Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion.

Published byVeronica Perry Modified over 9 years ago

Similar presentations

Presentation on theme: "Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion."— Presentation transcript:

1 Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion Stoica, Vern Paxson, Emil, Elaine Shi, Petros, David Evans

2 TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious hardware Cryptographic secure computation Data-centric security Secure browser appliance Secure servers WEB-BASED ARCHITECTURES e.g., Enforce properties on a malicious OS e.g., Prevent data exfiltration e.g., Enable complex distributed systems, with resilience to hostile OS’s

3 Outline Data-centric security: protecting the data directly instead of network or host-based protection Three examples – Cloud-terminal: providing trusted input/output – Platform for private data – Secure web applications: GuardRails

4 The Cloud Terminal Architecture for End-to-End Secure Applications Dawn Song with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion Stoica, Vern Paxson

5 Motivation Sample application: online banking Quickly switch your PC to a secure operation mode Application provides a normal-looking graphical interface But, information security does not depend on your primary OS or any of its software Application environment is known clean Secure even if commodity OS is compromised by malware

6 Strawman Approach: one VM per app Possible approach: one VM per secure app Pro: strong isolation Cons: Heavy weight Management overhead Multiple general-pupose VMs on one machine require complex hardware virtualization (e.g., Xen) Must be careful to keep secure VMs clean (e.g., roll back virtual disk after session) How can the bank know you're using a secure VM? Want to achieve similar isolation, but Much lighter weight on client side Centralize the application logic and administration Enable a new security abstraction

7 Cloud Terminal Architecture General- purpose OS Secure thin terminal Lightweight hypervisor Trusted Computing Hardware Cloud Rendering Engine Application Virtual desktop server VM Encrypted tunnel

8 Secure Thin Terminal Coexists with a general-purpose commodity OS But completely stand-alone and isolated: when it runs, the untrusted OS is suspended Display output: Reads encrypted bitmaps from the network, and decrypts and displays them Inputs Reads keyboard and mouse events, encrypts and sends them on the network Lightweight hypervisor enforces isolation Trusted boot using a TPM allows remote attestation, proving the STT is running unmodified on the bare hardware

9 Cloud Rendering Engine Move application logic to centralized servers for ease of administration and protection Each user session has its own VM with chosen application Virtual desktop server (e.g., VNC) plus encrypting proxy Performance optimization VMs can share disk and memory copy-on-write to minimize resource usage Applications Standalone Browser applications

10 Initial Prototype

11 Results from Initial Prototype Secure Thin Terminal: only a few KLOC VNC client and drivers for input, graphics, and network Interactive latency (e.g., keystroke echo) low, even with a cloud server in another state Scalability for cloud rendering engine: A single commodity server can support more than 100 simultaneous rendering VMs

12 Outline Data-centric security: protecting the data directly instead of network or host-based protection Three examples – Cloud-terminal: providing trusted input/output – Platform for private data – Secure web applications: GuardRails

13 Motivating Applications

14 Protecting users’ data is an intricate issue! Apps selling your data Inadvertent disclosure – AOL search log scandal – Netflix contest Malware and software compromise – RockYou password leakage Insider attack – Google incident

15 Platform for Private Data Provide desired services in the cloud while ensuring security and privacy of customers’ data Provide privacy & trust evidence – Customer does not just rely on trust on service provider Provide trustworthy audit trails – For forensics, provenance, accountability, dispute General architecture for broad applicability Practical performance & usability

16 Platform for private data and privacy evidence Platform for Private Data Application: Financial advisor Privacy evidence Application: Drug side effect tracker API

17 Architecture Secure data capsule – Data encrypted at rest – Security policy attached to data Trusted computing hardware provides root of trust Secure execution environment – Data capsule only decrypted in secure execution environment – Only authorized code can access and operate on data New programming model for privacy-aware applications Support for legacy applications – Program analysis and information flow Advanced engines for database queries and privacy- preserving data analytics Secure auditing

18 Application TPM & Processor isolation Platform for Private Data (TCB) Platform for Private Data (TCB) Privacy evidence Diff. Priv. Engine Diff. Priv. Engine Application Operations on sensitive data Info flow tracking … Secure data capsules Query Engine Query Engine Policy Engine Policy Engine Audit Engine Audit Engine Secure Execution Environment

19 Outline Data-centric security: protecting the data directly instead of network or host-based protection Three examples – Cloud-terminal: providing trusted input/output – Platform for private data – Secure web applications: guardrails

20 20 Ruby on Rails Code Policy Annotations Secure Web Application Attach Policies to Data Little developer effort Improved readability and analyzability Automatically enforce policies throughout application Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, David Evans. GuardRails: A Data-Centric Web Application Security Framework. To appear in USENIX WebApps 2011. OWASP AppSec DC

21 Example Policies 21 AnnotationMeaning @delete, :admin, :to login Only administrators can delete this object @edit, pswrd, self.id == user.id, :to login Only the user may change that user’s password @create, User, log_create; true Whenever a User object is created, write to log Policies are attached to classes or individual fields. Can perform arbitrary checking and actions based on read, edit, append, create, destroy events.

22 Conclusion Data-centric security: protecting the data directly instead of network or host-based protection Three examples – Cloud-terminal: providing trusted input/output – Platform for private data – Secure web applications: GuardRails

23 Thank you! dawnsong@cs.berkeley.edu

Download ppt "Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion."

Similar presentations

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.

1 Hardware Support for Isolation Krste Asanovic U.C. Berkeley MURI “DHOSA” Site Visit April 28, 2011.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.

PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.

Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Web Services, SOA and Security May 11, 2009 Michael Burnett.

Web Services, SOA and Security May 11, 2009 Michael Burnett.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.

1 How Low Can You Go? Recommendations for Hardware- Supported Minimal TCB Code Execution Bryan Parno Arvind Seshadri Adrian Perrig Carnegie Mellon University.
TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.
TrustVisor: Efficient TCB Reduction and Attestation Jonathan M

TrustVisor: Efficient TCB Reduction and Attestation Jonathan M
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
.NET Mobile Application Development Introduction to Mobile and Distributed Applications.

.NET Mobile Application Development Introduction to Mobile and Distributed Applications.
Cloud Usability Framework

Cloud Usability Framework
Virtualization for Cloud Computing

Virtualization for Cloud Computing
VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.

VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.
Client/Server Architectures

Client/Server Architectures
©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.

©2012 Check Point Software Technologies Ltd. Cloud Security Tamir Zegman Architect.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Similar presentations

Ads by Google