CMSC 818J: Privacy enhancing technologies Lecture 2.

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Internet of Things Security Architecture

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Security and Policy Enforcement Mark Gibson Dave Northey

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

SaaS, PaaS & TaaS By: Raza Usmani

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.

Norman SecureSurf Protect your users when surfing the Internet.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Cloud Computing Cloud Security– an overview Keke Chen.

Introduction to Cloud Computing

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

1 NETE4631 Using Google Web Services and Using Microsoft Cloud Services Lecture Notes #7.

SODA Archiving October 2013

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

Presented by: Sanketh Beerabbi University of Central Florida.

How to Integrate Security Tools to Defend Data Assets Robert Lara Senior Enterprise Solutions Consultant, GTSI.

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Chapter 2 Securing Network Server and User Workstations.

Internet2 AdvCollab Apps 1 Access Grid Vision To create virtual spaces where distributed people can work together. Challenges:

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

1 NETE4631 Using Google Web Services Lecture Notes #6.

What is Cloud Computing 1. Cloud computing is a service that helps you to perform the tasks over the Internet. The users can access resources as they.

Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.

Best-in-class enterprise backup for the mobile enterprise Prepared for [Insert customer name] [Date}

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Clouding with Microsoft Azure

Security Issues in Information Technology

BUILD SECURE PRODUCTS AND SERVICES

Threat Modeling for Cloud Computing

Hardware-rooted Trust for Secure Key Management & Transient Trust

By: Raza Usmani SaaS, PaaS & TaaS By: Raza Usmani

Cloud Security– an overview Keke Chen

Cloud computing-The Future Technologies

StratusLab Final Periodic Review

StratusLab Final Periodic Review

Computer Data Security & Privacy

Trusted Computing and the Trusted Platform Module

Outline What does the OS protect? Authentication for operating systems

Outline What does the OS protect? Authentication for operating systems

Cloud Computing and its Implementation

Cloud Security 李芮，蒋希坤，崔男 2018年4月.

Chapter 27 Security Engineering

SCONE: Secure Linux Containers Environments with Intel SGX

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

Shielding applications from an untrusted cloud with Haven

Erica Burch Jesse Forrest

Stefano Tempesta Secure Machine Learning with SQL Server Always Encrypted with Secure Enclaves.

Cloud Computing for Wireless Networks

Presentation transcript:

CMSC 818J: Privacy enhancing technologies Lecture 2

Logistics Piazza? Short presentations sign-up

Users Devices/ Client-side software Network Application Cloud platform (provides computation and storage) [Recap] Privacy: End-to-End Solution

This Week Software architectures that offer data protection from the ground up  For cloud services  On client devices A more in-depth overview for the rest of the semester  Today: the vision, the glue, and the challenges  Rest of semester: components

[Recap] Cloud computing Cloud computing – storage and computation move into the cloud

[Recap] Paradigm Shift TodayFuture

Storage provider Computation provider Applications User Cloud Model 7

Trust Model Applications can be buggy, compromised, or malicious Cloud platform may be buggy, compromised or malicious  including computation and storage provider Cloud operators can be nosey or malicious

How can we secure our data in the cloud?

Why is the problem hard? Solution 1: Encrypt data stored in cloud  How does the cloud compute over your data?  Fully homomorphic encryption?  Data mining over multiple users’ data?  Spam detection, advertising  Economics  Tension between privacy and utility

Usability, functionality, performance User Application provider Platform provider Easy app development, $$ Stake holders

Storage provider Computation provider Applications User Cloud Model 12

User Key Challenges How can we protect our data against compromised applications? How can we protect our data against a compromised computation provider? How can we protect our data against a compromised storage provider? 13

Roadmap Step 1: Assume cloud platform is trusted, how can we secure against untrusted applications?  Application confinement  Information flow control/access control  Cloud platform is root of trust Step 2: How to secure against an untrusted cloud platform?  Trusted computing and code attestation  Secure software systems  Secure storage

Roadmap Step 1: Assume cloud platform is trusted, how can we secure against untrusted applications?  Application confinement  Information flow control/access control  Cloud platform is root of trust Step 2: How to secure against an untrusted cloud platform?  Trusted computing and code attestation  Secure software systems  Secure storage

Untrusted Applications: The Threats Tax filing app Trusted computation/storage provider Untrusted 3 rd -party application User

Untrusted Applications: The Threats Tax filing app Trusted computation/storage provider Untrusted 3 rd -party application User

Application confinement Tax filing app Trusted computation/storage provider User

Application confinement Tax filing app Trusted computation/storage provider User

Medical advisory app Medical advisory app Trusted computation/storage provider User Share data with my doctor Access and information flow control

Google docs Google docs Trusted computation/storage provider User Share data with my friend

Access and information flow control Application Trusted computation/storage provider Finance User Photos Work Medical Readers: [Alice][Alice, Bob][Alice, Charles] [Alice, David]

Pros, cons, and challenges

Scalability, scalability, scalability!  Usability  Economics Applicability  What about data mining applications?  What about applications and services that call each other (e.g., google maps API) Pros, cons, and challenges

Two Types of Applications Bob’s financial documents Bob …. David Charlie Bob Alice Recommendations Traffic advice Type 2: Data intelligence 25 Type 1: Silo-based applications

Alice …… Bob Location Database I want information about Batman’s whereabouts Mean, std Classification Clustering Threats for statistical releases Data mining

Is releasing aggregate statistics safe? Amazon People who bought also bought

Platform for Private Data (PPD) Defense: differential privacy, data sanitization … Charlie Bob Alice Recommendations Traffic advice Sealed container

Roadmap Step 1: Assume cloud platform is trusted, how can we secure against untrusted applications?  Application confinement  Information flow control/access control  Cloud platform is root of trust Step 2: How to secure against an untrusted cloud platform?  Trusted computing and code attestation  Secure software systems  Secure storage

How can you trust a remote system? Trusted Platform Module (TPM)

Code attestation Verifier What code are you running? Here’s a digest of my code. Trusted Platform Module (TPM)

Bootstrapping Trust Through Trusted Hardware Trusted Platform Module (TPM) Cloud Server Monitor, enforce! Untrusted components Privacy policy 32 Privacy evidence

Securing storage Confidentiality  Encryption Integrity checking  Authenticated data structures Hiding access patterns  Oblivious storage

Support for untrusted storage backend modules Integrity check File system, DB Key/value store

Sealed container Privacy evidence TPM Putting it All Together: Platform for Private Data 35 Privacy policy Monitor Enforce Usable API App developer User

Apps Privacy evidence Data sanitization … Secure data capsules Information flow control Isolation Audit engine

BStore BStore authors’ slides

BStore discussions: pros, cons, challenges?

Pros:  Users can choose storage provider  Centralizes access control  Centralizes storage security  Lowers bar of entry for small vendors? Cons, challenges:  Does not support cross-user sharing  Does not defend against untrusted apps  Should users trust apps to delegate access rights?  Incremental deployment? BStore discussions: pros, cons, challenges?