Student Work

SDN-Controlled Isolation Orchestration

Public

Downloadable Content

open in viewer

Numerous data breaches and ransomware attacks in recent history have highlighted the importance of data security. There is always a trade off between security and end-user autonomy. Organizations need methods of securing data without overly hindering productivity. Current systems either do not provide enough control over data usage or overly restrict users and hinder productivity. This project designs and implements a system intended to provide fine-grained control over data while allowing end-users more freedom over their systems. Our system leverages the confidentiality benefits of virtualization to provide end-users with multiple environments to work. These environments are protected by security controls proportional to the data contained within. Users are allowed environments for high-risk activity and are confined to interact with sensitive data in low-risk environments. We build a data provenance tracking system to label, update, and transmit data provenance labels. Provenance labels determine how data is distributed among different risk environments. We build a distributed network control system to manage what network connections each environment can make. Network connections can be allowed or denied based off a centralized rule matrix. We perform benchmark testing on the data provenance tracking system and network control system, and find that their overhead does not pose a threat to the usability of the systems it governs. We evaluate the mechanism that transmits provenance labels and likewise conclude that it does not impede the usability of the system or the network on which it transmits. We also monitor the latency, or responsiveness, of the network control system and found minor impact.

  • This report represents the work of one or more WPI undergraduate students submitted to the faculty as evidence of completion of a degree requirement. WPI routinely publishes these reports on its website without editorial or peer review.
Creator
Subject
Publisher
Identifier
  • E-project-030422-130038
  • 49411
Keyword
Advisor
Year
  • 2022
UN Sustainable Development Goals
Date created
  • 2022-03-04
Resource type
Major
Rights statement
License

Relations

In Collection:

Items

Items

Permanent link to this page: https://digital.wpi.edu/show/ms35tc78h