Efficient Network-Based Enforcement of Data Access Rights

Today, databases, especially those serving/conntected to the internet need strong protection against data leakage stemming from misconfiguration, as well as from malicious attacks, such as SQL injection. Other insider and Advanced Persistent Threat (APT) attacks are also increasingly common threats in the security landscape. We introduce a policy checking and enforcement system designed specifically to prevent unauthorized (malicious or accidental) exfiltration of database records from real-life large scale systems. At the center of our approach is a lightweight policy checker that filters all outgoing traffic. We provably guarantee that only authorized data may be sent outside, and to the right recipients. We design and formally prove secure two access control schemes, with differing security and performance guarantees: one based on authenticated Bloom filters, and one based on either long or short (e.g. 16-bits long aggregated MAC codes). The use of the short codes, while providing a clear performance benefit, cannot be proven secure by a simple reduction to aggregated MAC tools, and requires more careful handling and concrete security analysis. Each scheme is much more efficient than the naive MAC-based access control. Our solution requires explicit designation of each record-attribute-user tuple as permitted or disallowed. We rely on shared secret key cryptography and is therefore our system is best used by large organizations with centralized IT control. We implemented and executed our algorithms in an industrial system setup, approximating envisioned usage. We show that we achieve extremely high efficiency both in computation required from the server and checker, and the increase in traffic volume.