Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Platform for Private Data

advertisement 
PPD: Platform for Private Data
Mohit Tiwari
with Krste Asanović, Dawn Song,
Petros Maniatis*, Prashanth Mohan, Charalampos Papamanthou,
Elaine Shi, Emil Stefanov, Nguyen Tran
UC Berkeley Intel*
The Age of Big Data
Plentiful, and Private
Rich Applications
Richness
Time
Need Data Protection as a Service
Vulnerable software
(Un) Intentional
Misuse
Insider Attacks
Ideal: Privacy Preserving Cloud
Developer
End User
privacy policy
privacy evidence
API
Cloud provider
App
Ideal: Platform for Private Data
• Data protection as a service
• Users
– control access to their data
– access third-party applications
• Developers
– save resources, need not be security experts
– access personal data hitherto unavailable
Challenge #1
Untrusted applications own users’ data.
Developer
End User
API
Cloud provider
Challenge #2
Novice Users
PPD: Platform for Private Data
Developer
End User
intuitive
privacy policy
privacy evidence
API
App
App
+
Guest OS
private data vault
sealed container
PPD Cloud provider
Outline of this talk
• PPD: Platform for Private Data
• PPD Architecture
• PPD Prototype and Evaluation
PPD Applications
Cloud Storage
Personal Documents
user
initiated
sharing
Real-time applications
E-commerce
Social applications
Miscellaneous:Browsing,
peer-to-peer
PPD Architecture: Users
End-User
Trusted
User Interface
Protected
Channel
ACLs
id
o
r
w
A.tax
A
A
A
PPD
Cloud Provider
Hardware with
TPM
Untrusted Storage
PPD Architecture: Applications
Developer
End-User
Trusted
User Interface
App
uni-directional
Untrusted
Application
Application Container
Cleartext
data
PPD
Cloud Provider
per-capsule: RW
per-user: R all, W flagged
PPD Controller and ACL Manager
Hardware with
TPM
Untrusted Storage
PPD Architecture: Storage
Developers
End-Users
Trusted
User Interface
Untrusted
Application
App
PPD
Storage Proxy
App
Dedup,
Caching,
Replication,…
Integrity
check
PPD
Cloud Provider
PPD Controller and ACL Manager
Hardware with
TPM
Untrusted Storage
Storage Container
PPD Timeline #1: User attests Client
User
Client
Alice
Cloud Server
TPM.send(hw id)
Attest(code)
Response (result)
sitekey
Client
attested
sitekey
Trusted PPD Server
Separation kernel
on client checked
PPD Timeline #2: User launches App
User
Alice
Client
Cloud Server
Launch trusted UI
Authentication
Launch application
PPD
UI,
Control
App
+
Guest OS
Trusted PPD Kernel
App communication
PPD
UI,
Control
App
+
Guest OS
Trusted PPD Kernel
User and Developer Interface
• User creates data capsules
– personal by default and decides who to share it with
– does not specify a lattice of security labels
• PPD System provides trusted UI to user
– User conveys change of ACLs to PPD
• Developers can request
– Application Containers: per-user, per-data-capsule
– Storage Containers: per-application, per-system
Outline of this talk
• PPD: Platform for Private Data
• PPD Architecture
• PPD Prototype and Evaluation
PPD Building Blocks
• Data capsules
– E.g. “tax documents”, “thanksgiving ”
– System assigns ACL as private by default
• Protected Containers
– Linux containers (LXC), Copy-on-write FS (UnionFS).
– Stops all explicit communication, except channels.
– Hardware side channels, timing leaks out of scope
PPD Building Blocks
• Protected Channels
– iptables firewall rules for LXC containers
– Encryption, integrity-checking (TLS/SSL for network)
– Trusted Channel from User to PPD to change ACLs
• Storage Proxies
– Key-value proxy: put, get, and setACL interface
– File-system proxy: fuse-based layer on key-val proxy
PPD Building Blocks
• PPD Controller
– manages containers and channels
– dynamically creates containers based on user or
application requests
– assigns iptables rules for all containers
• Remote Attestation
– Intel TXT, TPM v1.2
– attest correct PPD code on untrusted machines
PPD Applications
• Friendshare: online storage with deduplication (like Dropbox)
• Git: repository version control server
• Etherpad: online, collaborative editing (like
Google Docs)
PPD Prototype
End Users
ACL
changes
TLS Proxy
Ether
Pad
LXC
Containers
ACL
Store
FS Proxy
K/V Proxy
Storage
Layer
Friend
Share
Controller
Application
Layer
TLS Proxy
DeDup
IPTables
Storage
Linux Kernel
Secure Block Device
TPM Chip
(Remote Attestation)
Eval: Porting Apps for PPD
• Scripts to install and configure apps in containers
• Application v. Storage containers
– Friendshare
• Application: Scan directories, chunk files, change ACL
• Storage: De-duplication
– Git, Etherpad
• Application: entire functionality
Eval: PPD Application Performance
• Minimal effect on Friendshare throughput
Small Requests: 10 filenames
Big Requests: 10KB images
PPD Application Performance
• Minimal effect on Friendshare latency
Summary
• PPD: New Data-Centric Cloud Platform
– user controlled sharing
– rich, mostly legacy applications
• PPD Architecture
– untrusted application and storage components
• PPD Prototype and Evaluation
– small performance and porting cost
The PPD Team
Current and Future Work
• Applications
– medical applications, business data analytics
• Client-side PPD on Android
– light-weight containers and channels on Nexus S
• Application initiated sharing
– differential privacy
Related Approaches
• DIFC
– PPD does not do fine-grained information flow
tracking
– Constrained containers + Dev API = simple system
• Capabilities
– Can be used to implement containers and channels
– Re-write legacy applications
• Android Security
– Static, Coarse-grained permissions
– User does not own data
Conclusion
End User
privacy policy
privacy evidence
Developer
API
PPD Cloud provider
App
Backups
PPD Insights
• Co-design UI and System software
– User decisions are intuitive (“share doc with Bob”)
– System manages untrusted apps and private data
• Developer API
– Per-user functionality v. Cross-user Optimizations
• Privacy: Data owners’ access control policy
– Apps ‘see’ data only in sealed containers
Summary
PPD Evaluation: Etherpad
PPD Evaluation: Git
PPD: Platform for Private Data
• PPD is a data-centric cloud platform
– rich, untrusted applications
– strong privacy guarantees for end user
• PPD will spark innovation
– through apps from small developers
– making more private data available
PPD Design
• Simplest: User + PPD
– Data capsules + ACL: (UI)
• Next: User + Application (front-end) + PPD
– Per-user, Sharing
• Next: + Backend Storage
– Rich optimizations, integrity checked
Related documents
Draft tool to measure public private cooperation
Draft tool to measure public private cooperation
PPD Transition Strategies
PPD Transition Strategies
Extending Cassava shelf-life through exploring Induced Mutations
Extending Cassava shelf-life through exploring Induced Mutations
Sustainable PPD in a Volatile Political Environment
Sustainable PPD in a Volatile Political Environment
Your Presentation-Do and Don`t
Your Presentation-Do and Don`t
PPT presentation
PPT presentation
MEETING OF THE MAJORS
MEETING OF THE MAJORS
Information presentation to support Learning Alliances (PPT 2MB)
Information presentation to support Learning Alliances (PPT 2MB)
PPT
PPT
Download
advertisement