Trusted - Piazza

Download Report

Transcript Trusted - Piazza

Lecture 2
CMSC 818J: Privacy enhancing technologies
Logistics
 Piazza?
 Short presentations sign-up
[Recap] Privacy: End-to-End Solution
Users
Devices/
Client-side
software
Network
Cloud platform
Application
(provides computation
and storage)
This Week
 Software architectures that offer data protection from
the ground up
 For cloud services
 On client devices
 A more in-depth overview for the rest of the semester
 Today: the vision, the glue, and the challenges
 Rest of semester: components
[Recap] Cloud computing
 Cloud computing – storage and computation move into the
cloud
[Recap] Paradigm Shift
Today
Future
Cloud Model
User
7
Trust Model
 Applications can be buggy, compromised, or malicious
 Cloud platform may be buggy, compromised or malicious
 including computation and storage provider
 Cloud operators can be nosey or malicious
How can we secure our
data in the cloud?
Why is the problem hard?
 Solution 1: Encrypt data stored in cloud
 How does the cloud compute over your data?
 Fully homomorphic encryption?
 Data mining over multiple users’ data?
 Spam detection, advertising
 Economics
 Tension between privacy and utility
Stake holders
User
Application
provider
Platform
provider
Usability, functionality,
performance
Easy app development,
$$
$$
Cloud Model
User
12
Key Challenges
User
How can we protect our data against
compromised applications?
How can we protect our data
against a compromised computation
provider?
13
How can we protect our data
against a compromised storage
provider?
Roadmap
 Step 1: Assume cloud platform is trusted, how can we secure
against untrusted applications?
 Application confinement
 Information flow control/access control
 Cloud platform is root of trust
 Step 2: How to secure against an untrusted cloud platform?
 Trusted computing and code attestation
 Secure software systems
 Secure storage
Roadmap
 Step 1: Assume cloud platform is trusted, how can we secure
against untrusted applications?
 Application confinement
 Information flow control/access control
 Cloud platform is root of trust
 Step 2: How to secure against an untrusted cloud platform?
 Trusted computing and code attestation
 Secure software systems
 Secure storage
Untrusted Applications: The Threats
Untrusted 3rd-party application
User
Tax filing
app
Trusted computation/storage provider
Untrusted Applications: The Threats
Untrusted 3rd-party application
User
Tax filing
app
Trusted computation/storage provider
Application confinement
User
Tax filing
app
Trusted computation/storage provider
Application confinement
User
Tax filing
app
Trusted computation/storage provider
Access and information flow control
User
Share data with
my doctor
Medical
advisory
app
Trusted computation/storage provider
Access and information flow control
User
Share data with
my friend
Google
docs
Trusted computation/storage provider
Access and information flow control
User
Application
Finance
Readers:
[Alice]
Photos
Work
Medical
[Alice, Bob] [Alice, Charles] [Alice, David]
Trusted computation/storage provider
Pros, cons, and challenges
Pros, cons, and challenges
 Scalability, scalability, scalability!
 Usability
 Economics
 Applicability
 What about data mining applications?
 What about applications and services that call each other (e.g.,
google maps API)
Two Types of Applications
Type 1:
Silo-based applications
Type 2:
Data intelligence
Bob
Recommendations
Traffic advice
Bob’s financial
documents
25
Alice
Bob
Charlie
David
….
Threats for statistical releases
I want information
about Batman’s
whereabouts
Alice
Bob
……
Location Database
Data
mining
Mean, std
Classification
Clustering
Is releasing aggregate statistics safe?
People who bought
also bought
Amazon
Defense: differential privacy, data sanitization
Sealed container
Recommendations
Traffic advice
Alice
Bob
Charlie
……
Platform for Private Data (PPD)
Roadmap
 Step 1: Assume cloud platform is trusted, how can we secure
against untrusted applications?
 Application confinement
 Information flow control/access control
 Cloud platform is root of trust
 Step 2: How to secure against an untrusted cloud platform?
 Trusted computing and code attestation
 Secure software systems
 Secure storage
How can you trust a remote system?
Trusted Platform
Module (TPM)
Code attestation
What code are
you running?
Trusted Platform
Module (TPM)
Here’s a digest
of my code.
Verifier
Bootstrapping Trust Through
Trusted Hardware
Untrusted
components
Cloud Server
Monitor, enforce!
Privacy policy
32
Trusted Platform
Module (TPM)
Privacy
evidence
Securing storage
 Confidentiality
 Encryption
 Integrity checking
 Authenticated data structures
 Hiding access patterns
 Oblivious storage
Support for untrusted storage
backend modules
File system,
DB
Key/value store
Integrity
check
Putting it All Together: Platform for Private Data
Sealed container
Usable API
User
App developer
• Monitor
• Enforce
Privacy policy
TPM
35
Privacy
evidence
User
Apps
Secure data capsules
Privacy
evidence
Isolation
Information
flow control
Data
sanitization
Audit
engine
…
BStore
BStore authors’ slides
BStore discussions: pros, cons,
challenges?
BStore discussions: pros, cons,
challenges?
 Pros:




Users can choose storage provider
Centralizes access control
Centralizes storage security
Lowers bar of entry for small vendors?
 Cons, challenges:




Does not support cross-user sharing
Does not defend against untrusted apps
Should users trust apps to delegate access rights?
Incremental deployment?