Presentation is loading. Please wait.

Presentation is loading. Please wait.

PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil.

Published byEmma Hubbard Modified over 9 years ago

Similar presentations

Presentation on theme: "PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil."— Presentation transcript:

1 PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil Stefanov, Nguyen Tran UC Berkeley Intel*

2 The Age of Big Data Plentiful, and Private

3 Rich Applications Time Richness

4 Vulnerable software (Un) Intentional Misuse Insider Attacks Need Data Protection as a Service

5 Ideal: Privacy Preserving Cloud End User Developer privacy evidence privacy policy API App Cloud provider

6 Ideal: Platform for Private Data Data protection as a service Users – control access to their data – access third-party applications Developers – save resources, need not be security experts – access personal data hitherto unavailable

7 Challenge #1 Untrusted applications own users’ data. End User Developer API Cloud provider

8 Challenge #2 Novice Users

9 PPD: Platform for Private Data End User Developer privacy evidence intuitive privacy policy API App PPD Cloud provider App + Guest OS private data vault sealed container

10 Outline of this talk PPD: Platform for Private Data PPD Architecture PPD Prototype and Evaluation

11 PPD Applications user initiated sharing

12 End-User Hardware with TPM PPD Cloud Provider Untrusted Storage Trusted User Interface Protected Channel ACLs idorw A.taxAAA PPD Architecture: Users

13 Application Container App Untrusted Application End-User Developer Hardware with TPM PPD Cloud Provider PPD Controller and ACL Manager Cleartext data Untrusted Storage Trusted User Interface PPD Architecture: Applications uni-directional per-capsule: RW per-user: R all, W flagged

14 App Untrusted Application End-Users Developers Hardware with TPM PPD Cloud Provider PPD Controller and ACL Manager Dedup, Caching, Replication,… PPD Storage Proxy App Storage Container Integrity check Untrusted Storage Trusted User Interface PPD Architecture: Storage

15 PPD Timeline #1: User attests Client User Client Cloud Server TPM.send(hw id) Attest(code) Trusted PPD Server Response (result) Separation kernel on client checked sitekey Client attested Alice

16 PPD Timeline #2: User launches App User Client Cloud Server Alice Launch trusted UI Authentication Trusted PPD Kernel PPD UI, Control App + Guest OS Launch application Trusted PPD Kernel PPD UI, Control App + Guest OS App communication

17 User and Developer Interface User creates data capsules – personal by default and decides who to share it with – does not specify a lattice of security labels PPD System provides trusted UI to user – User conveys change of ACLs to PPD Developers can request – Application Containers: per-user, per-data-capsule – Storage Containers: per-application, per-system

18 Outline of this talk PPD: Platform for Private Data PPD Architecture PPD Prototype and Evaluation

19 PPD Building Blocks Data capsules – E.g. “tax documents”, “thanksgiving ” – System assigns ACL as private by default Protected Containers – Linux containers (LXC), Copy-on-write FS (UnionFS). – Stops all explicit communication, except channels. – Hardware side channels, timing leaks out of scope

20 PPD Building Blocks Protected Channels – iptables firewall rules for LXC containers – Encryption, integrity-checking (TLS/SSL for network) – Trusted Channel from User to PPD to change ACLs Storage Proxies – Key-value proxy: put, get, and setACL interface – File-system proxy: fuse-based layer on key-val proxy

21 PPD Building Blocks PPD Controller – manages containers and channels – dynamically creates containers based on user or application requests – assigns iptables rules for all containers Remote Attestation – Intel TXT, TPM v1.2 – attest correct PPD code on untrusted machines

22 PPD Applications Friendshare: online storage with de- duplication (like Dropbox) Git: repository version control server Etherpad: online, collaborative editing (like Google Docs)

23 PPD Prototype TLS Proxy Ether Pad Controller ACL Store K/V ProxyFS Proxy DeDup Secure Block Device Storage Friend Share TPM Chip (Remote Attestation) LXC Containers ACL changes Linux Kernel IPTables Application Layer Storage Layer End Users

24 Eval: Porting Apps for PPD Scripts to install and configure apps in containers Application v. Storage containers – Friendshare Application: Scan directories, chunk files, change ACL Storage: De-duplication – Git, Etherpad Application: entire functionality

25 Eval: PPD Application Performance Minimal effect on Friendshare throughput Small Requests: 10 filenames Big Requests: 10KB images

26 PPD Application Performance Minimal effect on Friendshare latency

27 Summary PPD: New Data-Centric Cloud Platform – user controlled sharing – rich, mostly legacy applications PPD Architecture – untrusted application and storage components PPD Prototype and Evaluation – small performance and porting cost

28 The PPD Team

29 Current and Future Work Applications – medical applications, business data analytics Client-side PPD on Android – light-weight containers and channels on Nexus S Application initiated sharing – differential privacy

30 Related Approaches DIFC – PPD does not do fine-grained information flow tracking – Constrained containers + Dev API = simple system Capabilities – Can be used to implement containers and channels – Re-write legacy applications Android Security – Static, Coarse-grained permissions – User does not own data

31 Conclusion End User Developer privacy evidence privacy policy API App PPD Cloud provider

32 Backups

33 PPD Insights Co-design UI and System software – User decisions are intuitive (“share doc with Bob”) – System manages untrusted apps and private data Developer API – Per-user functionality v. Cross-user Optimizations Privacy: Data owners’ access control policy – Apps ‘see’ data only in sealed containers

34 Summary

35 PPD Evaluation: Etherpad

36 PPD Evaluation: Git

37 PPD: Platform for Private Data PPD is a data-centric cloud platform – rich, untrusted applications – strong privacy guarantees for end user PPD will spark innovation – through apps from small developers – making more private data available

38 PPD Design Simplest: User + PPD – Data capsules + ACL: (UI) Next: User + Application (front-end) + PPD – Per-user, Sharing Next: + Backend Storage – Rich optimizations, integrity checked

Download ppt "PPD: Platform for Private Data Mohit Tiwari with Krste Asanović, Dawn Song, Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou, Elaine Shi, Emil."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading Aaron Gember, Christopher Dragga, Aditya Akella University of Wisconsin-Madison.

ECOS: Leveraging Software-Defined Networks to Support Mobile Application Offloading Aaron Gember, Christopher Dragga, Aditya Akella University of Wisconsin-Madison.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion.

Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, Pongsin Poosankam, Matei Zaharia, Scott Shenker, Ion.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,

1 Attested Append-Only Memory: Making Adversaries Stick to their Word Byung-Gon Chun (ICSI) October 15, 2007 Joint work with Petros Maniatis (Intel Research,
Fundamentals of Computer Security Geetika Sharma Fall 2008.

Fundamentals of Computer Security Geetika Sharma Fall 2008.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.

Technical Brief v1.0. Communication tools that broadcast visual content directly onto the screens of computers, using multiple channels and formats Easy.
TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.

TRANSFORMATION HARDWARE SYSTEM ARCHITECTURES SVA Binary translation and emulation Formal methods Hardware support for isolation Dealing with malicious.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
Deploying an Application on the Cloud Chapter 4. Topics Your experience with Google App Engine and mine with Pop!World Web application Architecture Machine.

Deploying an Application on the Cloud Chapter 4. Topics Your experience with Google App Engine and mine with Pop!World Web application Architecture Machine.
Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.
Security and Privacy-preserving Applications minus the Pain Mohit Tiwari, Andrew Osheroff, Neel Rao, Prashanth Mohan, Eric Love, Elaine Shi, C. Papamanthou,

Security and Privacy-preserving Applications minus the Pain Mohit Tiwari, Andrew Osheroff, Neel Rao, Prashanth Mohan, Eric Love, Elaine Shi, C. Papamanthou,
MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

MetaSync File Synchronization Across Multiple Untrusted Storage Services Seungyeop Han Haichen Shen, Taesoo Kim*, Arvind Krishnamurthy,

Similar presentations

Ads by Google