文摘
With the big-data and mobile Internet era coming, sensitive information (SI) in various applications plays a key role; even more, they can be an important part of the authentication between clients and servers. However, how to measure security or sensitivity degrees of SI is an open issue. Furthermore, no effective method can detect covert channel of SI thieves in Advanced Persistent Threat attacks. To deal with these problems, we propose a new design, called software-defined networking (SDN)-based SI Protection, in which sensitivity degree can be measured by using Analytic Hierarchy Process and Technique for Order Preference by Similarity to an Ideal Solution, and SI covert channel can be detected based on OpenFlow in SDN. To our best knowledge, it is the first defined sensitivity degree for SI and novel flow-table design in SI data flow switch. Most significantly, our proposal can apply integrated semantics of leakage points and accident attacks into security analysis and switch protocol in Operating System or network. To verify our proposal, experimental tests are performed in social network platforms, field test results have demonstrated that this proposal can capture security level for SI as expected, detect any kinds of potential leakage points in data lifetime, describe fine-grained semantics of accidental attacks, and detect illegal data flow of SI in network layer. Copyright