SCRUB: Secure Computing Research for Users’ Benefit

1. SCRUB: Secure Computing Research for Users’ Benefit David Wagner http://scrub.cs.berkeley.edu/

2. Security is hard

3. What is SCRUB? • SCRUB is a new center focusing on security for user’s benefit • Model: industry funding + collaboration • 4 Intel researchers in residence at Berkeley • $2.5M/year in funding • Open IP policy • Schools: Berkeley, CMU, Drexel, Duke, UIUC

4. Research Agenda Thin intermediation layer Mobile security SCRUB Data-centric security Security analytics

5. Security of Desktop Computing • Problem: today’s desktops use a security architecture based upon 1970’s-era threat model.

7. Secure Desktop Computing • A thin, low-level intermediation layer can enable secure computation • e.g., online banking – establish an island of security amidst the sea of malware • Benefit to users: secure computing on insecure desktops

8. Securing the desktop:Thin intermediation layer Email Web browser Banking app OS OS Thin client Intermediation layer Hardware

9. Mobile Security • Huge growth in third-party apps:

10. Mobile Security • How do we ensure third-party apps are safe? • New paradigm for secure computing: protect against apps, not against users • Benefit to users: Secure smartphones, tablets How do we build effective app permission systems? Can we make app stores more robust and secure?

11. Desktop OS • Threat model:users attacking users • Applications run withusers’ full privileges

12. Modern Reality • Threat model:apps attacking users • One user per device • Users don’t trust all apps

13. Permission Systems User approves what permissions the application receives. • Does this provide security benefits?

14. The Good News • Permissions do limit harm from breaches • Developers do comply • Only 30% of apps are overprivileged, and only a little • But can users use permissions effectively? Android apps get median of 4 permissions; desktop apps get 56. Only 10% of Android apps can cost users money, and only 15% get personal info.

15. More work needed • Some users can use permissions effectively • 20% demonstrated awareness and some comprehension • 20% have declined to install an app because of perms • But, at least on Android, permissions are not effective for most users • Only 17% of Android users look at permissions • Only 24% understand Android permissions (more or less) • Our user studies partially explain why, but more work is needed to find a good solution

16. Apps as paradigm for security • Beyond phones: app-based platforms offer a path to securing laptops and desktops. Phone Desktop

17. Data-centric security • Data increasingly resides not only on end-user devices, but also on servers, cloud, … • Can we provide consistent protection for user data as it flows through a complex distributed system, no matter where it is stored? • Benefit to users: visibility and control over their data

18. Data-centric security • Cloud platform protects user data and ensures that apps can’t misuse it • Each user’s data is separately encrypted. When cloud authenticates the user, it gives app access to user’s data. Cloud prevents apps from exfiltrating the data. • Ability to audit who has access to data. App cloud server encrypted, authenticated channel encrypted storage

19. Security analytics • How can we accurately measure security? • Current approaches lead us in the dark • Are our efforts to secure systems making progress? • Goal: robust security metrics and analytics • Benefit to users: Ability to prioritize, manage, and measure security

20. Learn more • Come visit us:SCRUB Open House, 2-4pm, 373 Soda Hall • Come visit the TRUST center, too:TRUST Open House, 2-4pm, 337 Cory Hall • Follow our work:http://scrub.cs.berkeley.edu/