The Design and Implementation of Glavlit: A Transparent Data Confinement System

Nabil Schear

Master's Thesis - University of California at San Diego

Committee in Charge: Amin Vahdat (chair), Geoffrey Voelker, George Varghese

Abstract

Given the landscape of threats currently facing the Internet today, it is challenging to secure a network -- not only to prevent attack, but also to ensure that sensitive data is not stolen. The Glavlit project considers the problem of efficiently confining protected data transferred using HTTP. Our goals for Glavlit are transparency, high speed, generic content analysis, and minimal covert channel bandwidth. While there have been a variety of solutions involving custom hardware, software, and practices, we focus on delivering high-performance data confinement that operates transparently using standard network protocols. The key techniques used by Glavlit to mitigate unauthorized communication are: i) verifying data transfer in both covert and overt channels; ii) employing a restricted, but compliant HTTP protocol subset; iii) verifying the semantics of protocol fields and behavior; and iv) separating the process of vetting authorized objects from line-speed data verification.

This thesis considers the implementation of the Glavlit system. We provide a summary of our leak mitigation techniques with a focus on their practical implementations. This thesis also presents the implementation of the three components of the Glavlit system: Warden, Client, and Guard. We detail how each is designed and the confinement and performance trade-offs we made. We also present a thorough evaluation of the performance and effectiveness of the Glavlit system. The evaluation shows that the mitigation techniques used by Glavlit may be deployed at the network perimeter without serious penalty. It also shows that our implementation is efficient compared to other network services.