Download now Free registration required
Preventing exfiltration of sensitive data is a central challenge facing many modern networking environments. In this paper, the authors propose a network-wide method of confining and controlling the flow of sensitive data within a network. Their approach is based on black-box differencing - they run two logical copies of the network, one with private data scrubbed, and compare outputs of the two to determine if and when private data is being leaked. To ensure outputs of the two copies match, they build upon recent advances that enable computing systems to execute deterministically at scale and with low overheads.
- Format: PDF
- Size: 352.2 KB