Protecting cloud data using dynamic inline fingerprint checks

Preventing flow of confidential data out of a network is a fundamental problem faced by network operators. This problem gets even more complex in the context of Cloud Computing, where multiple distrusting customers share the same underlying infrastructure, and data is often replicated and moved across regions. Despite the significance of this problem, existing solutions are based on generic search for keywords in outgoing data, and hence severely lack the ability to control data flow at a fine granularity with low false positives. In this paper, we advocate a fine-grained approach to prevent confidential data from leaking out of the cloud. We propose a solution using document-level fingerprint checks. We show via analysis and experiments that our algorithm for checking the fingerprints on-the-fly scale to a large amount of documents at very low cost. For example, for one TB of documents, our solution only requires 340 MB memory to achieve worst case expected detection lag (i.e. leakage length) of 1000 bytes.