1 / 38

PPD: Platform for Private Data

PPD: Platform for Private Data. Mohit Tiwari with Krste Asanović , Dawn Song, Petros Maniatis *, Prashanth Mohan, Charalampos Papamanthou , Elaine Shi, Emil Stefanov , Nguyen Tran UC Berkeley Intel* . The Age of Big Data. Plentiful, and Private. Rich Applications.

kayo
Download Presentation

PPD: Platform for Private Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PPD: Platform for Private Data MohitTiwari with KrsteAsanović, Dawn Song, PetrosManiatis*, Prashanth Mohan, CharalamposPapamanthou, Elaine Shi, Emil Stefanov, Nguyen Tran UC Berkeley Intel*

  2. The Age of Big Data Plentiful, and Private

  3. Rich Applications Richness Time

  4. Need Data Protection as a Service Vulnerable software (Un) Intentional Misuse Insider Attacks

  5. Ideal: Privacy Preserving Cloud Developer End User privacy evidence privacy policy App API Cloud provider

  6. Ideal: Platform for Private Data • Data protection as a service • Users • control access to their data • access third-party applications • Developers • save resources, need not be security experts • access personal data hitherto unavailable

  7. Challenge #1 Untrusted applications own users’ data. Developer End User API Cloud provider

  8. Challenge #2 Novice Users

  9. PPD: Platform for Private Data Developer End User intuitive privacy policy privacy evidence App API • App • + • Guest OS private data vault sealed container PPD Cloud provider

  10. Outline of this talk • PPD: Platform for Private Data • PPD Architecture • PPD Prototype and Evaluation

  11. PPD Applications user initiated sharing

  12. PPD Architecture: Users End-User Trusted User Interface Protected Channel ACLs Hardware with TPM PPD Cloud Provider Untrusted Storage

  13. PPD Architecture: Applications Developer End-User Trusted User Interface uni-directional App per-capsule: RW per-user: R all, W flagged Application Container • Cleartext • data PPD Cloud Provider Hardware with TPM PPD Controller and ACL Manager • Untrusted Application Untrusted Storage

  14. PPD Architecture: Storage Developers End-Users App App Trusted User Interface PPD Storage Proxy • Dedup, Caching, Replication,… Storage Container Integrity check PPD Cloud Provider Hardware with TPM PPD Controller and ACL Manager • Untrusted Application Untrusted Storage

  15. PPD Timeline #1: User attests Client User Client Cloud Server Alice TPM.send(hw id) Trusted PPD Server Attest(code) Response (result) Separation kernel onclient checked sitekey sitekey Client attested

  16. PPD Timeline #2: User launches App User Client Cloud Server Launch trusted UI Alice Authentication App + Guest OS PPD UI, Control Launch application Trusted PPD Kernel PPD UI, Control App + Guest OS App communication Trusted PPD Kernel

  17. User and Developer Interface • User creates data capsules • personal by default and decides who to share it with • does not specify a lattice of security labels • PPD Systemprovides trusted UI to user • User conveys change of ACLs to PPD • Developers can request • Application Containers: per-user, per-data-capsule • Storage Containers: per-application, per-system

  18. Outline of this talk • PPD: Platform for Private Data • PPD Architecture • PPD Prototype and Evaluation

  19. PPD Building Blocks • Data capsules • E.g. “tax documents”, “thanksgiving ” • System assigns ACL as private by default • Protected Containers • Linux containers (LXC), Copy-on-write FS (UnionFS). • Stops all explicit communication, except channels. • Hardware side channels, timing leaks out of scope

  20. PPD Building Blocks • Protected Channels • iptables firewall rules for LXC containers • Encryption, integrity-checking (TLS/SSL for network) • Trusted Channel from User to PPDto change ACLs • Storage Proxies • Key-value proxy: put, get, and setACL interface • File-system proxy: fuse-based layer on key-val proxy

  21. PPD Building Blocks • PPD Controller • manages containers and channels • dynamically creates containers based on user or application requests • assigns iptables rules for all containers • Remote Attestation • Intel TXT, TPM v1.2 • attest correct PPD code on untrusted machines

  22. PPD Applications • Friendshare: online storage with de-duplication (like Dropbox) • Git: repository version control server • Etherpad: online, collaborative editing (like Google Docs)

  23. PPD Prototype End Users ACL changes TLS Proxy TLS Proxy ACL Store Controller ApplicationLayer LXCContainers FriendShare EtherPad DeDup StorageLayer K/V Proxy FS Proxy TPMChip (Remote Attestation) Storage IPTables Linux Kernel Secure Block Device

  24. Eval: Porting Apps for PPD • Scripts to install and configure apps in containers • Application v. Storage containers • Friendshare • Application: Scan directories, chunk files, change ACL • Storage: De-duplication • Git, Etherpad • Application: entire functionality

  25. Eval: PPD Application Performance • Minimal effect on Friendsharethroughput Big Requests: 10KB images Small Requests: 10 filenames

  26. PPD Application Performance • Minimal effect onFriendsharelatency

  27. Summary • PPD: New Data-Centric Cloud Platform • user controlled sharing • rich, mostly legacy applications • PPD Architecture • untrusted application and storage components • PPD Prototype and Evaluation • small performance and porting cost

  28. The PPD Team

  29. Current and Future Work • Applications • medical applications, business data analytics • Client-side PPD on Android • light-weight containers and channels on Nexus S • Application initiated sharing • differential privacy

  30. Related Approaches • DIFC • PPD does not do fine-grained information flow tracking • Constrained containers + Dev API = simple system • Capabilities • Can be used to implement containers and channels • Re-write legacy applications • Android Security • Static, Coarse-grained permissions • User does not own data

  31. Conclusion Developer End User privacy policy privacy evidence App API PPD Cloud provider

  32. Backups

  33. PPD Insights • Co-design UI and System software • User decisions are intuitive (“share doc with Bob”) • System manages untrusted apps and private data • Developer API • Per-user functionality v. Cross-user Optimizations • Privacy: Data owners’ access control policy • Apps ‘see’ data only in sealed containers

  34. Summary

  35. PPD Evaluation: Etherpad

  36. PPD Evaluation: Git

  37. PPD: Platform for Private Data • PPD is a data-centric cloud platform • rich, untrusted applications • strong privacy guarantees for end user • PPD will spark innovation • through apps from small developers • making more private data available

  38. PPD Design • Simplest: User + PPD • Data capsules + ACL: (UI) • Next: User + Application (front-end) + PPD • Per-user, Sharing • Next: + Backend Storage • Rich optimizations, integrity checked

More Related