Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016",

publisher = "Association for Computing Machinery",

note = "32nd Annual Computer Security Applications Conference, ACSAC 2016 ; Conference date: 05-12-2016 Through 09-12-2016",

}

Bortolameotti, R, Peter, A , Everts, MH , Jonker, W & Hartel, PH 2016, Reliably determining data leakage in the presence of strong attackers. in Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016. Association for Computing Machinery, New York, pp. 484-495, 32nd Annual Computer Security Applications Conference, ACSAC 2016, Los Angeles, California, United States, 5/12/16. https://doi.org/10.1145/2991079.2991095

Reliably determining data leakage in the presence of strong attackers. / Bortolameotti, Riccardo; Peter, Andreas ; Everts, Maarten Hinderik et al.
Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016. New York: Association for Computing Machinery, 2016. p. 484-495.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Reliably determining data leakage in the presence of strong attackers

AU - Bortolameotti, Riccardo

AU - Peter, Andreas

AU - Everts, Maarten Hinderik

AU - Jonker, Willem

AU - Hartel, Pieter H.

N1 - Conference code: 32

PY - 2016/12

Y1 - 2016/12

N2 - We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked. In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services.

AB - We address the problem of determining what data has been leaked from a system after its recovery from a successful attack. This is a forensic process which is relevant to give a better understanding of the impact of a data breach, but more importantly it is becoming mandatory according to the recent developments of data breach notification laws. Existing work in this domain has discussed methods to create digital evidence that could be used to determine data leakage, however most of them fail to secure the evidence against malicious adversaries or use strong assumptions such as trusted hardware. In some limited cases, data can be processed in the encrypted domain which, although being computationally expensive, can ensure that nothing leaks to an attacker, thereby making the leakage determination trivial. Otherwise, victims are left with the only option of considering all data to be leaked. In contrast, our work presents an approach capable of determining the data leakage using a distributed log that securely records all accesses to the data without relying on trusted hardware, and which is not all-or-nothing. We demonstrate our approach to guarantee secure and reliable evidence against even strongest adversaries capable of taking complete control over a machine. For the concrete application of client-server authentication, we show the preciseness of our approach, that it is feasible in practice, and that it can be integrated with existing services.

KW - EWI-27921

KW - SCS-Cybersecurity

U2 - 10.1145/2991079.2991095

DO - 10.1145/2991079.2991095

M3 - Conference contribution

SN - 978-1-4503-4771-6

SP - 484

EP - 495

BT - Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016

PB - Association for Computing Machinery

CY - New York

T2 - 32nd Annual Computer Security Applications Conference, ACSAC 2016

Y2 - 5 December 2016 through 9 December 2016

ER -