Policy transformations for preventing leakage of sensitive information in email systems

Authors:
Saket Kaushik;William Winsborough;Duminda Wijesekera;Paul Ammann
Affiliations:
Department of Information & Software Engineering, George Mason University, Fairfax, VA;Department of Computer Science, University of Texas at San Antonio, San Antonio, TX;Department of Information & Software Engineering, George Mason University, Fairfax, VA;Department of Information & Software Engineering, George Mason University, Fairfax, VA
Venue:
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Year:
2006

Citing 9
Cited 1

Fast correlation attacks on certain stream ciphers

Journal of Cryptology
Security-control methods for statistical databases: a comparative study

ACM Computing Surveys (CSUR)
Equivalence-preserving first-order unfold/fold transformation systems

Theoretical Computer Science - Selected papers of the Second International Conference on algebraic and logic programming, Nancy, France, October 1–3, 1990
Information leakage of boolean functions and its relationship to other cryptographic criteria

CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
Complexity and expressive power of logic programming

ACM Computing Surveys (CSUR)
The predicate elimination strategy in theorem proving

STOC '70 Proceedings of the second annual ACM symposium on Theory of computing
A Theory of Dictionary Attacks and its Complexity

CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Email feedback: a policy-based approach to overcoming false positives

Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Inference Controls for Statistical Databases

Computer

BPEL orchestration of secure webmail

Proceedings of the 3rd ACM workshop on Secure web services

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we identify an undesirable side-effect of combining different email-control mechanisms for protection from unwanted messages, namely, leakage of recipients' private information to message senders. The problem arises because some email-control mechanisms like bonds, graph-turing tests, etc., inherently leak information, and without discontinuing their use, leakage channels cannot be closed. We formalize the capabilities of an attacker and show how she can launch guessing attacks on recipient's mail acceptance policy that utilizes leaky mechanism in an effort to avoid unwanted mail. The attacker in our model guesses the contents of a recipient's private information. The recipients' use of leaky mechanisms allow the sender to verify her guess. We assume a constraint logic programming based policy language for specification and evaluation of mail acceptance criteria and present two different program transformations that can prevent guessing attacks while allowing recipients to utilize any email-control mechanism in their policies.