Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 818J: Privacy enhancing technologies Lecture 2.

Published byDarrell Butler Modified over 8 years ago

Similar presentations

Presentation on theme: "CMSC 818J: Privacy enhancing technologies Lecture 2."— Presentation transcript:

1 CMSC 818J: Privacy enhancing technologies Lecture 2

2 Logistics Piazza? Short presentations sign-up

3 Users Devices/ Client-side software Network Application Cloud platform (provides computation and storage) [Recap] Privacy: End-to-End Solution

4 This Week Software architectures that offer data protection from the ground up  For cloud services  On client devices A more in-depth overview for the rest of the semester  Today: the vision, the glue, and the challenges  Rest of semester: components

5 [Recap] Cloud computing Cloud computing – storage and computation move into the cloud

6 [Recap] Paradigm Shift TodayFuture

7 Storage provider Computation provider Applications User Cloud Model 7

8 Trust Model Applications can be buggy, compromised, or malicious Cloud platform may be buggy, compromised or malicious  including computation and storage provider Cloud operators can be nosey or malicious

9 How can we secure our data in the cloud?

10 Why is the problem hard? Solution 1: Encrypt data stored in cloud  How does the cloud compute over your data?  Fully homomorphic encryption?  Data mining over multiple users’ data?  Spam detection, advertising  Economics  Tension between privacy and utility

11 Usability, functionality, performance User Application provider Platform provider Easy app development, $$ Stake holders

12 Storage provider Computation provider Applications User Cloud Model 12

13 User Key Challenges How can we protect our data against compromised applications? How can we protect our data against a compromised computation provider? How can we protect our data against a compromised storage provider? 13

14 Roadmap Step 1: Assume cloud platform is trusted, how can we secure against untrusted applications?  Application confinement  Information flow control/access control  Cloud platform is root of trust Step 2: How to secure against an untrusted cloud platform?  Trusted computing and code attestation  Secure software systems  Secure storage

15 Roadmap Step 1: Assume cloud platform is trusted, how can we secure against untrusted applications?  Application confinement  Information flow control/access control  Cloud platform is root of trust Step 2: How to secure against an untrusted cloud platform?  Trusted computing and code attestation  Secure software systems  Secure storage

16 Untrusted Applications: The Threats Tax filing app Trusted computation/storage provider Untrusted 3 rd -party application User

17 Untrusted Applications: The Threats Tax filing app Trusted computation/storage provider Untrusted 3 rd -party application User

18 Application confinement Tax filing app Trusted computation/storage provider User

19 Application confinement Tax filing app Trusted computation/storage provider User

20 Medical advisory app Medical advisory app Trusted computation/storage provider User Share data with my doctor Access and information flow control

21 Google docs Google docs Trusted computation/storage provider User Share data with my friend

22 Access and information flow control Application Trusted computation/storage provider Finance User Photos Work Medical Readers: [Alice][Alice, Bob][Alice, Charles] [Alice, David]

23 Pros, cons, and challenges

24 Scalability, scalability, scalability!  Usability  Economics Applicability  What about data mining applications?  What about applications and services that call each other (e.g., google maps API) Pros, cons, and challenges

25 Two Types of Applications Bob’s financial documents Bob …. David Charlie Bob Alice Recommendations Traffic advice Type 2: Data intelligence 25 Type 1: Silo-based applications

26 Alice …… Bob Location Database I want information about Batman’s whereabouts Mean, std Classification Clustering Threats for statistical releases Data mining

27 Is releasing aggregate statistics safe? Amazon People who bought also bought

28 Platform for Private Data (PPD) Defense: differential privacy, data sanitization … Charlie Bob Alice Recommendations Traffic advice Sealed container

29 Roadmap Step 1: Assume cloud platform is trusted, how can we secure against untrusted applications?  Application confinement  Information flow control/access control  Cloud platform is root of trust Step 2: How to secure against an untrusted cloud platform?  Trusted computing and code attestation  Secure software systems  Secure storage

30 How can you trust a remote system? Trusted Platform Module (TPM)

31 Code attestation Verifier What code are you running? Here’s a digest of my code. Trusted Platform Module (TPM)

32 Bootstrapping Trust Through Trusted Hardware Trusted Platform Module (TPM) Cloud Server Monitor, enforce! Untrusted components Privacy policy 32 Privacy evidence

33 Securing storage Confidentiality  Encryption Integrity checking  Authenticated data structures Hiding access patterns  Oblivious storage

34 Support for untrusted storage backend modules Integrity check File system, DB Key/value store

35 Sealed container Privacy evidence TPM Putting it All Together: Platform for Private Data 35 Privacy policy Monitor Enforce Usable API App developer User

36 Apps Privacy evidence Data sanitization … Secure data capsules Information flow control Isolation Audit engine

37 BStore BStore authors’ slides

38 BStore discussions: pros, cons, challenges?

39 Pros:  Users can choose storage provider  Centralizes access control  Centralizes storage security  Lowers bar of entry for small vendors? Cons, challenges:  Does not support cross-user sharing  Does not defend against untrusted apps  Should users trust apps to delegate access rights?  Incremental deployment? BStore discussions: pros, cons, challenges?

Download ppt "CMSC 818J: Privacy enhancing technologies Lecture 2."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Internet of Things Security Architecture

Internet of Things Security Architecture
NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 3 02/14/2010 Security and Privacy in Cloud Computing.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.

PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2010 Lecture 5 03/08/2010 Security and Privacy in Cloud Computing.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
SaaS, PaaS & TaaS By: Raza Usmani

SaaS, PaaS & TaaS By: Raza Usmani
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.

N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.

Addition to Networking.  There is no unique and standard definition out there  Cloud Computing is a general term used to describe a new class of network.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Similar presentations

Ads by Google