1 / 35

transformation

SVA. Cryptographic secure computation. e.g., Enforce properties on a malicious OS. Binary translation and emulation. Data-centric security. e.g., Enable complex distributed systems, with resilience to hostile OS’s. Formal methods. Secure browser appliance. transformation.

freya-franklin
Download Presentation

transformation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SVA Cryptographic secure computation e.g., Enforce properties on a malicious OS Binary translation andemulation Data-centric security e.g., Enable complex distributed systems, with resilience to hostile OS’s Formal methods Secure browser appliance transformation Hardware support for isolation Secure servers e.g., Prevent dataexfiltration Dealing with malicious hardware web-based architectures HARDWARE SYstem architectures

  2. Platform for Private Data MohitTiwari, UC Berkeley with KrsteAsanović, Dawn Song, PetrosManiatis, Prashanth Mohan, ChristoforosPapamanthou, Elaine Shi, Emil Stefanov, Nguyen Tran

  3. The Age of Big Data Plentiful, and Private

  4. Rich Applications

  5. Privacybreaches Vulnerable software (Un) Intentional Misuse Insider Attacks

  6. Ideal: Privacy Preserving Cloud Developer End User privacy policy privacy evidence App API Cloud provider

  7. Challenge #1 Untrusted applications own users’ data. Developer End User API Cloud provider

  8. Challenge #2 Novice Users

  9. PPD: Platform for Private Data Developer End User privacy policy privacy evidence App API • App private data vault sealed container PPD Cloud provider

  10. Outline of this talk • PPD: Platform for Private Data • PPD Architecture • PPD Prototype and Evaluation

  11. PPD Insights • Co-design UI and System software • User decisions are intuitive (“share doc with Bob”) • System manages untrusted apps and private data • Developer API • Per-user functionality v. Cross-user Optimizations • Privacy: Data owners’ access control policy • Apps ‘see’ data only in sealed containers

  12. PPD Applications user initiated sharing

  13. PPD Architecture: Users End-User Trusted User Interface Protected Channel ACLs Hardware with TPM PPD Cloud Provider Untrusted Storage

  14. PPD Architecture: Applications Developer End-User Trusted User Interface App Application Container • Cleartext • data PPD Cloud Provider Hardware with TPM PPD Controller and ACL Manager • Untrusted Application Untrusted Storage

  15. PPD Architecture: Storage Developers End-Users App App Trusted User Interface PPD Storage Proxy • Dedup, Caching, Replication,… Storage Container Integrity check PPD Cloud Provider Hardware with TPM PPD Controller and ACL Manager • Untrusted Application Untrusted Storage

  16. PPD Timeline #1: User attests Client User Client Cloud Server Alice TPM.send(hw id) Trusted PPD Server Attest(code) Response (result) Separation kernel onclient checked sitekey sitekey Client attested

  17. PPD Timeline #2: User launches App User Client Cloud Server Launch trusted UI Alice Authentication App Container PPD UI, Control Launch application Trusted PPD Kernel PPD UI, Control App Container App communication Trusted Kernel

  18. User and Developer Interface • User creates data • personal by default and decides who to share it with • PPD Systemprovides trusted UI to user • User conveys change of ACLs to PPD • Developers can request • Application Containers: per-user, per-data-capsule • Storage Containers: per-application, per-system

  19. Outline of this talk • PPD: Platform for Private Data • PPD Architecture • PPD Prototype and Evaluation

  20. PPD Building Blocks • Data capsules • Capsule inferred based on user actions • E.g. “tax documents”, “thanksgiving album” • System assigns ACL as private by default • Protected Containers • Linux containers (LXC), Copy-on-write FS (UnionFS). • Stops all explicit communication, except channels. • Hardware side channels, timing leaks out of scope

  21. PPD Building Blocks • Protected Channels • iptables firewall rules for LXC containers • Encryption, integrity-checking (TLS/SSL for network) • Trusted Channel from User to PPDto change ACLs • Storage Proxies • Key-value proxy: put, get, and setACL interface • File-system proxy: fuse-based layer on key-val proxy

  22. PPD Building Blocks • PPD Controller • manages containers and channels • dynamically creates containers based on user or application requests • assigns iptable rules for all containers • Remote Attestation • Intel TXT, TPM v1.2 • attest correct PPD code on untrusted machines

  23. PPD Applications • Friendshare: online storage with de-duplication (like Dropbox) • Git: repository version control server • Etherpad: online, collaborative editing (like Google Docs)

  24. PPD Prototype End Users ACL changes TLS Proxy TLS Proxy ACL Store Controller ApplicationLayer LXCContainers FriendShare EtherPad DeDup StorageLayer K/V Proxy FS Proxy TPMChip (Remote Attestation) Storage IPTables Linux Kernel Secure Block Device

  25. Writing & Porting Apps for PPD • Scripts to install and configure apps in containers • Application v. Storage containers • Friendshare • Application: Scan directories, chunk files, change ACL • Storage: De-duplication • Git, Etherpad • Application: entire functionality

  26. PPD Application Performance • Minimal effect on Friendsharethroughput Big Requests: 10KB images Small Requests: 10 filenames

  27. PPD Application Performance • Minimal effect onFriendsharelatency

  28. Current and Future Work • Applications • medical applications, business data analytics • Client-side PPD on Android • light-weight containers and channels on Nexus S • Application initiated sharing • differential privacy

  29. Related Approaches • PPD v. DIFC • PPD does not do fine-grained sharing • Constrained containers: simple, yet most benefits of fine-grained information flow tracking. • Developer API: reduce run-time exceptions • PPD v. Capabilities • Can be used to implement containers and channels • Re-write legacy applications • PPD v. Android Security • Static, Coarse-grained permissions • User does not own data

  30. Summary • PPD: New Data-Centric Cloud Platform • user controlled sharing • rich, mostly legacy applications • PPD Architecture • untrusted application and storage components • PPD Prototype and Evaluation • small performance and porting cost

  31. The PPD Team

  32. Conclusion Developer End User privacy policy privacy evidence App API PPD Cloud provider

  33. Backups

  34. PPD Evaluation: Etherpad

  35. PPD Evaluation: Git

More Related