Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Cloud computing is used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
Web Cryptography & Utilizing ARM TrustZone® based TEE for Authentication & Cryptography Ilhan Gurel September 10th & 11th, 2014.
1 Reliable Adaptive Distributed Systems Armando Fox, Michael Jordan, Randy H. Katz, David Patterson, George Necula, Ion Stoica, Doug Tygar.
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Chapter 8 Web Security.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.
Authentication Approaches over Internet Jia Li
MATT JARRELL TWYNER JONES CARTER FARMER RICK KASS Cloud Computing.
Today’s Lecture Covers < Chapter 6 - IS Security
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
An approach to on the fly activation and deactivation of virtualization-based security systems Denis Efremov Pavel Iakovenko
1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Security: The Goal Computers are as secure as real world systems, and people believe it. This is hard because: Computers can do a lot of damage fast. There.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
AUTHORS – X. NIE, D. FENG, J. CHE, X. WANG PRESENTED BY- PREOYATI KHAN KENT STATE UNIVERSITY Design and Implementation of Security Operating System based.
Wireless and Mobile Security
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Security Distributed Systems Lecture # 14. Why care about security? Authentication Use another person’s ID for sending Non-repudiation E-commerce.
CPT 123 Internet Skills Class Notes Internet Security Session B.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Fail-Stop Processors UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 739 Distributed Systems Andrea C. Arpaci-Dusseau One paper: Byzantine.
CMSC 818J: Privacy enhancing technologies Lecture 2.
Sub-fields of computer science. Sub-fields of computer science.
Trusted Computing and the Trusted Platform Module
Configuring Windows Firewall with Advanced Security
Outline What does the OS protect? Authentication for operating systems
Chapter 17 Risks, Security and Disaster Recovery
Outline What does the OS protect? Authentication for operating systems
TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh
Lecture 1: Multi-tier Architecture Overview
Chapter 27 Security Engineering
SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691
Chapter 29: Program Security
Sai Krishna Deepak Maram, CS 6410
SCONE: Secure Linux Containers Environments with Intel SGX
Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.
Shielding applications from an untrusted cloud with Haven
What is needed in the Next Generation Cloud trusted platform?
Presentation transcript:

Security and privacy in the age of software controlled surroundings Prashanth Mohan David Culler

What are your expectations of privacy and security when you are in a shared space?

Changing the way we interact

In a personalized world

A living and breathing surrounding

No more key chains or key cards

Digital Security Physical Security Data Platform (BOSS) Data Visualization Apps Data Sources Control Data Data Learning Apps How can we ensure sandboxed data analysis? How can we restrict mixing of data? How can we understand arbitrary data types? How can we ensure the reliability of control data? How can we improve the integrity of data sources?

Enforcing end-to-end user policies Mobad - How can we maximize benefit while analyzing data locally (for privacy)? Rubicon - Can we reuse existing software systems while still obtaining privacy guarantees? Gupt - How can we mine data without divulging the privacy of individuals?

Many open privacy questions Can we describe privacy in higher level constructs?? How do we make sense of the wide variety of data sources? Who has access to what data? Is the building a natural boundary for data?

Security of building networks

Static Analysis Techniques Code Instrumentation Dynamic Analysis using Input Replay

Brainstorm: Ensuring security Secure the networks! Understand the state machine of the building – “control transactions” limit bad states How can we apply the principle of least privilege for apps on BOSS? Software security at the firmware layer

Thank You Prashanth Mohan

Backup

Topics for discussion When you enter a public building, what are your privacy and security expectations? How expensive should attacks become in order to limit malicious behavior? Is privacy a lost cause? How much of these problems can be solved with appropriate regulation?

User data Processed data Research Progress Client DeviceWeb Application Multiple users’ data Learning Models Machine Learning 17 Client Data Privacy: EuroSys13, HotSec12, MobiSys10 Cloud Data Privacy: IEEESP13*, SIGMOD12

Functional Blocks Integrity Checking ACL Checking User Authentication Image source: Wikipedia 18 Template Processor Isolated Containers Easy drop-in solution for existing 3-tier programs

TLS Proxy Secure Block Device Storage TPM Chip (Remote Attestation) Linux Kernel IPTables Controller ACL Stor e ACL changes Ether Pad Friend Share Application Layer K/V Proxy FS Proxy DeDup Storage Layer End Users 19

Differential Privacy Privacy budget Randomized algorithm 20 Any measurable set Neighbors: two datasets differing in exactly one entry Function Sensitivity

Web Frontend Data Set Manager 1. Data Set 2. Data Parser 3. Privacy ↵ Budget (ε) Isolated Execution Chambers Computation Manager Untrusted Computation Comp Mgr XML RPC Layer Computation Differentially Private Answer Noise Generator 1. Computation 2. [Bounds Estimator] Auditing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.