chip secured data access
play

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. - PowerPoint PPT Presentation

Sep 04, 2022 •272 likes •394 views

Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles The need for Open Trusted Data Stores PAGE 2 Virtual teams distributed among space, time and organizations

  1. Chip-Secured Data Access: Confidential Data on Untrusted Servers L. Bouganim, P. Pucheral University of Versailles

  2. The need for Open Trusted Data Stores PAGE 2 • Virtual teams – distributed among space, time and organizations – collaborative work on confidential data – e.g., cyberworkers.com … • Shared personal folders – accessible anywhere, anytime and shared by authorized persons – e.g., primadoctor.com … • Corporate DB hosted by a DSP – permanent access to travelling salesmen – e.g., caspio.com, quickbase.com ...

  3. Attackers PAGE 3 • Intruder – tries to attack the DB footprint or usurp the identity of a regular user (or DBA) • Insider – tries to get information exceeding her own access rights • Administrator (SA or DBA) – has enough privileges to tamper the access right definition and spy the DBMS behavior Access rights can be bypassed Encryption is required

  4. Server-based approach PAGE 4 Intruder Administrator usurpation Insider Encryption Encrypted Secured DBMS Client communications Database Decryption Database Server • DB footprint protected by encryption – Oracle Obfuscation toolkit, ... • Restrict the DBA privileges, … as far as possible – Protegrity, [Ideas’01] … Weakness = decryption occurs on the server

  5. Client-based approach PAGE 5 Encryption Secured Encrypted Client DBMS communications Decryption Database Database Server • Decryption on the client – who owns the keys ? • Privacy (exclusive access) – the client manages the keys – efficiency is the main concern [Sigmod’02] • Confidentiality (shared access) – a security mechanism is required on the client side to manage keys and access rights Weakness = client can tamper the security mechanism

  6. Chip-Secured Data Access (C-SDA) PAGE 6 Client C1 C-SDA Client C2 Secured Operating Environment DBMS Client C1 Client C2 C-SDA • Making the security mechanism tamper-resistant – Access right manager hosted by a Secured Operating Environment (SOE) (e.g., a smartcard) – Access right defined on views • query translation in the SOE • part of query execution in the SOE

  7. Equi-Predicate-Only Queries PAGE 7 X.com Privacy Policy : X.com does not rent, sell, or share personal information about its customers with other people or companies Select * from Customers Select * from lqskdqs where ACCESS TRANSF° where Nation = «France» sdeef = "zarevgzd" RIGHTS Encrypted DBMS Database C-SDA Id name Nation Type sd azd sdeef zze 22 Jim France good DECRYPT zszd dedef zarevgzd Fffe 19 Joe France bad tger Sde zarevgzd zrzer • Traveling salesman asks for customers living in France • Equi-Predicate-Only query – 100% processed by the server – result decrypted by C-SDA

  8. General Queries PAGE 8 X.com Privacy Policy : X.com vendors cannot access detailed information about customer’s orders, but can get statistic data about them. Select sum(amount) Select ygefh from iuzgs ACCESS from orders where TRANSF° where lpaszj ="euys" RIGHTS CustId = 22 Encrypted C-SDA DBMS Database ygefh Sum COMPUTE DECRYPT retz 1200 kdleo • Traveling salesman asks for the total amount of orders passed by customer #22 • Aggregation must be computed on decrypted data by C- SDA

  9. Smartcard’s Characteristics PAGE 9 • Cheap and highly secured computer – Powerful RISC processor ( ≈ 40Mips) – Limited communication bandwidth (10 to100 Kbps) – Tiny RAM, writes in EEPROM stable storage very costly • Impact on C-SDA – internal processing must be done in pipeline – processing must be pushed down to the server – data flows must be minimized 32 bits I/O Security Blocks proc ROM RAM 4KB EEPROM

  10. Query decomposition PAGE 10 • Q = Q term ° Q card ° Q server Equi-Predicate-Only Queries Inequi-predicates, aggregations ... Presentation SELECT C.Id, C.name, sum(O.amount) FROM Customers C, Orders O WHERE C.Id = O.CustId and O.date > 1996 GROUP BY C.Id, C.name HAVING count(*) >= 10 ORDER BY C.name

  11. Query optimization : example PAGE 11 • Minimize the flow of irrelevant data traversing the card CustId = Id • Inequi-predicates Customers date – evaluated by a subquery Encrypt Orders – result semi-joined with the initial table σ date>1996 Decrypt π date Orders

  12. Conclusion PAGE 12 • Other contributions exploiting smartcard’s storage – Insulate highly sensitive data – database depersonnalization – Multiple key repository • Future works – Performance assessment – Experimentation in the EDI context • founded by the French ANVAR agency • extends C-SDA towards XML databases – impact of the SOE technology on query optimization

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public

Methods for Analyzing ChIP-Seq data Introduction to the ChIP-Seq server at SIB Lausanne Public ChIP-seq data: the bioinformatics event of the year 2007: Large data sets have become available: Barski et al. (2007): human CD4+ cell lines histone

396 views • 8 slides
Introduction to Chromatin IP sequencing (ChIP-seq) data analysis Workshop on ChIP-seq data

Introduction to Chromatin IP sequencing (ChIP-seq) data analysis Workshop on ChIP-seq data

Introduction to Chromatin IP sequencing (ChIP-seq) data analysis Workshop on ChIP-seq data analysis Stockholm, 7 November 2018 Agata Smialowska NBIS, SciLifeLab, Stockholm University Chromatin state and gene expression PEV Position effect

909 views • 63 slides
ChIP-seq data analysis 04-05-12 Outlook Friday 04-05-12: Next-generation sequencing

ChIP-seq data analysis 04-05-12 Outlook Friday 04-05-12: Next-generation sequencing

ChIP-seq data analysis 04-05-12 Outlook Friday 04-05-12: Next-generation sequencing ChIP-seq experimental design ChIP-seq data analysis: Mapping of sequenced reads to a reference geneome Peak calling

692 views • 43 slides
Data hierarchy fast registers & slow memory & arithmetic no computation

Data hierarchy fast registers & slow memory & arithmetic no computation

Programs Data Data hierarchy fast registers & slow memory & arithmetic no computation on-chip o ff -chip o ff -machine RAM Hard Registers Cache(s) Network random-access drive memory central processing unit (

331 views • 15 slides
Medicare Access and CHIP Reauthorization Act Proposed Rule Summary (MIPS) Devin Detwiler

Medicare Access and CHIP Reauthorization Act Proposed Rule Summary (MIPS) Devin Detwiler

Medicare Access and CHIP Reauthorization Act Proposed Rule Summary (MIPS) Devin Detwiler Telligen Devin.Detwiler@area-d.hcqis.org 2016 Meaningful Use 10 objectives Full year of data/new participants is any continuous 90-day period (4%

549 views • 50 slides
Increasing Health Care Access for Teens through Medicaid and CHIP January 24, 2018 3:00 p.m. ET

Increasing Health Care Access for Teens through Medicaid and CHIP January 24, 2018 3:00 p.m. ET

Increasing Health Care Access for Teens through Medicaid and CHIP January 24, 2018 3:00 p.m. ET Connecting Kids to Coverage National Campaign Agenda Overview and Introductions Engaging Virginia Teens in Medicaid & CHIP Programs

643 views • 52 slides
Cache 10/27/16 The Memory Hierarchy Smaller On 1 cycle to access Chip Faster Registers CPU

Cache 10/27/16 The Memory Hierarchy Smaller On 1 cycle to access Chip Faster Registers CPU

Cache 10/27/16 The Memory Hierarchy Smaller On 1 cycle to access Chip Faster Registers CPU Storage instrs Costlier can per byte directly Cache(s) ~10s of cycles to access access (SRAM) Main memory ~100 cycles to access

1.07k views • 64 slides
The Epigenome Tools 2: ChIP-Seq and Data Analysis Chongzhi Zang zang@virginia.edu

The Epigenome Tools 2: ChIP-Seq and Data Analysis Chongzhi Zang zang@virginia.edu

The Epigenome Tools 2: ChIP-Seq and Data Analysis Chongzhi Zang zang@virginia.edu http://zanglab.com PHS5705: Public Health Genomics March 20, 2017 1 Outline Epigenome: basics review ChIP-seq overview ChIP-seq data analysis 2

788 views • 40 slides
Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To

Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To

Secured Mortgage Income Fund Are your investments secured and predictable? Fund Mandate u To provide investors with consistent monthly income secured by real property mortgages that are prudently written to safeguard capital. u Statesman Capital

572 views • 20 slides
2015 CHIP Progress 2015 CHIP Overview In May-August 2015, Ottawa County developed its first

2015 CHIP Progress 2015 CHIP Overview In May-August 2015, Ottawa County developed its first

2015 CHIP Progress 2015 CHIP Overview In May-August 2015, Ottawa County developed its first Community Health Improvement Plan (CHIP) The most prevalent health issues according to the 2014 CHNA included: Access to Health Care

628 views • 40 slides
Scaling normalisation for ChIP-seq with exogenous chromatin Workshop on ChIP-seq data analysis

Scaling normalisation for ChIP-seq with exogenous chromatin Workshop on ChIP-seq data analysis

Scaling normalisation for ChIP-seq with exogenous chromatin Workshop on ChIP-seq data analysis Stockholm, 9 November 2018 Agata Smialowska NBIS, SciLifeLab, Stockholm University Local vs. global change in abundance Global difference due to *

105 views • 6 slides
Data Criticality in Network-On-Chip Design Joshua San Miguel Natalie Enright Jerger

Data Criticality in Network-On-Chip Design Joshua San Miguel Natalie Enright Jerger

Data Criticality in Network-On-Chip Design Joshua San Miguel Natalie Enright Jerger Network-On-Chip Efficiency Efficiency is the ability to produce results with the least amount of waste. Wasted time NoC accounts for 30-70% of on-chip data

982 views • 85 slides
Less Security Products, More Secured Products You are squinting if you can read this Which is

Less Security Products, More Secured Products You are squinting if you can read this Which is

Less Security Products, More Secured Products You are squinting if you can read this Which is Worst? ERP system down for a week or Customer Data Hacked | slide 2 Less Security Products, More Secured Products You are squinting if you can

546 views • 25 slides
The Privacy of Secured Computations Adam Smith Penn State Crypto & Big Data Workshop

The Privacy of Secured Computations Adam Smith Penn State Crypto & Big Data Workshop

The Privacy of Secured Computations Adam Smith Penn State Crypto & Big Data Workshop Relax it can only December 15, 2015 see metadata. Cartoon: 1 Big Data Every <length of time> your <household object> generates

832 views • 55 slides
Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N.

Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N.

Presenting a live 90-minute webinar with interactive Q&A Lien Stripping in Chapter 11 Bankruptcy Cases: Lessons for Secured Creditors Guidance for Secured Creditors on Lien Ride-Throughs After In re N. New Eng. Tel. Operations WEDNESDAY,

510 views • 47 slides
Random Access Memory (RAM) Key features RAM is traditionally packaged as a chip.

Random Access Memory (RAM) Key features RAM is traditionally packaged as a chip.

Carnegie Mellon Random Access Memory (RAM) Key features RAM is traditionally packaged as a chip. Basic storage unit is normally a cell (one bit per cell). Multiple RAM chips form a memory. Static RAM (SRAM) Each

939 views • 62 slides
The Four Goals of Sabbath School When you dont know where you are going, any road will take

The Four Goals of Sabbath School When you dont know where you are going, any road will take

The Four Goals of Sabbath School When you dont know where you are going, any road will take you there! Returning seminarians experience What about Sabbath School? Wandering in the wilderness? Sabbath School needs four goals!

434 views • 30 slides
Annealing Techniques for Unsupervised Statistical Language Learning Noah A. Smith and Jason Eisner

Annealing Techniques for Unsupervised Statistical Language Learning Noah A. Smith and Jason Eisner

Appeared in Proceedings of the 42nd Annual Meeting of the Association for Computational Linguistics (ACL 2004) , Barcelona, July 2004. Annealing Techniques for Unsupervised Statistical Language Learning Noah A. Smith and Jason Eisner Department of

312 views • 8 slides
!"#$%#&'()'*+,(%-%.+#(/'0),'123 4+-)5'6$7+,$/

!"#$%#&'()'*+,(%-%.+#(/'0),'123 4+-)5'6$7+,$/

!"#$%#&'()'*+,(%-%.+#(/'0),'123 4+-)5'6$7+,$/ 1"#%),'8+#+&",'9:.+-(';%#+#-" !"#$%&'(#$)'*+$,%+"$*#-'+%./0"%)$12$*134$,'0$/.+$5.6/3$%/$+"#$5%-#7

226 views • 12 slides
Buccaneer, A General Dynamics Company February 13, 2012 CMMI/Bundled Payments Informal

Buccaneer, A General Dynamics Company February 13, 2012 CMMI/Bundled Payments Informal

Buccaneer, A General Dynamics Company February 13, 2012 CMMI/Bundled Payments Informal Presentation Presenters: Christopher Alleman, PMP Program Manager Susie Joe Sr. Analytics Manager BPCI Data Webinars All webinars will take place

582 views • 25 slides
24/10/2018 01/12/2018 01/07/2019 01/07/2020 01/07/2021 01/07/2022 Stage 2 Stage 3 Royal

24/10/2018 01/12/2018 01/07/2019 01/07/2020 01/07/2021 01/07/2022 Stage 2 Stage 3 Royal

Government Sector Finance Act 2018 What parts of the GSF Act are operative? And when? Treasury April 2019 Stage 2 Stage 3 Royal Assent Stage 1 Stage 4 Stage 5 24/10/2018 01/12/2018 01/07/2019 01/07/2020 01/07/2021 01/07/2022 Stage 2

345 views • 8 slides
The Nix Package Manager Eelco Dolstra e.dolstra@tudelft.nl Delft University of Technology, EWI,

The Nix Package Manager Eelco Dolstra e.dolstra@tudelft.nl Delft University of Technology, EWI,

The Nix Package Manager Eelco Dolstra e.dolstra@tudelft.nl Delft University of Technology, EWI, Department of Software Technology November 12, 2009 Nix Nix: purely functional package manager NixOS: Linux distribution based on Nix

841 views • 44 slides
How to write a Device Driver in FreeBSD John-Mark Gurney Frameworks kld newbus

How to write a Device Driver in FreeBSD John-Mark Gurney Frameworks kld newbus

How to write a Device Driver in FreeBSD John-Mark Gurney Frameworks kld newbus rman/bus_space(9) cdevsw bus_dma(9) sysctl SYSINIT http://people.freebsd.org/~jmg/drivers/ newbus Device Methods Tree with root

542 views • 23 slides
Building Up the Temple LESSON 9 Your Response to the Lesson What was most interesting in the

Building Up the Temple LESSON 9 Your Response to the Lesson What was most interesting in the

Building Up the Temple LESSON 9 Your Response to the Lesson What was most interesting in the Bible story? What activity was most enjoyable? What new things did you learn? Activity A Empty Lives What do you do when you expect something good

754 views • 22 slides

More recommend