PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading Aaron Gember, Christopher Dragga, Aditya Akella University of Wisconsin-Madison.

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

An Evaluation of the Google Chrome Extension Security Architecture

Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,

Fundamentals of Computer Security Geetika Sharma Fall 2008.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.

outline Purpose Design Implementation Market Conclusion presentation Outline.

Deploying an Application on the Cloud Chapter 4. Topics Your experience with Google App Engine and mine with Pop!World Web application Architecture Machine.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Security and Privacy-preserving Applications minus the Pain Mohit Tiwari, Andrew Osheroff, Neel Rao, Prashanth Mohan, Eric Love, Elaine Shi, C. Papamanthou,

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

Emerging Platform#4: Android Bina Ramamurthy.  Android is an Operating system.  Android is an emerging platform for mobile devices.  Initially developed.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

ObliviStore High Performance Oblivious Cloud Storage Emil StefanovElaine Shi

Securing Legacy Software SoBeNet User group meeting 25/06/2004.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Android Security Model that Provide a Base Operating System Presented: Hayder Abdulhameed.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Chapter 2 Securing Network Server and User Workstations.

0 Penn State, NSRC Industry Day, Trent Jaeger – Past Projects and Results Linux Security –Aim to Build Measurable, High Integrity Linux Systems.

Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.

Virtualization Technology and Microsoft Virtual PC 2007 YOU ARE WELCOME By : Osama Tamimi.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Module 10: Windows Firewall and Caching Fundamentals.

Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.

To provide the world with a next generation storage platform for unstructured data, enabling deployment of mobile applications, virtualization solutions,

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.

INF526: Secure Systems Administration Composition of Systems And Security Domains Prof. Clifford Neuman Lecture 3 3 June 2016 OHE100C.

Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.

Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.

CMSC 818J: Privacy enhancing technologies Lecture 2.

ArcGIS for Server Security: Advanced

Containers as a Service with Docker to Extend an Open Platform

University of Maryland College Park

Understanding Android Security

Boxify: Full-fledged App Sandboxing for Stock Android

Outline What does the OS protect? Authentication for operating systems

Introduction to Networking

Outline What does the OS protect? Authentication for operating systems

NTC 324 RANK Education for Service-- ntc324rank.com.

Modern Systems: Security

SECURITY IN THE LINUX OPERATING SYSTEM

Sai Krishna Deepak Maram, CS 6410

SCONE: Secure Linux Containers Environments with Intel SGX

Understanding Android Security

Emerging Platform#3 Android & Programming an App

Presentation transcript:

PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil Stefanov, Nguyen Tran UC Berkeley Intel*

The Age of Big Data Plentiful, and Private

Rich Applications Time Richness

Vulnerable software (Un) Intentional Misuse Insider Attacks Need Data Protection as a Service

Ideal: Privacy Preserving Cloud End User Developer privacy evidence privacy policy API App Cloud provider

Ideal: Platform for Private Data Data protection as a service Users – control access to their data – access third-party applications Developers – save resources, need not be security experts – access personal data hitherto unavailable

Challenge #1 Untrusted applications own users’ data. End User Developer API Cloud provider

Challenge #2 Novice Users

PPD: Platform for Private Data End User Developer privacy evidence intuitive privacy policy API App PPD Cloud provider App + Guest OS private data vault sealed container

Outline of this talk PPD: Platform for Private Data PPD Architecture PPD Prototype and Evaluation

PPD Applications user initiated sharing

End-User Hardware with TPM PPD Cloud Provider Untrusted Storage Trusted User Interface Protected Channel ACLs idorw A.taxAAA PPD Architecture: Users

Application Container App Untrusted Application End-User Developer Hardware with TPM PPD Cloud Provider PPD Controller and ACL Manager Cleartext data Untrusted Storage Trusted User Interface PPD Architecture: Applications uni-directional per-capsule: RW per-user: R all, W flagged

App Untrusted Application End-Users Developers Hardware with TPM PPD Cloud Provider PPD Controller and ACL Manager Dedup, Caching, Replication,… PPD Storage Proxy App Storage Container Integrity check Untrusted Storage Trusted User Interface PPD Architecture: Storage

PPD Timeline #1: User attests Client User Client Cloud Server TPM.send(hw id) Attest(code) Trusted PPD Server Response (result) Separation kernel on client checked sitekey Client attested Alice

PPD Timeline #2: User launches App User Client Cloud Server Alice Launch trusted UI Authentication Trusted PPD Kernel PPD UI, Control App + Guest OS Launch application Trusted PPD Kernel PPD UI, Control App + Guest OS App communication

User and Developer Interface User creates data capsules – personal by default and decides who to share it with – does not specify a lattice of security labels PPD System provides trusted UI to user – User conveys change of ACLs to PPD Developers can request – Application Containers: per-user, per-data-capsule – Storage Containers: per-application, per-system

Outline of this talk PPD: Platform for Private Data PPD Architecture PPD Prototype and Evaluation

PPD Building Blocks Data capsules – E.g. “tax documents”, “thanksgiving ” – System assigns ACL as private by default Protected Containers – Linux containers (LXC), Copy-on-write FS (UnionFS). – Stops all explicit communication, except channels. – Hardware side channels, timing leaks out of scope

PPD Building Blocks Protected Channels – iptables firewall rules for LXC containers – Encryption, integrity-checking (TLS/SSL for network) – Trusted Channel from User to PPD to change ACLs Storage Proxies – Key-value proxy: put, get, and setACL interface – File-system proxy: fuse-based layer on key-val proxy

PPD Building Blocks PPD Controller – manages containers and channels – dynamically creates containers based on user or application requests – assigns iptables rules for all containers Remote Attestation – Intel TXT, TPM v1.2 – attest correct PPD code on untrusted machines

PPD Applications Friendshare: online storage with de- duplication (like Dropbox) Git: repository version control server Etherpad: online, collaborative editing (like Google Docs)

PPD Prototype TLS Proxy Ether Pad Controller ACL Store K/V ProxyFS Proxy DeDup Secure Block Device Storage Friend Share TPM Chip (Remote Attestation) LXC Containers ACL changes Linux Kernel IPTables Application Layer Storage Layer End Users

Eval: Porting Apps for PPD Scripts to install and configure apps in containers Application v. Storage containers – Friendshare Application: Scan directories, chunk files, change ACL Storage: De-duplication – Git, Etherpad Application: entire functionality

Eval: PPD Application Performance Minimal effect on Friendshare throughput Small Requests: 10 filenames Big Requests: 10KB images

PPD Application Performance Minimal effect on Friendshare latency

Summary PPD: New Data-Centric Cloud Platform – user controlled sharing – rich, mostly legacy applications PPD Architecture – untrusted application and storage components PPD Prototype and Evaluation – small performance and porting cost

The PPD Team

Current and Future Work Applications – medical applications, business data analytics Client-side PPD on Android – light-weight containers and channels on Nexus S Application initiated sharing – differential privacy

Related Approaches DIFC – PPD does not do fine-grained information flow tracking – Constrained containers + Dev API = simple system Capabilities – Can be used to implement containers and channels – Re-write legacy applications Android Security – Static, Coarse-grained permissions – User does not own data

Conclusion End User Developer privacy evidence privacy policy API App PPD Cloud provider

Backups

PPD Insights Co-design UI and System software – User decisions are intuitive (“share doc with Bob”) – System manages untrusted apps and private data Developer API – Per-user functionality v. Cross-user Optimizations Privacy: Data owners’ access control policy – Apps ‘see’ data only in sealed containers

Summary

PPD Evaluation: Etherpad

PPD Evaluation: Git

PPD: Platform for Private Data PPD is a data-centric cloud platform – rich, untrusted applications – strong privacy guarantees for end user PPD will spark innovation – through apps from small developers – making more private data available

PPD Design Simplest: User + PPD – Data capsules + ACL: (UI) Next: User + Application (front-end) + PPD – Per-user, Sharing Next: + Backend Storage – Rich optimizations, integrity checked