Studying Naive Users and the Insider Threat with SimpleFlow
Title | Studying Naive Users and the Insider Threat with SimpleFlow |
Publication Type | Conference Paper |
Year of Publication | 2016 |
Authors | Johnson, Ryan V., Lass, Jessie, Petullo, W. Michael |
Conference Name | Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4571-2 |
Keywords | composability, information flow, insider threat, Linux, linux operating systems security, linux security module, Metrics, operating system security, pubcrawl, Resiliency |
Abstract | Most access control systems prohibit illicit actions at the moment they seem to violate a security policy. While effective, such early action often clouds insight into the intentions behind negligent or willful security policy violations. Furthermore, existing control mechanisms are often very low-level; this hinders understanding because controls must be spread throughout a system. We propose SimpleFlow, a simple, information-flow-based access control system which allows illicit actions to occur up until sensitive information would have left the local network. SimpleFlow marks such illicit traffic before transmission, and this allows network devices to filter such traffic in a number of ways. SimpleFlow can also spoof intended recipients to trick malware into revealing application-layer communication messages even while blocking them. We have written SimpleFlow as a modification to the Linux kernel, and we have released our work as open source. |
URL | http://doi.acm.org/10.1145/2995959.2995960 |
DOI | 10.1145/2995959.2995960 |
Citation Key | johnson_studying_2016 |