Bunker: A Tamper Resistant Platform for Network Tracing Stefan Saroiu University of Toronto.

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Operating System Security
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
Database Administration and Security Transparencies 1.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
ITrustPage: Pretty Good Phishing Protection Stefan Saroiu, Troy Ronda, and Alec Wolman University of Toronto and Microsoft Research.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 An Overview of Computer Security computer security.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Towards Eradicating Phishing Attacks Stefan Saroiu University of Toronto.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Business Intelligence: Data and Text Management Instructor: Bajuna Salehe Web:
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
Stack Management Each process/thread has two stacks  Kernel stack  User stack Stack pointer changes when exiting/entering the kernel Q: Why is this necessary?
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Architecting secure software systems
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Anderson School of Management University of New Mexico.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Protecting Users’ Privacy when Tracing Network Traffic Stefan Saroiu and Troy Ronda University of Toronto.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Information Security What is Information Security?
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Bart Miller – October 22 nd,  TCB & Threat Model  Xen Platform  Xoar Architecture Overview  Xoar Components  Design Goals  Results  Security.
1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.
Chap1: Is there a Security Problem in Computing?.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
Security Vulnerabilities in A Virtual Environment
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
InternetInternet ISYS 1050 K. Steere. What is the Internet? A collection of local, regional, national, and international computer networks that are linked.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Role Of Network IDS in Network Perimeter Defense.
APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.
SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.
Secure Offloading of Legacy IDSes Using Remote VM Introspection in Semi-trusted IaaS Clouds Kenichi Kourai Kazuki Juda Kyushu Institute of Technology.
Security of Digital Signatures
iTrustPage: Pretty Good Phishing Protection
Privacy Through Anonymous Connection and Browsing
How to Mitigate the Consequences What are the Countermeasures?
Database Security &Threats
Presentation transcript:

Bunker: A Tamper Resistant Platform for Network Tracing Stefan Saroiu University of Toronto

Motivation Today’s tracing help build tomorrow’s systems ISPs view raw network traces as a liability Traces can compromise user privacy Protecting users’ privacy increasingly important Trace anonymization mitigates these issues

Offline Anonymization Trace anonymized after raw data is collected Privacy risk until raw data is deleted Today’s traces require deep packet inspection Headers insufficient to understand phishing or P2P Payload traces pose a serious privacy risk Risk to user privacy is too high Two universities rejected offline anonymization

Offline’s Privacy Vulnerabilities Two types of attacks: 1. Traditional: Network intrusion attacks 2. New: Raw data can be subpoenaed Both universities required that subpoenas would not affect privacy

Online Anonymization Trace anonymized while tracing Raw data resides in RAM only Difficult to meet performance demands Extraction and anonymization must be done at line speeds Code is frequently buggy and difficult to maintain Low-level languages (e.g. C) + “Home-made” parsers Small bugs cause large amounts of data loss Introduces consistent bias against long-lived flows

Simple Tasks can be Very Slow Regular expression for phishing: " ((password)|(<form)|(<input)|(PIN)|(username)|(<script)| (user id)|(sign in)|(log in)|(login)|(signin)|(log on)| (sign on)|(signon)|(passcode)|(logon)|(account)|(activate)|(verify)| (payment)|(personal)|(address)|(card)|(credit)|(error)|(terminated)| (suspend))[^A-Za-z]” libpcre: 5.5 s for 30 M = 44 Mbps max

Online Anonymization Trace anonymized while tracing Raw data resides in RAM only Difficult to meet performance demands Extraction and anonymization must be done at line speeds Code is frequently buggy and difficult to maintain Low-level languages (e.g. C) + “Home-made” parsers Small bugs cause large amounts of data loss Introduces consistent bias against long-lived flows

Our solution: Bunker Combines best of both worlds Same privacy benefits as online anonymization Same engineering benefits as offline anonymization Pre-load analysis and anonymization code Lock-it and throw away the key (tamper-resistance)

Threat Model Accidental disclosure: Risk is substantial whenever humans are handling data Subpoenas: Attacker has physical access to tracing system Subpoenas force researcher and ISPs to cooperate As long as cooperation is not “unduly burdensome” Implication: Nobody can have access to raw data

Is Developing Bunker Legal?

It Depends on Intent of Use Developing Bunker is like developing encryption Must consider purpose and uses of Bunker Developing Bunker for user privacy is legal Misuse of Bunker to bypass law is illegal

Outline Motivation Design of our platform System evaluation Case study: Phishing Conclusions

Logical Design capture Anon. Key Online Offline assemble parse anonymize One-Way Interface (anon. data) Capture Hardware

capture Anon. Key Online Offline Capture Hardware Closed-box VM assemble parse anonymize Hypervisor encrypt decrypt Enc. Key Encrypted Raw Data One-Way Socket VM-based Implementation Open-box NIC

Open-box VM save trace logging maintenance capture Anon. Key Online Offline Capture Hardware Closed-box VM assemble parse anonymize Hypervisor encrypt decrypt Enc. Key Encrypted Raw Data One-Way Socket VM-based Implementation

Benefits Strong privacy properties Raw trace and other sensitive data cannot be leaked Trace processing done offline Can use your favorite language! Parsing can be done with off-the-shelf components

Key Technologies “Closed-box” VM protects sensitive data Contains all raw trace data & processing code No interactive access to closed-box (e.g. no console) Encryption protects on-disk data Randomly generated key held in volatile memory Data cannot be decrypted upon reboot “Safe-on-reboot” VM mitigates hardware attacks

Outline Motivation Design of our tool System evaluation Case study: Phishing Conclusions

Software Engineering Benefits One order of magnitude btw. online and offline Development time: Bunker - 2 months, UW/Toronto - years

Work Deferral Don’t do now what you can do later

Error Recovery Small bugs lead to small errors in the trace -- not huge gaps

Outline Motivation Design of our tool System evaluation Case study: Phishing Conclusions

Phishing is Bad Costs U.S. economy hundreds of millions Affects 1+ million U.S. Internet users mid 2006: # of phishing sites grew 10x Banks claim phishing is #1 source of fraud Phishing messages now personalized Harder to filter

Two Day Hotmail Trace Tues Jan 29/08 11:15am - Thurs Jan 31 11:23am, University of Toronto at Mississauga Hotmail Users3,062 # of s Received13,438 # of From Addresses7,422 # of To Addresses25,456 Median # of Words in Body130

Questions How often are URLs present in s? How often do people click on links in s? Do people verify an for legitimacy before clicking on a link?

Links in

Conclusions Today’s tracing experiments need to look “deep” into network activity IP-level trace vs. and browse history Serious privacy concerns Physical security isn’t enough: subpoenas Bunker provides the safety of online anonymization the simplicity of offline anonymization

Acknowledgments Andrew Miklas (U. of Toronto) Alec Wolman (Microsoft Research) Angela Demke Brown (U. of Toronto)

Questions?

Design Open-box VM XEN Hypervisor (DomainU) Untrusted Software Online Software Closed-box VM (Domain0) Anon. Key Enc. Key Capture NIC Encrypted Raw Trace Open NIC One-Way Interface Offline Software

Phishy Mail Leaks through Filters

capture Anon. Key Online Offline Anonymized Trace Capture Hardware assemble parse anonymize

Commodity VM save trace logging maintenance capture Anon. Key Online Offline Anonymized Trace Capture Hardware Inaccessible VM assemble parse anonymize Hypervisor One-Way Socket

Commodity VM save trace logging maintenance capture Anon. Key Online Offline Anonymized Trace Capture Hardware Inaccessible VM assemble parse anonymize Hypervisor encrypt decrypt Enc. Key Encrypted Raw Trace One-Way Socket

Overall Privacy Goal Goal: Ensure that user’s privacy is “no worse off” when a trace is in progress Time Tracing Starts Tamper Attack Data Protected Data Exposed

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.