TY - GEN
T1 - WatchIT
T2 - 8th ACM CCS International Workshop on Managing Insider Security Threats, MIST 2016
AU - Shalev, Noam
AU - Keidar, Idit
AU - Moatti, Yosef
AU - Weinsberg, Yaron
N1 - Publisher Copyright: © 2016 ACM.
PY - 2016/10/28
Y1 - 2016/10/28
N2 - System administrators have unlimited access to system resources. As the Snowden case shows, these permissions can be exploited to steal valuable personal, classified, or commercial data. In this work we propose a strategy that increases the organizational information security by constraining IT personnel's view of the system and monitoring their actions. To this end, we introduce the abstraction of perforated containers - while regular Linux containers are too restrictive to be used by system administrators, by "punching holes" in them, we strike a balance between information security and required administrative needs. Our system predicts which system resources should be accessible for handling each IT issue, creates a perforated container with the corresponding isolation, and deploys it in the corresponding machines as needed for fixing the problem. Under this approach, the system administrator retains his superuser privileges, while he can only operate within the container limits. We further provide means for the administrator to bypass the isolation, and perform operations beyond her boundaries. However, such operations are monitored and logged for later analysis and anomaly detection. We provide a proof-of-concept implementation of our strategy, along with a case study on the IT database of IBM Research in Israel.
AB - System administrators have unlimited access to system resources. As the Snowden case shows, these permissions can be exploited to steal valuable personal, classified, or commercial data. In this work we propose a strategy that increases the organizational information security by constraining IT personnel's view of the system and monitoring their actions. To this end, we introduce the abstraction of perforated containers - while regular Linux containers are too restrictive to be used by system administrators, by "punching holes" in them, we strike a balance between information security and required administrative needs. Our system predicts which system resources should be accessible for handling each IT issue, creates a perforated container with the corresponding isolation, and deploys it in the corresponding machines as needed for fixing the problem. Under this approach, the system administrator retains his superuser privileges, while he can only operate within the container limits. We further provide means for the administrator to bypass the isolation, and perform operations beyond her boundaries. However, such operations are monitored and logged for later analysis and anomaly detection. We provide a proof-of-concept implementation of our strategy, along with a case study on the IT database of IBM Research in Israel.
UR - http://www.scopus.com/inward/record.url?scp=85002373829&partnerID=8YFLogxK
U2 - 10.1145/2995959.2995968
DO - 10.1145/2995959.2995968
M3 - منشور من مؤتمر
T3 - MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016
SP - 93
EP - 96
BT - MIST 2016 - Proceedings of the International Workshop on Managing Insider Security Threats, co-located with CCS 2016
Y2 - 28 October 2016
ER -