Quantifying Information Leaks in Outbound Web Traffic

12 years 6 months ago
Quantifying Information Leaks in Outbound Web Traffic
As the Internet grows and network bandwidth continues to increase, administrators are faced with the task of keeping confidential information from leaving their networks. Today’s network traffic is so voluminous that manual inspection would be unreasonably expensive. In response, researchers have created data loss prevention systems that check outgoing traffic for known confidential information. These systems stop naïve adversaries from leaking data, but are fundamentally unable to identify encrypted or obfuscated information leaks. What remains is a high-capacity pipe for tunneling data to the Internet. We present an approach for quantifying information leak capacity in network traffic. Instead of trying to detect the presence of sensitive data—an impossible task in the general case—our goal is to measure and constrain its maximum volume. We take advantage of the insight that most network traffic is repeated or determined by external information, such as protocol specification...
Kevin Borders, Atul Prakash
Added 21 May 2010
Updated 21 May 2010
Type Conference
Year 2009
Where SP
Authors Kevin Borders, Atul Prakash
Comments (0)