petros maniatis devdatta akhawe kevin fall elaine shi
play

Petros Maniatis , Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen - PowerPoint PPT Presentation

Jan 03, 2024 •293 likes •545 views

Petros Maniatis , Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song Secure Data Capsules @ HotOS2011 3 Secure Data Capsules @ HotOS2011 4 Secure Data Capsules @ HotOS2011 5 Secure Data Capsules @ HotOS2011 6 Secure Data

  1. Petros Maniatis , Devdatta Akhawe, Kevin Fall, Elaine Shi, Stephen McCamant, Dawn Song

  2. Secure Data Capsules @ HotOS2011 3

  3. Secure Data Capsules @ HotOS2011 4

  4. Secure Data Capsules @ HotOS2011 5

  5. Secure Data Capsules @ HotOS2011 6

  6. Secure Data Capsules @ HotOS2011 7

  7. • Diverse modes of data use and storage outside owner’s control • Distinct organizations, infrastructures, jurisdictions • Unknown software, maintenance, trustworthiness • Deep, continuous, critical sharing Today: trust everyone to do anything undetected, or die Secure Data Capsules @ HotOS2011 9

  8. • Owner sets data policy: Data Use Controls (DUCs) • Policy enforced on data while out-of-custody • Data provenance maintained through all change 1. Support current OSes and applications without limiting choice 2. Remove OS, applications from the TCB, verify 3. Provide good performance Legacy is the Killer App Secure Data Capsules @ HotOS2011 10

  9. Secure Data Capsules @ HotOS2011 12

  10. Unmodified OS Application HW Secure Data Capsules @ HotOS2011 13

  11. Trusted Unmodified OS Application HyperVisor HW HRoT/TPM Secure Data Capsules @ HotOS2011 14

  12. Trusted Unmodified OS SEE System Application Interposer Taint Tracker HyperVisor HW HRoT/TPM Secure Data Capsules @ HotOS2011 16

  13. Trusted Unmodified OS SEE DUC Engine System Application Interposer Taint Auth DUC Tracker Provenance HyperVisor HW HRoT/TPM Secure Data Capsules @ HotOS2011 18

  14. Secure Data Capsules @ HotOS2011 19

  15. Petros’s Foot MRI • Mass here, mass there DUC • Dr. Magneto can edit • Dr. Ken can view Provenance • Nurse Jackie Created Secure Data Capsules @ HotOS2011 21

  16. Petros’s Foot MRI • Mass here, mass there DUC • Dr. Magneto can edit • Dr. Ken can view Provenance • Nurse Jackie Created • Dr. Magneto appended text, cropped image Secure Data Capsules @ HotOS2011 22

  17. Trusted Unmodified OS Unmodified OS SEE DUC Engine Application System Application Release Interposer Launch Secure Keys Auth Taint DUC Tracker Launch Secure Provenance HyperVisor HW HRoT/TPM Secure Data Capsules @ HotOS2011 23

  18. Trusted Unmodified OS SEE DUC Engine Application System Interposer Auth Taint DUC Tracker Provenance HyperVisor HW HRoT/TPM Secure Data Capsules @ HotOS2011 24

  19. Trusted Unmodified OS My photo SEE Tainted DUC Engine Before Before After ADD Application MUL MOV JMP Auth … … Secure Data Capsules @ HotOS2011 25

  20. Trusted Unmodified OS DUC Released Provenance Sandbox Intercept Release DUC Engine MRI Intercepted Taint Cropped Application Taint Other Obj Auth No taint X-Ray Taint Secure Data Capsules @ HotOS2011 26

  21. • Flow tracking does much of the heavy lifting, slooooowly • Might improve with: Restriction, Granularity, Asynchrony, Hardware • How to keep as little as possible of policy evaluation and flow tracking in TCB? Why T, CB? Prove it, please! • Are DUCs meaningful to humans? Composable? App-specific? • Covert channels a serious threat with untrusted applications • A tussle between flexibility – leak-ability, what can we do in between? • Aggregation/analytics? Secure Data Capsules @ HotOS2011 28

  22. Thank You! Secure Data Capsules @ HotOS2011 29

  23. • Ampoules • Cocoons • Caplets • Sheaths • Flasks • Husks • Pods • Bob Secure Data Capsules @ HotOS2011 30

  24. • The Enterprise Rights Management approach • Everyone uses same SW platform, applications • Like begging for non-compliance • Tough across organization/jurisdiction boundaries • Decentralized Information Flow Control • New OSes: small TCB but incompatible (e.g., HiStar), or compatible but large TCB (e.g., Flume) • New languages (e.g., Jif): rewrite applications, no protection at OS custody • Red/Green models: Trust application, disallow sharing, coarse granularity Secure Data Capsules @ HotOS2011 31

  25. • Sandboxes can have variable semantic richness 1. Know nothing of semantics • Act as a data sink, block all output except display • Storage Capsules [Borders2008] 2. Understand information flow • Allow output of data, sharing across apps • Must track flow of sensitive bits to outputs (DIFT) 3. Understand application or data semantics • Need trusted enforcers for app-specific policy • For now, targeting #2 with support for #3 Secure Data Capsules @ HotOS2011 32

Recommend

Symmetric-Key Cryptography CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Symmetric-Key Cryptography CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Symmetric-Key Cryptography CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 10, 2011 M 1 M 2 M 3 C 1 C 2 C 3 C 2 C 3 C 1 M 1 M 2 M 3 Original

291 views • 14 slides
Clickjacking Revisited A Perceptual View of UI Security Devdatta Akhawe / Warren He / Zhiwei Li/

Clickjacking Revisited A Perceptual View of UI Security Devdatta Akhawe / Warren He / Zhiwei Li/

Clickjacking Revisited A Perceptual View of UI Security Devdatta Akhawe / Warren He / Zhiwei Li/ Reza Moazzezi / Dawn Song University of California, Berkeley Clickjacking is a malicious technique of tricking a Web user into clicking on something

753 views • 39 slides
Detecting Attacks, Part 2 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Detecting Attacks, Part 2 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe,

Detecting Attacks, Part 2 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 14, 2011 Announcements Talk of possible interest next Monday:

492 views • 23 slides
Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 7, 2011 Todays Lecture A look at technical means for one form

1.07k views • 68 slides
Web Attacks, cont CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Web Attacks, cont CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Web Attacks, cont CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 24, 2011 Announcements Guest lecture a week from Thursday (March

777 views • 51 slides
Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Worms & Botnets CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 21, 2011 Announcements HKN reviewing today, 12:15PM Final exam

987 views • 31 slides
Web Attacks, cont CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Web Attacks, cont CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Web Attacks, cont CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 22, 2011 Announcements See Still confused about question 4

1.05k views • 72 slides
Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Network Attacks, Part 1 CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 3, 2011 1 Announcements / Game Plan Homework #1 out now, due

433 views • 24 slides
Impersonation CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed

Impersonation CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed

Impersonation CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 1, 2011 Announcements Midterm next Tuesday March 8th Scope is course

820 views • 78 slides
Viruses & Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses & Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses & Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 19, 2011 Announcements Matthias out for at least this coming week :-(

864 views • 31 slides
Viruses & Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses & Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin

Viruses & Worms CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 19, 2011 Announcements Matthias out for at least this coming week :-(

468 views • 46 slides
Network Control CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed

Network Control CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed

Network Control CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 10, 2011 1 Network Control: Firewalls Motivation: How do you harden a

838 views • 35 slides
Learning and Evaluating Contextual Embedding of Source Code Aditya Kanade 1 2 , Petros Maniatis 2

Learning and Evaluating Contextual Embedding of Source Code Aditya Kanade 1 2 , Petros Maniatis 2

Learning and Evaluating Contextual Embedding of Source Code Aditya Kanade 1 2 , Petros Maniatis 2 , Gogul Balakrishnan 2 , Kensen Shi 2 1 Indian Institute of Science 2 Google Brain General-Purpose Representations of Source Code Success of

252 views • 14 slides
Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta

Securing Internet Communication CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ March 31, 2011 Todays Lecture Applying crypto technology in

695 views • 51 slides
Finally, a Use for Componentized Transport Protocols Tyson Condie, Joseph M. Hellerstein, Petros

Finally, a Use for Componentized Transport Protocols Tyson Condie, Joseph M. Hellerstein, Petros

Finally, a Use for Componentized Transport Protocols Tyson Condie, Joseph M. Hellerstein, Petros Maniatis, Sean Rhea, Timothy Roscoe U.C. Berkeley and Intel Research Berkeley Roadmap History Whats different now? New uses for

508 views • 19 slides
Declare victory and move on. Why a Grand Challenge? We choose to go to the moon. We choose

Declare victory and move on. Why a Grand Challenge? We choose to go to the moon. We choose

Public Health for the Internet Toward a New Grand Challenge for Data Management Joseph M. Hellerstein, UC Berkeley Tyson Condie, Minos Garofalakis, Boon Thau Loo, Petros Maniatis, Timothy Roscoe, Nina A. Taft Our Last Grand Challenge

339 views • 17 slides
Denial-of-Service (DoS) & Web Attacks CS 161: Computer Security Prof. Vern Paxson TAs:

Denial-of-Service (DoS) & Web Attacks CS 161: Computer Security Prof. Vern Paxson TAs:

Denial-of-Service (DoS) & Web Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 17, 2011 Goals For Today Continue our

902 views • 52 slides
Approximating a tensor as a sum of rank-one components Petros Drineas Petros Drineas Rensselaer

Approximating a tensor as a sum of rank-one components Petros Drineas Petros Drineas Rensselaer

Approximating a tensor as a sum of rank-one components Petros Drineas Petros Drineas Rensselaer Polytechnic Institute Computer Science Department To access my web page: drineas Research interests in my group Algorithmic tools (Randomized,

340 views • 32 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Creating Data and Assessment Literate Teachers CAEPcon Fall By: Kathryn Newman, Ph.D. Elaine

Creating Data and Assessment Literate Teachers CAEPcon Fall By: Kathryn Newman, Ph.D. Elaine

Creating Data and Assessment Literate Teachers CAEPcon Fall By: Kathryn Newman, Ph.D. Elaine S. Foster, Ph.D. 2017 Loretta Walton Jaggers, Ph.D. Grambling State University The problem: Many educators leave EPPs without adequate

560 views • 27 slides
Network Attacks Review & Denial-of-Service (DoS) CS 161: Computer Security Prof. Vern Paxson

Network Attacks Review & Denial-of-Service (DoS) CS 161: Computer Security Prof. Vern Paxson

Network Attacks Review & Denial-of-Service (DoS) CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 15, 2011 Goals For Today Review

825 views • 53 slides
park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security

park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security

park ber Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor Amit Vasudevan (CyLab-CMU), Sagar Chaki (SEI-CMU), Petros Maniatis (Google Inc.), Limin Jia, Anupam Datta (ECE/CSD-CMU)

517 views • 24 slides
Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros

Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros

Bringing DevOps to Devices Modern Update Approaches for Embedded Linux Petros Angelatos April 2016 About me Petros Angelatos CTO & Founder of resin.io @petrosagg Agenda The need for updates Update techniques Our

352 views • 33 slides
NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna

NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna

NotaBot (NAB): Improving Service Availability in the Face of Botnet A=acks Ramakrishna (Ramki) Gummadi MIT Hari Balakrishnan (MIT), Petros Maniatis and Sylvia Ratnasamy (Intel Research) The problem: Service unavailability Bounced email

627 views • 28 slides

More recommend