1 / 22

Data-Centric Security

Data-Centric Security. Dawn Song UC Berkeley. Collaboration with Lorenzo Martignoni , Stephen McCamant , Pongsin Poosankam , Matei Zaharia , Scott Shenker , Ion Stoica , Vern Paxson , Emil, Elaine Shi, Petros , David Evans. Outline.

hedva
Télécharger la présentation

Data-Centric Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data-Centric Security Dawn Song UC Berkeley Collaboration with Lorenzo Martignoni, Stephen McCamant, PongsinPoosankam, MateiZaharia, Scott Shenker, Ion Stoica, Vern Paxson, Emil, Elaine Shi, Petros, David Evans

  2. Outline • Data-centric security: protecting the data directly instead of network or host-based protection • Three examples • Cloud-terminal: providing trusted input/output • Platform for private data • Secure web applications: guardrails

  3. The Cloud Terminal Architecture for End-to-End Secure Applications Dawn Song with Lorenzo Martignoni, Stephen McCamant, PongsinPoosankam, MateiZaharia, Scott Shenker, Ion Stoica, Vern Paxson

  4. Motivation Imagine: you want to check your bank account balance securely Quickly switch your PC to a secure operation mode Application provides a normal-looking graphical interface But, information security does not depend on your primary OS or any of its software Application environment is known clean Secure even if commodity OS is compromised by malware

  5. How about: one VM per app? Possible approach: one VM per secure app Pro: strong isolation Cons: Heavy weight Management overhead Multiple general-pupose VMs on one machine require complex hardware virtualization (e.g., Xen) Must be careful to keep secure VMs clean (e.g., roll back virtual disk after session) How can the bank know you're using a secure VM? Want to achieve similar isolation, but Much lighter weight on client side Centralize the application logic and administration Enable a new security abstraction

  6. VM Secure thin terminal Cloud Terminal architecture General- purpose OS Application Virtual desktop server Lightweight hypervisor Cloud rendering engine Regular PC hardware Encrypted tunnel

  7. Secure Thin Terminal Coexists with a general-purpose commodity OS But completely stand-alone and isolated: when it runs, the untrusted OS is suspended Reads encrypted bitmaps from the network, and decrypts and displays them Reads keyboard and mouse events, encrypts and sends them on the network Lightweight hypervisor enforces isolation Trusted boot using a TPM allows remote attestation, proving the STT is running unmodified on the bare hardware

  8. Cloud Rendering Engine Move application logic to centralized servers for ease of administration and protection Each user session has its own VM, with a stripped-down desktop environment and the chosen application Virtual desktop server (e.g., VNC) plus encrypting proxy VMs can share disk and memory copy-on-write to minimize resource usage Application can be stand-alone, or a browser configured for a specific web application

  9. Results from initial prototype

  10. Results from initial prototype VNC client and drivers for input, graphics, and network require only a few KLOC Display latency (e.g., keystroke echo) low, even with a cloud server in another state A single commodity server can support more than 100 simultaneous rendering VMs

  11. Outline • Data-centric security: protecting the data directly instead of network or host-based protection • Three examples • Cloud-terminal: providing trusted input/output • Platform for private data • Secure web applications: guardrails

  12. Protecting users’ data is an intricate issue! • Inadvertent disclosure • AOL search log scandal • Netflix contest • Malware and software compromise • RockYou password leakage • Insider attack • Google incident

  13. Platform for Private Data • Provide desired services in the cloud while ensuring security and privacy of customers’ data • Provide privacy & trust evidence • Customer does not just rely on trust on service provider • Provide trustworthy audit trails • For forensics, provenance, accountability, dispute • General architecture for broad applicability • Practical performance & usability

  14. Platform for private data and privacy evidence Application: Financial advisor Application: Drug side effect tracker API Privacy evidence Platform for Private Data

  15. Architecture • Secure data capsule • Data encrypted at rest • Security policy attached to data • Trusted computing hardware provides root of trust • Secure execution environment • Data capsule only decrypted in secure execution environment • Only authorized code can access and operate on data • Support for legacy applications • Program analysis and information flow • Advanced engines for database queries and privacy-preserving data analytics • Secure auditing

  16. Application Info flow tracking Operations on sensitive data Secure Execution Environment Secure data capsules … Platform for Private Data (TCB) Privacy evidence Diff. Priv. Engine Query Engine Policy Engine Audit Engine TPM & Processor isolation

  17. Outline • Data-centric security: protecting the data directly instead of network or host-based protection • Three examples • Cloud-terminal: providing trusted input/output • Platform for private data • Secure web applications: guardrails

  18. Ruby on Rails Code Policy Annotations Attach Policies to Data Little developer effort Improved readability and analyzability Secure Web Application Automatically enforce policies throughout application Jonathan Burket, Patrick Mutchler, Michael Weaver, MuzzammilZaveri, David Evans. GuardRails: A Data-Centric Web Application Security Framework. To appear in USENIX WebApps 2011. OWASP AppSec DC

  19. Example Policies Policies are attached to classes or individual fields. Can perform arbitrary checking and actions based on read, edit, append, create, destroy events.

  20. Thank you! dawnsong@cs.berkeley.edu

  21. Data-Oriented Computing at Many Levels Clients Servers Network Protocols Web Framework JavaScript - DOM Ruby/Java/Python/C# Interpreter/VM Interpreter/VM Binaries Binaries Physical Hardware Physical Hardware

  22. Context-Sensitive Data Transformations URL Parameters Controller Model Form Data Other User Input View Database Tainted HTML Taint Status Data Context-Sensitive Sanitization Safe HTML “foo” + “bar”  “foobar”

More Related