1 / 30

Secure Remote Diagnostics

Secure Remote Diagnostics. Justin Brickell Donald E. Porter Vitaly Shmatikov Emmett Witchel The University of Texas at Austin. Error messages are cryptic. What is this and how do I fix it?. Troubleshooting is no longer local. I can diagnose this fault online.

rgabbard
Download Presentation

Secure Remote Diagnostics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Remote Diagnostics Justin Brickell Donald E. Porter Vitaly Shmatikov Emmett Witchel The University of Texas at Austin

  2. Error messages are cryptic What is this and how do I fix it?

  3. Troubleshooting is no longer local I can diagnose this fault online

  4. Software diagnostic scenario Program faults Evaluation T(v) v T Diagnostic program Local state [v] Diagnosis [T(v)] Detailed problem description and solution guide

  5. Our goal: Protect user privacy Program memory File snippets Other running programs Confidential information “If you are concerned that a report might contain personal or confidential information, you should not send the report.” Local state [v] Problem: Users with privacy concerns cannot participate

  6. Talk outline • Two unsatisfactory approaches • Overview of our approach • Building blocks • Protocol walkthrough • Applications • Performance • Conclusion

  7. User-side evaluation Program faults • Proprietary ($) • Reveals vulnerabilities • Helps reverse engineer Evaluation Diagnostic T T(v) v T Problem: Vendor also has privacy concerns

  8. Secure multiparty computation Program faults Circuit to apply T to v Evaluation Description of T v T  Eval(T,v) Eval(T,v) T T(v) Problem: circuit is too large to be practical

  9. Our approach: Securing T Program faults Secure T (offline) T T’ Secure diagnostic  T’ Evaluation • Reveals nothing about T • Valid for a single evaluation T(v) v T’ Goal: Build a practical system for real problems

  10. Local state • A snapshot of the user’s local state • A vector of attribute values, such as • Function call counts • Function return values • Contents of memory locations …

  11. Diagnostic branching program • Decision nodes compare an attribute value to a threshold • Control flows to either the left or right branch • Classification nodes specify a label Diagnostic branching program for mpg321

  12. Aside: Creation of diagnostics • Diagnostic programs are built in several ways • Hand-designed using expert knowledge • Automatically generated by data mining and analyzing user error reports • For example, Microsoft’s Dr. Watson • Clarify [PLDI ‘07] • Project at UT Austin to automatically build “black-box” classifiers for anomalous program behavior

  13. Hiding the diagnostic program Property to hide Technique Per node: thresholds and attributes Private integer comparison (Yao’s method) Homomorphic encryption Blinding Global: subset of attributes that are used Unevaluated nodes are hidden by encryption Global: program topology Hide everything about T

  14. Private integer comparison • We use Yao’s method for integer comparison IF (vi > threshold) THEN kl ELSE kr • Evaluator learns one of two keys conditional on comparison result • Evaluator doesn’t learn comparison result or the threshold kl kr >t Encoded input Yao circuit vi

  15. v1 v1 v2 v2 v3 v3 v4 v4 v5 v5 Protocol walkthrough Hiding subset of attributes that are used • User encrypts attribute values using an instance of additively homomorphic encryption Allows addition under encryption 1 2 3 4 5 6 7 plaintext encrypted

  16. v3+b1 v3+b1 v3+b2 v3+b2 v4+b3 v4+b3 Protocol walkthrough Hiding subset of attributes that are used • Vendor blinds attribute values under encryption for each decision node random blinding hides attribute index 1 v1 2 v2 3 v3 4 v4 5 v5 6 7 plaintext encrypted

  17. v3+b1 v3+b2 v4+b3 Protocol walkthrough • Blinded attribute values are converted to Yao circuit inputs using oblivious transfer User learns Yao representation of inputs Vendor learns nothing OT plaintext encrypted Yao-encoded

  18. Protocol walkthrough • Vendor replaces decision nodes with secure integer comparison circuits (offline) 1 2 k2 k3 >t1 3 -b1 4 v3+b1 5 6 Output of comparison is key k2 or k3 plaintext 7 encrypted Yao-encoded

  19. Protocol walkthrough Hiding topology of T • Vendor encrypts each node k1 k2 k2 k3 >t1 k3 -b1 k4 v3+b1 k5 k6 plaintext k7 encrypted Yao-encoded

  20. Protocol walkthrough • User evaluates encrypted branching program 4 k1 2 k2 K3 >t1 5 k3 1 -b1 k4 6 v3+b1 k5 3 k6 7 plaintext k7 encrypted Yao-encoded

  21. Protocol walkthrough • User evaluates encrypted branching program 4 k1 2 k2 k6 >t3 5 k3 1 -b3 k4 6 v4+b3 k5 3 k6 7 plaintext k7 encrypted Yao-encoded

  22. Protocol walkthrough • User evaluates encrypted branching program 4 k1 2 k2 Detailed problem description and solution guide 5 k3 1 k4 6 k5 3 k6 7 plaintext k7 encrypted Yao-encoded

  23. Protocol generality This is a general protocol Any branching program, any attribute vector Let’s look at some specific applications

  24. Application: Software diagnostics • Clarify [PLDI ‘07] automatically builds branching programs to classify anomalous program behaviors • We have a working system to evaluate these branching programs securely • The system is practical • For example, classifier for 4 cryptic gcc errors • 37 nodes, 2920 attributes • CPU: 5 seconds vendor, 7 seconds user • Bandwidth: 656kB vendor, 707kB user

  25. Application: Medical diagnostics My symptoms and history are personal My diagnostic is proprietary and valuable Patient Diagnose.com When the diagnostic T and the data v are both private, our tool can securely compute T(v)

  26. Server performance: Size of T

  27. Server performance: Size of v

  28. User performance: Size of T

  29. User performance: Size of v

  30. Conclusions • Novel solution for secure branching program evaluation • Provably secure • Much more efficient than generic techniques • Well-suited to software diagnostics • Online computation is independent of the size of local state • Performance acceptable for real-world applications

More Related