Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing

Shu, Xiaokui; Zhang, Jing; Yao, Danfeng; Feng, Wu-chun

doi:10.1145/2699026.2699130

Cited by 5 publications

(3 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the side of formal analysis of data leaks in workflows, Accorsi and Wonnemann [41] proposed a framework for the automated detection of leaks based on static flow analysis by transforming workflows into Petri nets. Some papers propose data leak protection, by screening data and comparing fingerprints [42][43][44][45][46][47][48]. Segarra et al [49] propose an architecture to securely stream medical data using Trusted Execution Environments, while Zuo et al investigate data leakage in mobile applications interaction with the cloud [50].…”

Section: Related Workmentioning

confidence: 99%

Securing Workflows Using Microservices and Metagraphs

et al. 2021

View full text Add to dashboard Cite

Companies such as Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured. In this paper, we first show how those workflows can be deployed and enforced while preventing data exposure. Second, this paper provides a global framework to enable the verification of workflow policies. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture to enforce owner policy. We implement a workflow with our infrastructure in a publicly available proof of concept. This work allows us to verify that the specified policy is correctly enforced by testing the deployment for policy violations, and find the overhead cost of authorization to be reasonable for the benefits. In addition, this paper presents a way to verify policies using a suite of tools transforming and checking policies as metagraphs. It is evident from the results that our verification method is very efficient regarding the size of the policies. Overall, this infrastructure and the mechanisms that verify the policy is correctly enforced, and then correctly implemented, help us deploy workflows in the cloud securely.

show abstract

Section: Related Workmentioning

confidence: 99%

Securing Workflows Using Microservices and Metagraphs

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The detection rate gives the percentage of leak incidents that are successfully detected. We also compute standard false positive rate defined in Equation (2). We detail the semantic meaning for primary cases, true positive (TP), false positive (FP), true negative (TN), and false negative (FN), in Table III. Detection rate (Recall) = TP TP + FN (1) False positive rate = FP FP + TP…”

Section: A Implementation and Experiments Setupmentioning

confidence: 99%

Fast Detection of Transformed Data Leaks

Shu

Zhang

Yao

et al. 2016

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

The leak of sensitive data on computer systems poses a serious threat to organizational security. Statistics show that the lack of proper encryption on files and communications due to human errors is one of the leading causes of data loss. Organizations need tools to identify the exposure of sensitive data by screening the content in storage and transmission, i.e., to detect sensitive information being stored or transmitted in the clear. However, detecting the exposure of sensitive information is challenging due to data transformation in the content. Transformations (such as insertion, deletion) result in highly unpredictable leak patterns. In this work, we utilize sequence alignment techniques for detecting complex data-leak patterns. Our algorithm is designed for detecting long and inexact sensitive data patterns. This detection is paired with a comparable sampling algorithm, which allows one to compare the similarity of two separately sampled sequences. Our system achieves good detection accuracy in recognizing transformed leaks. We implement a parallelized version of our algorithms in graphics processing unit that achieves high analysis throughput. We demonstrate the high multithreading scalability of our data leak detection method required by a sizable organization.

show abstract

“…Shu and Yao [32] presented privacy-preserving methods for protecting sensitive data in a non-MapReduce based detection environment. Shu et al [33] further proposed to accelerate screening transformed data leaks using GPU. Blanton et al [5] proposed a solution for fast outsourcing of sequence edit distance and secure path computation, while preserving the confidentiality of the sequence.…”

Section: Related Workmentioning

confidence: 99%

Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce

Liu

Shu

Yao

et al. 2015

Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

Self Cite

View full text Add to dashboard Cite

The exposure of sensitive data in storage and transmission poses a serious threat to organizational and personal security. Data leak detection aims at scanning content (in storage or transmission) for exposed sensitive data. Because of the large content and data volume, such a screening algorithm needs to be scalable for a timely detection. Our solution uses the MapReduce framework for detecting exposed sensitive content, because it has the ability to arbitrarily scale and utilize public resources for the task, such as Amazon EC2. We design new MapReduce algorithms for computing collection intersection for data leak detection. Our prototype implemented with the Hadoop system achieves 225 Mbps analysis throughput with 24 nodes. Our algorithms support a useful privacy-preserving data transformation. This transformation enables the privacy-preserving technique to minimize the exposure of sensitive data during the detection. This transformation supports the secure outsourcing of the data leak detection to untrusted MapReduce and cloud providers.

show abstract

Rapid Screening of Transformed Data Leaks with Efficient Algorithms and Parallel Computing

Cited by 5 publications

References 3 publications

Securing Workflows Using Microservices and Metagraphs

Securing Workflows Using Microservices and Metagraphs

Fast Detection of Transformed Data Leaks

Privacy-Preserving Scanning of Big Content for Sensitive Data Exposure with MapReduce

Contact Info

Product

Resources

About