Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shanghai Jiao Tong University

Published byRaúl Iglesias Salas Modified over 6 years ago

Similar presentations

Presentation on theme: "Shanghai Jiao Tong University"— Presentation transcript:

1 Shanghai Jiao Tong University
JOAN: shepherd application privacy with virtualized special purpose memory Mingyuan Xia, Miao Yu, Zhengwei Qi, Haibing Guan Shanghai Jiao Tong University Get a card for brief Motivation Networked applications are ubiquitous in home, enterprise, commercial and government. The privacy of networked applications faces risks from its own robustness, operating system that runs beneath them and peers that they exchange sensitive data with. The expanded TCB suggests that they will not achieve adequate privacy assurance. Background Existing virtualization-based security systems do not address the problem of program vulnerability or confine the programming flexibility of sensitive code. To fully employ the strong isolation of virtualization to protect program data secrecy, user should be able to assign programming friendly protection policy to configurable TCB. Design We propose a virtualization-based system JOAN, which utilizes memory virtualization to expose two privacy aware memory primitives (see the architecture depicted in the figure on the right). On high level, the sealed memory ensures the sensitive code integrity and reduces the TCB size, while the exchange memory protects the integrity and privacy of sensitive data. With both virtualized memories, privacy-critical applications can maintain small TCB size and achieve flexible data exchange semantics. Contribution We reduce the TCB to include only user-selected sensitive code and the hypervisor, which is a few order of magnitude smaller than operating system components. We exploit memory virtualization to provide privacy aware memory primitives. Privacy-critical application can exploit these programming friendly memory primitives to fully integrate with our system while enjoy flexible and secure sensitive data exchange. We deploy our system in off-shelf hardware environment and enhance the privacy of various practical networked applications. (see below) JOAN architecture: The grey part is the TCB. We enforce two kinds of virtualized special memory: Sealed memory: content visible only to sensitive code, used to store sensitive code pages. Exchange memory: present encrypted view to untrusted code, allow verbatim copy but no modification. Used to exchange sensitive data. Case 1: DNS Case 2: BT Case 3: FTP Legacy DNS services are distributed with plain text UDP packet. JOAN-aware version bridge a secure and private channel and circumvent potential request trace with exchange memory. JOAN-aware tracker protects peer lists from being exposed to privacy-unaware clients. So privacy-aware will not risk sharing files with peers that may disclose privacy information. FTP software stands for bandwidth-sensitive application. Legacy FTP software transmits plain text file content over network without privacy consideration. JOAN-aware FTP client uses exchange memory as transmission buffer to interchange encrypted data stream securely. JOAN FTP vs FTP variations JOAN FTP throughput speed vs different exchange memory size

Download ppt "Shanghai Jiao Tong University"

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Distributed Data Processing

Distributed Data Processing
Trusted System Elements and Examples CS461/ECE422 Fall 2011.

Trusted System Elements and Examples CS461/ECE422 Fall 2011.
The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]

The Enterprise Guide to Video Conferencing Created using iThoughts [...] [...]
Operating System Security

Operating System Security
Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.

Extensibility, Safety and Performance in the SPIN Operating System Presented by Allen Kerr.
4 1 4 C H A P T E R Software: Systems and Application Software.

4 1 4 C H A P T E R Software: Systems and Application Software.
E-business Infrastructure

E-business Infrastructure
VIA and Its Extension To TCP/IP Network Yingping Lu Based on Paper “Queue Pair IP, …” by Philip Buonadonna.

VIA and Its Extension To TCP/IP Network Yingping Lu Based on Paper “Queue Pair IP, …” by Philip Buonadonna.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
Addressing Information Security at Heller October 16, 2013 secureHeller.

Addressing Information Security at Heller October 16, 2013 secureHeller.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.

Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Measuring zSeries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Sponsored in part by Deer &

Measuring zSeries System Performance Dr. Chu J. Jong School of Information Technology Illinois State University 06/11/2012 Sponsored in part by Deer &
IP Ports and Protocols used by H.323 Devices Liane Tarouco.

IP Ports and Protocols used by H.323 Devices Liane Tarouco.

Similar presentations

Ads by Google