Numerous data breaches and ransomware attacks in recent history have highlighted the importance of data security. There is always a trade off between security and end-user autonomy. Organizations need methods of securing data without overly hindering productivity. Current systems either do not provide enough control over data usage or overly restrict users and hinder productivity. This project designs and implements a system intended to provide fine-grained control over data while allowing end-users more freedom over their systems. Our system leverages the confidentiality benefits of virtualization to provide end-users with multiple environments to work. These environments are protected by security controls proportional to the data contained within. Users are allowed environments for high-risk activity and are confined to interact with sensitive data in low-risk environments. We build a data provenance tracking system to label, update, and transmit data provenance labels. Provenance labels determine how data is distributed among different risk environments. We build a distributed network control system to manage what network connections each environment can make. Network connections can be allowed or denied based off a centralized rule matrix. We perform benchmark testing on the data provenance tracking system and network control system, and find that their overhead does not pose a threat to the usability of the systems it governs. We evaluate the mechanism that transmits provenance labels and likewise conclude that it does not impede the usability of the system or the network on which it transmits. We also monitor the latency, or responsiveness, of the network control system and found minor impact.

• This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.

Creator

• Backer, Jake
• Davis, Lia

Subject

• Innovation
• Security
• Computing

Publisher

• Worcester Polytechnic Institute

Identifier

• E-project-030422-130038
• 49411

Keyword

• SDN
• Security
• Virtualization
• Latency
• File Provenance
• Linux

Advisor

• Shue, Craig A.

Year

• 2022

UN Sustainable Development Goals

• Not Specified

Date created

• 2022-03-04

Resource type

• Major Qualifying Project

Major

• Computer Science

Rights statement

• In Copyright

License

• Creative Commons BY-NC Attribution-NonCommercial 4.0 International