security and privacy in the age of software controlled surroundings
DESCRIPTION
Security and privacy in the age of software controlled surroundings. Prashanth Mohan David Culler. What are your expectations of privacy and security when you are in a shared space?. Changing the way we interact. In a personalized world. A living and breathing surrounding. - PowerPoint PPT PresentationTRANSCRIPT
Security and privacy in the age of software controlled surroundings
Prashanth MohanDavid Culler
What are your expectations of privacy and security when you
are in a shared space?
Changing the way we interact
In a personalized world
A living and breathing surrounding
No more key chains or key cards
Digital Security
Physical SecurityData Platform (BOSS)
Data VisualizationApps
Data Sources Control Data
Data LearningApps
How can we ensure sandboxed data analysis?
How can we restrictmixing of data?
How can we understand
arbitrary data types?
How can we ensure the
reliability of control data?
How can we improve the integrity of
data sources?
Enforcing end-to-end user policies
• Mobad - How can we maximize benefit while analyzing data locally (for privacy)?
• Rubicon - Can we reuse existing software systems while still obtaining privacy guarantees?
• Gupt - How can we mine data without divulging the privacy of individuals?
Many open privacy questionsCan we describe privacy in higher level constructs??
How do we make sense of the wide variety of data sources?
Who has access to what data?
Is the building a natural boundary for data?
Security of building networks
Static Analysis Techniques
Code Instrumentation
Dynamic Analysis using Input Replay
Brainstorm: Ensuring security
• Secure the networks!• Understand the state machine of the building
– “control transactions” limit bad states• How can we apply the principle of least
privilege for apps on BOSS?• Software security at the firmware layer
Backup
Topics for discussion
• When you enter a public building, what are your privacy and security expectations?
• How expensive should attacks become in order to limit malicious behavior?
• Is privacy a lost cause?• How much of these problems can be solved
with appropriate regulation?
17
User data
Processeddata
Research Progress
Client Device Web Application
Multiple users’ data
Learning Models
Machine Learning
Client Data Privacy: EuroSys13, HotSec12, MobiSys10
Cloud Data Privacy: IEEESP13*, SIGMOD12
18
Functional Blocks
Integrity Checking
ACL Checking
User Authentication
Image source: Wikipedia
Template Processor
Isolated Containers
Easy drop-in solution for existing 3-tier programs
19
TLS Proxy TLS Proxy
Secure Block DeviceStorage
TPM Chip (Remote Attestation)
Linux KernelIPTables
Cont
rolle
r
ACL Store
ACL changes
EtherPad
FriendShare
ApplicationLayer
K/V Proxy FS Proxy
DeDupStorageLayer
End Users
20
Differential PrivacyPrivacy budget
Randomized algorithm Any measurable setNeighbors: two datasets
differing in exactly one entry
Function Sensitivity
dfLapDfDA
)()(
Web Frontend
Data Set Manager
1. Data Set2. Data Parser3. Privacy ↵Budget (ε)
Isolated Execution Chambers
Isolated Execution Chambers
Isolated Execution Chambers
Computation Manager
Untrusted Computation
Comp Mgr XML RPC Layer
Computation Differentially Private Answer
Noise Generator
1. Computation2. [Bounds Estimator]
Auditing