Alcatraz: Data Exfiltration-Resilient Corporate Network Architecture

In Advanced Persistent Threats (APTs), an adversary targets network components such as switches and middle boxes as well as end hosts to exfiltrate sensitive information out of the network. We propose Alcatraz, a new corporate network architecture to prevent data exfiltration. Alcatraz ensures path integrity, packet integrity, and packet confidentiality to prevent a malicious network component from extracting, altering, or maliciously forwarding any network packet. Alcatraz leverages Trusted Execution Environments (TEE) created by Intel SGX to protect modules providing these security properties. To achieve exfiltration resilience, our architecture ensures that sensitive information is only processed within a TEE, from the sender to the receiver and along all network nodes. Although our architecture requires many changes, it explores the design space of what level of security can be achieved today with commodity hardware. Through our software switch implementation, we demonstrate that the performance is already viable for a corporate environment with high security requirements. Our results suggest that an optimized hardware implementation could satisfy also higher performance requirements.