1 / 21

Privacy Analysis and Enhancements for Data Sharing in *nix Systems

Privacy Analysis and Enhancements for Data Sharing in *nix Systems. Aameek Singh Ling Liu Mustaque Ahamad College of Computing, Georgia Tech {aameek, lingliu, mustaq}@cc.gatech.edu. System support for privacy-conscious data sharing. Meet the need for “ selectivity ”

keaton
Download Presentation

Privacy Analysis and Enhancements for Data Sharing in *nix Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Analysis and Enhancements for Data Sharing in *nix Systems Aameek Singh Ling Liu Mustaque Ahamad College of Computing, Georgia Tech {aameek, lingliu, mustaq}@cc.gatech.edu

  2. System support for privacy-conscious data sharing • Meet the need for “selectivity” • Share only the desired data with only the desired users • Data Selectivity: Sharing only one directory in the home directory • User Selectivity: Sharing with Alice only • Usability factor • How convenient is it to protect private data while sharing ?

  3. Sharing data in *nix • UNIX access control model • Read, Write, eXecute permissions (rwx) • r – can read file or list directory contents • w – can write to file or create/delete/modify directory contents • x – can execute file or traverse down to directory contents • POSIX ACLs • Per-user/group permission setting • Fine grained access Need parent ‘x’ permissions to access child

  4. owner = bob group = stud Example A B • bob • - list subfolders • create/delete • subfolders • - traverse down john - list subfolders - traverse down C D alice - traverse down

  5. owner = bob group = stud Privacy Issues (1) • Selective Sharing • User Selectivity • only share with alice • Data Selectivity • only share B • Use x-only perms • Authorization by out-of-band communication A POSIX ACLs B C D

  6. Privacy Issues (1) • User authorization ≠ System authorization • Anybody who guesses the name can traverse the directory structure • “research”, “thesis”, “teaching” … • Cryptic file names distract the owner • Creating such name lists is not hard! • Look at users who have read permissions • History files (.history, .bash_history) • Application standard names (.mozilla)

  7. Privacy Issues (2) • Metadata Privacy • Name of file, last access time, last update time, size … • Did my boss update my review letter after our fight ? • If parent has at least execute permissions, can not protect metadata privacy A B C D

  8. Privacy Issues (3) • Data Sharing Convenience • Share a deep-rooted directory - set permissions to the entire path - protect sibling directories at each level • Representation of shared data ~/job-search/ vs. ~/CV/ • Lead to users making copies more data to manage and protect

  9. Privacy Study • Conducted experiments at two computer science grad schools • Aim to find amount and type of private data accessible to unauthorized users • What is private? • Email • All data under an X-only home directory • Browser statistics (history, cache, cookies, …)

  10. Privacy Study Organization Characteristics Leaked Data Contribution of history files Email Statistics

  11. Privacy Study Browser Statistics

  12. Privacy Mantras • Do not risk more than you need to • Do not trust applications completely • Increase granularity of protection • Convenience, Convenience, Convenience • Monitor and Remind Users

  13. Privacy Enhancements • Privacy Auditing Tool • Monitor privacy health of an enterprise • Similar in design to our privacy study; scans home directories and notifies users/admin of potential data exposures • Add-on to enterprise security monitors • View-Based Access Control (VBAC) • Namespace virtualization • Create user views to control access

  14. View-Based Access Control • view – namespace as seen by a user • Each user has one owner view of the home directory; only the owner can access it • Application data stays in owner view • Owners can define additional views for other users (single, group or others); users are automatically routed to their appropriate view • Sharing data = adding it to a view • Can pick deep rooted directories • Can have different names in the view • Layer-2 access control • Can be switched off

  15. VBAC Optimization • Possibility of too many views • Use {owner, group, others} model with selective sharing • Security-by-obfuscation: set view directory to be x-only and keep cryptic name generated from a passphrase for the shared file; share name & passphrase • ACL Method: new kernel function that allows users to get access to data by entering correct passphrase (by modifying the ACL for shared directory)

  16. Example VBAC usage

  17. VBAC: Implementation • Modified linux ext2 file system to create viewfs • Automatic routing to views • Restricted view names: .bob.uview.alice, .bob.gview.stud, .bob.oview • viewfs_lookup: check for vbac on/off and existence of view; modify dentry hash for caching • Sharing data • Bind mount: allows mounting one portion of the file system tree at another

  18. Analysis • Adherence to the privacy mantras • Isolates owner views and prevents inadvertent data exposure, secures application data • Integration with *nix systems • Distinct file system; only mount home directories on viewfs • Usability • Users familiar with the view concept • Allows incremental transition • Individual users can switch off VBAC

  19. Total 49180.91 49244.13 50689.28 Difference Viewfs-other:ext2 36% 41% 11% 9% 2% 3% Phase viewfs Performance Andrew Benchmark P1: creates subdirectories recursively P2: copies a source tree P3: examines the status of all files in the tree P4: examines every byte of data in all files P5: compiles and links the files

  20. Conclusions • Privacy support for data sharing in current *nix systems is poor • Large amounts of private data is accessible to unauthorized users • Design Principles • Five mantras for better privacy protection • Privacy Enhancements • Privacy Auditing Tool • View-based Access Control (VBAC) • viewfs has low overheads

  21. Questions?

More Related