Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
CLAMP: Practical Prevention of Large-Scale Data Leaks Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, Adrian Perrig
 

Summary: CLAMP: Practical Prevention of Large-Scale Data Leaks
Bryan Parno, Jonathan M. McCune, Dan Wendlandt, David G. Andersen, Adrian Perrig
CyLab, Carnegie Mellon University
Abstract
Providing online access to sensitive data makes web
servers lucrative targets for attackers. A compromise of any
of the web server's scripts, applications, or operating sys-
tem can leak the sensitive data of millions of customers. Un-
fortunately, many systems for stopping data leaks require
considerable effort from application developers, hindering
their adoption.
In this work, we investigate how such leaks can be pre-
vented with minimal developer effort. We propose CLAMP,
an architecture for preventing data leaks even in the
presence of web server compromises or SQL injection
attacks. CLAMP protects sensitive data by enforcing strong
access control on user data and by isolating code running
on behalf of different users. By focusing on minimizing
developer effort, we arrive at an architecture that allows
developers to use familiar operating systems, servers, and

  

Source: Andersen, Dave - School of Computer Science, Carnegie Mellon University
Sadeh, Norman M. - Institute for Software Research & School of Computer Science, Carnegie Mellon University

 

Collections: Computer Technologies and Information Sciences