making programs forget enforcing lifetime for sensitive
play

Making Programs Forget: Enforcing Lifetime for Sensitive Data - PowerPoint PPT Presentation

Sep 13, 2023 •297 likes •437 views

Making Programs Forget: Enforcing Lifetime for Sensitive Data Jayanthkumar Kannan (Google Inc), Gautam Altekar (UC Berkeley), Petros Maniatis (Intel Labs), Byung-Gon Chun (Intel Labs) 1 The Problem: Lingering Data Sensitive Data How long is

  1. Making Programs Forget: Enforcing Lifetime for Sensitive Data Jayanthkumar Kannan (Google Inc), Gautam Altekar (UC Berkeley), Petros Maniatis (Intel Labs), Byung-Gon Chun (Intel Labs) 1

  2. The Problem: Lingering Data Sensitive Data • How long is your data around? (Chow et. al. '04) o Where in memory? o Maybe on disk? 2

  3. Hard to Provide Sensitive Data Lifetime Existing approaches fall short • Shutdown the application? • Reboot? • Rely on application support? • Memory scrubbing? (Chow et al '05: Data shredding) • Change user behavior? (Borders et al '09: Capsules) • Time-based data access control? (Perlman '05) 3

  4. Goal: Guaranteed Data Lifetime • Guarantee: Data indicated as sensitive is not retrievable from system beyond specified time limit • Requirements • No application support • Non- disruptive : shouldn’t crash, interrupt your normal workflow • Contribution: Promising start, much further to go 4

  5. Observation: State Equivalence • For any program state computed from sensitive data, there usually exists an equivalent state not derived from the sensitive data • Example: o You get a sensitive email, read it, and then send and read some other emails o Equivalent State: Send and read other emails 5

  6. Approach: State Reincarnation • Replace current sensitive state with equivalent non-sensitive state • Challenge: How do we derive equivalent non- sensitive state? 6

  7. Deriving an Equivalent State • Key idea: deterministic replay with perturbed input Sensitive input Substitute w/ Non- ( user-designated) sensitive input sys_read(buf ) sys_read(buf ) Sensitive Non-sensitive state state S S’ 1. Original execution 2. Replay execution (record all inputs) (replace sensitive inputs) 7

  8. Challenges • Picking the sensitive-input replacements • Completeness: Eliminating all sensitive data • Overhead: Run-time cost 8

  9. Picking sensitive-input replacements • Given sensitive input I, and subsequent input I1, I2, we compute I' which leads to same execution path o Using tainting and constraint solving (Altekar '09) • Replay with I' • Hard-cases: Spell-checker, Hashing 9

  10. Completeness • Sensitive data can linger in various areas (OS buffers); how can we remove all of it? • Technique: Implement perturbed replay in VM • Need to trust VM not to retain data 10

  11. Overhead • We implemented recording at user-level • Slowdown: ~1.2X on bash 11

  12. Conclusion • Contributions: o Guaranteed Lifetime Property o State Reincarnation • Future work: o Picking right inputs for replay o Measuring overhead for consistent substitution 12

Recommend

Repairing Decision-Making Programs Under Uncertainty Samuel Drews Aws Albarghouthi Loris

Repairing Decision-Making Programs Under Uncertainty Samuel Drews Aws Albarghouthi Loris

Repairing Decision-Making Programs Under Uncertainty Samuel Drews Aws Albarghouthi Loris DAntoni University of Wisconsin-Madison Example Fairness Condition decision- making program Example Fairness Condition sensitive feature (e.g.

656 views • 48 slides
Drafting And Enforcing Complex Indemnifjcation Provisions D. Hull Youngblood, Jr. and Peter N.

Drafting And Enforcing Complex Indemnifjcation Provisions D. Hull Youngblood, Jr. and Peter N.

Drafting And Enforcing Complex Indemnifjcation Provisions D. Hull Youngblood, Jr. and Peter N. Flocos D. Hull Youngblood, Jr. is a partner in the Forget about copy and paste. The best indem Austin, Texas offjce nifjcation provisions start

311 views • 17 slides
Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs Raffi Khatchadourian 1* ,

Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs Raffi Khatchadourian 1* ,

Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs Raffi Khatchadourian 1* , Johan Dovland 2 , and Neelam Soundarajan 1 1 The Ohio State University, USA 2 University of Oslo, Norway * Partially administered during visit to

368 views • 33 slides
Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li and Jingling Xue SAS 2016 September, 2016 1 A New Pointer Analysis for Object-Oriented Programs 2 Pointer Analysis Determine which

965 views • 70 slides
Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V

Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V

Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V ALIANT , J AMES Z OU Advances in Neural Information Processing Systems December 12, 2019 AI systems today... Data Algorithm Model Users AI systems

561 views • 12 slides
Lifetime Products EcoHousing Initiative February 2010 WHO IS LIFETIME? Lifetime Products, Inc.

Lifetime Products EcoHousing Initiative February 2010 WHO IS LIFETIME? Lifetime Products, Inc.

Lifetime Products EcoHousing Initiative February 2010 WHO IS LIFETIME? Lifetime Products, Inc. is a privately held company headquartered in Clearfield, Utah, employing over 1,100 people. Our 2.6 million square-foot manufacturing facility in Utah

384 views • 15 slides
2016-17 Budget Proposal Mission: Making lifetime connections to campus, one person at a time

2016-17 Budget Proposal Mission: Making lifetime connections to campus, one person at a time

2016-17 Budget Proposal Mission: Making lifetime connections to campus, one person at a time Vision: To be the heart and soul of this great University Program Highlights and Impact Overview Opened the renovated Memorial Union West Wing in

403 views • 27 slides
They may forget what you said, but they will never forget how you made them feel .

They may forget what you said, but they will never forget how you made them feel .

They may forget what you said, but they will never forget how you made them feel . @ModestRobert @BunnyfootSays 1 Emotional Design 2 Technology moves from utilitarian to higher needs including emotion 3 Technology moves from

918 views • 55 slides
Toward a Developmentally Sensitive DSM-5: Chair: Patricia K. Kerig Making PTSD Criteria

Toward a Developmentally Sensitive DSM-5: Chair: Patricia K. Kerig Making PTSD Criteria

Toward a Developmentally Sensitive DSM-5: Chair: Patricia K. Kerig Making PTSD Criteria Developmentally Appropriate Michael S. Scheeringa PTSD as a Gateway Disorder in Children Justin Kenardy, Alexandra De Young, Erin Charlton Child

789 views • 78 slides
A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted insecurely Failure to protect all sensitive data Usernames, passwords, password hashes, credit-card information, identity info Session

415 views • 17 slides
Cognitive De-biasing Strategies for Critical, Time Sensitive Decision- making in Austere

Cognitive De-biasing Strategies for Critical, Time Sensitive Decision- making in Austere

Cognitive De-biasing Strategies for Critical, Time Sensitive Decision- making in Austere Environmental Emergencies What I Learned Spending 14 hours Peeing In My Wetsuit - Andrew Munoz Objectives Identify cognitive centers Isolate biases

601 views • 33 slides
Making any planar surface into a touch-sensitive display by a mere projector and camera Jingwen

Making any planar surface into a touch-sensitive display by a mere projector and camera Jingwen

Making any planar surface into a touch-sensitive display by a mere projector and camera Jingwen Dai Ronald Chung Computer Vision Laboratory Dept. of Mech. and Automation Engineering The Chinese University of Hong Kong PROCAMS2012, Providence, RI,

308 views • 16 slides
Lest we forget The tumult and the shouting dies; The Captains and the Kings depart: Still stands

Lest we forget The tumult and the shouting dies; The Captains and the Kings depart: Still stands

Lest we forget The tumult and the shouting dies; The Captains and the Kings depart: Still stands Thine ancient sacrifice, An humble and a contrite heart. Lord God of Hosts, be with us yet, Lest we forget lest we forget! Far-called our

507 views • 11 slides
Making electricity demand weather-sensitive? A French example... Since 1974: 63 GW of installed

Making electricity demand weather-sensitive? A French example... Since 1974: 63 GW of installed

Making electricity demand weather-sensitive? A French example... Since 1974: 63 GW of installed nuclear capacity (58 reactors) Electric heating: 36% of residential electricity consumption | 2001-2011: electric heating for more than 60% of

520 views • 10 slides
Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of enforcing contracts in Malaysia Sabarina Samadi ASEAN INSIDERS 5-6 December 2016 by origin and passion 1 OVERVIEW Introduction to the Malaysian

390 views • 37 slides
Making Systems Sensitive to the Users Time and Working Memory Constraints Anthony Jameson,

Making Systems Sensitive to the Users Time and Working Memory Constraints Anthony Jameson,

Making Systems Sensitive to the Users Time and Working Memory Constraints Anthony Jameson, Ralph Schfer, Thomas Weis, Andr Berthold, Thomas Weyrath Project "Resource-Adaptive Dialog" DFG Collaborative Research Center on

314 views • 18 slides
Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel

Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel

Non-Signatories Before and After Arbitration: Compelling Arbitration and Enforcing Awards Panel II Enforcing Awards Speakers: Teddy Baldwin, Steptoe & Johnson LLP Victoria Shannon Sahani , Sandra Day OConnor College of Law at Arizona

404 views • 22 slides
Dont forget the past Dont forget the concerns of citizens 1- Information TRUST NIMBY

Dont forget the past Dont forget the concerns of citizens 1- Information TRUST NIMBY

May 5, 2006 Dont forget the past Dont forget the concerns of citizens 1- Information TRUST NIMBY as an excuse to minimize reality Give fair, correct first hand information directly to the Locals: technologies, security,

334 views • 4 slides
Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris

Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris

Making Context-sensitive Points-to Analysis with Heap Cloning Practical For The Real World Chris Lattner Andrew Lenharth Vikram Adve Apple UIUC UIUC What is Heap Cloning? Distinguish objects by acyclic call path void foo() { list*

556 views • 28 slides
Typical English mistakes The system consist of three main component. Giorgio Buttazzo don't forget

Typical English mistakes The system consist of three main component. Giorgio Buttazzo don't forget

24/01/2020 Most frequent mistakes Typical English mistakes The system consist of three main component. Giorgio Buttazzo don't forget the s don't forget the s don't forget the s don't forget the s g.buttazzo@sssup.it in third persons in third

234 views • 7 slides
Memory management programs use a lot of memory over their lifetime, but not all of it at the same

Memory management programs use a lot of memory over their lifetime, but not all of it at the same

Memory management The memory of a computer is a finite resource. Typical Memory management programs use a lot of memory over their lifetime, but not all of it at the same time. The aim of memory management is to use that finite resource as

473 views • 15 slides
K.H.A.O.S. is Trauma sensitive organization that provides services to create and

K.H.A.O.S. is Trauma sensitive organization that provides services to create and

K.H.A.O.S. is Trauma sensitive organization that provides services to create and maintain mental wellness. Our Target Populations include: Individual, Families, and Communities Our 5 Core Programs include: Organized KHAOS,

824 views • 30 slides
On 802.1 Time Sensitive Networking Norm Finn Cisco 1 1 1 1 This is an overview, with

On 802.1 Time Sensitive Networking Norm Finn Cisco 1 1 1 1 This is an overview, with

On 802.1 Time Sensitive Networking Norm Finn Cisco 1 1 1 1 This is an overview, with lots of pointers to more detailed documents. One slide has market justification. The rest of the deck is about making it happen, with an emphasis on

436 views • 18 slides
Pre-accredited programs at the CAE Making a difference Pre-accredited training Locally

Pre-accredited programs at the CAE Making a difference Pre-accredited training Locally

Pre-accredited programs at the CAE Making a difference Pre-accredited training Locally designed programs that provide vocational education and training (VET) opportunities that engage and initiate vocational pathways for the most

132 views • 11 slides

More recommend