SDN-Controlled Isolation Orchestration to Support End-User Autonomy

Elmaliki, Nour

Student Work

SDN-Controlled Isolation Orchestration to Support End-User Autonomy

Public

Numerous data breaches and ransomware attacks in recent history have highlighted the importance of data security. There is always a trade off between security and end-user autonomy. Organizations need methods of securing data without overly hindering productivity. Current systems either do not provide enough control over data usage or overly restrict users and hinder productivity. This project designs and implements a system intended to provide fine-grained control over data while allowing end-users more freedom over their systems. Our system leverages the confidentiality benefits of virtualization to provide end-users with multiple environments to work. These environments are protected by security controls proportional to the data contained within. Users are allowed environments for high-risk activity and are confined to interact with sensitive data in low-risk environments. We built a data provenance tracking system to label, update, and transmit data provenance labels. Provenance labels will be used to determine how data is distributed among different risk environments. We performed benchmark testing on the data provenance tracking system and determined that its overhead does not pose a threat to the usability of the systems it governs. We evaluated the mechanism that transmits provenance labels and likewise concluded that it does not impede the usability of the system or the network on which it transmits.This paper is a snapshot of the project mid-development. One of the team members is graduating and this deliverable represents the work performed thus far.

This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.

Creator