earp principled storage sharing and protection for mobile
play

Earp: Principled Storage, Sharing, and Protection for Mobile Apps - PowerPoint PPT Presentation

Mar 23, 2023 •314 likes •638 views

Earp: Principled Storage, Sharing, and Protection for Mobile Apps Yuanzhong Xu , Tyler Hunt, Youngjin Kwon, Martin Georgiev, Vitaly Shmatikov , Emmett Witchel UT !Austin, ! Cornell !Tech Santa !Clara, !CA, !3/18/2016 Desktop

  1. 
 Earp: Principled Storage, Sharing, and Protection for Mobile Apps Yuanzhong Xu , Tyler Hunt, Youngjin Kwon, Martin Georgiev, 
 Vitaly Shmatikov † , Emmett Witchel UT !Austin, ! † Cornell !Tech 
 Santa !Clara, !CA, !3/18/2016

  2. Desktop era • Applications mostly work individually • They rely on the OS to store and exchange data, in the form of files OS Files 2

  3. Data protection in desktop era OS protects data: • File ownership and file handle permissions access control checks • App processes hold file OS handles (file descriptors) Files 3

  4. Mobile era contacts, calendar, media storage collections • Apps interact with each other as much as with user login the platform — an app “ecosystem” • “Hub” apps provide services to other apps OS (Platform) 4

  5. Data protection in mobile platforms contacts, calendar, media storage collections Check what apps have access to what data access control checks • Apps check user login interactions • Platform checks file access control checks access OS (Platform) 5

  6. No principled solution for app-level checks photo album • Different data models — contact info how data structures access control checks represent semantics calendar events • Different protection requirements Different high-level semantics: • Developers have to write not just files! ad hoc checks 6

  7. How would a developer write ad hoc checks? Example: implement a DB rows photo manager … 1. Design a data model • Organize photos with albums Photo files Thumbnails • Maintain metadata in database • Keep indexes to files 7

  8. How would a developer write ad hoc checks? Example: implement a DB rows photo manager 2. Define protection requirements public • Each app can have its own Photo files private photos and albums Thumbnails • Apps share some public photos and albums 8

  9. How would a developer write ad hoc checks? Problem: ad hoc checks are hard, Example: implement a error-prone DB rows photo manager 3. Implement the protection • Implement fine-grained permissions 
 Photo files — ACL columns in DB, append Thumbnails WHERE clauses in queries Transfer via IPC, no direct file access… • Protect files 
 • What if we want a group of — permission bits not enough for many apps apps to access photos? • How to change permissions? • How to hide location info What is the API? about a photo? 9

  10. Reality: all-or-nothing “protection” Specifications DB rows • Developers give up fine-grained protection… Photo files • Let apps have access to either all Thumbnails or none of the photos! • Violates the principle of least privilege 10

  11. Reality: apps have insufficient protection • iOS: Snapchat automatically saves photos to shared gallery • Android: Dropbox stores files in public external storage • Firefox OS: email attachments copied to public SD card when opened • Mistakes in network-based authentication protocols (OAuth): • Sun et al. CCS ’12, Viennot et al. SIGMETRICS ’14

  12. Ideally: separate specification from enforcement Specifications DB rows • App specifies data model with public protection requirement Photo files Thumbnails Enforcement access control checks • Platform enforces protection, 
 OS (Platform) no ad hoc checks in apps 12

  13. Problem: semantic gap in existing platforms Specifications DB rows Highly structured 
 public app-level data Photo files Thumbnails No visibility to structures Enforcement access control checks Unstructured byte OS (Platform) ? ? ? streams 13 13

  14. Platform needs to understand structured data Specifications DB rows Highly structured 
 public app-level data Photo files Thumbnails Enforcement access control checks Platform-level structured OS (Platform) abstraction & protection 14

  15. Earp 4. Uniform API: subset descriptor 
 1. Make relational model — capability handle, representing an access a platform-level abstraction control view (but more than just a DB view) App specify desc Relational Platform 2. Integrate protection requirements with the data model — annotated 3. Platform enforces protection for the app relational schema 15

  16. Unify storage and inter-app services No need for OAuth Service callbacks App function add () {…}; Proxy function list() {…}; … desc Relational Platform Virtual Virtual Virtual Database or table table tables 16 16

  17. Subset descriptors are flexible downgrade: add more restrictions e.g., exclude some sensitive rows/columns desc open desc transfer: desc (temporarily) delegate access to another app database/service 17

  18. Photo manager example revisited objects in different tables Operations: • View photos directly albums photos textual tags • View photos in an album • Search photos with a certain tag FILE-type column 18

  19. Photo manager example revisited objects in different tables Protection requirements: • Each app has its own private albums photos textual tags photos and albums • Apps share public photos and albums public 19

  20. Specify protection in data model #1 albums photos textual tags Per-object permissions (per-row ACLs) 20

  21. Fine-grained permissions are insufficient Problem with permissions only: sharing collections of data. albums photos textual tags Need to transitively updating ACLs of many objects! • Complicated permission management Share this • Consistency challenge album? 21

  22. Specify protection in data model #2 confers access confers access Capability relationships: Cross-table relationships can confer access albums photos textual tags rights, in one direction (red arrows). • Avoid transitively updating ACLs • Achieve flexible access control with simple ACLs 22

  23. Done! Data model is specified. Let the platform enforce protection! 23

  24. But there is an efficiency challenge confers access confers access Capability relationships make 
 albums photos textual tags access rights on one object may depend on other objects Cross-table checks for every access? 24

  25. Minimize cross-table checks with descriptors successful query proves access Solution: “ buffer ” computed access rights in descriptors • E.g., derive fine-grained descriptors based on query d1 d3 results d0 d2 Directly allow access to the photo 25

  26. Making it simpler to use • Simple high-level APIs that hide object graph details about descriptors APIs • Automates descriptor creation and management desc database 26

  27. Implementation: browser-based platform A modified Firefox OS: • Apps written purely in Web App sandbox code (HTML5, JavaScript) APP in JavaScript • Structured APIs implemented object graph library in the platform (browser) API for structured data JavaScript Engine Earp reference monitor Paper discusses ways to apply SQLite databases services Earp innovations to Android DOM Browser runtime (platform) 27

  28. List of Earp apps Local apps Proxies for remote services • Photo manager • Egg-based social service • Contacts • Google Drive • Access control based on • Per-app private folders categories and data fields • Email • Temporary, restricted access to attachments 28

  29. Expressive access control can be efficient Microbenchmarks: mostly outperforms baseline (Firefox OS) • Earp apps directly use SQLite, and access control is efficient • Firefox OS apps use IndexedDB (built on top of SQLite) 29

  30. Expressive access control can be efficient remote latecy: local latency: Macrobenchmarks for remote proxy<->remote app<->proxy services Elgg read • Local proxies add 2% - 8% Elgg write latency Google Drive read Google Drive write 30

  31. Conclusion • Inconsistent data abstractions in existing platforms • App: inter-related, structured data objects • Platform: unstructured byte streams • Earp provides structured data as a platform-level abstraction • Principled storage, sharing, and protection 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DeepCache: Principled Cache for Mobile Deep Vision Mengwei Xu 1 , Mengze Zhu 1 , Yunxin Liu 2

DeepCache: Principled Cache for Mobile Deep Vision Mengwei Xu 1 , Mengze Zhu 1 , Yunxin Liu 2

DeepCache: Principled Cache for Mobile Deep Vision Mengwei Xu 1 , Mengze Zhu 1 , Yunxin Liu 2 Felix Xiaozhu Lin 3 , Xuanzhe Liu 1 1 Peking University, 2 Microsoft Research, 3 Purdue University Background: Mobile Vision Your mobile device sees

658 views • 35 slides
Principled Schedulability Analysis for Distributed Storage Systems Using Thread Architecture

Principled Schedulability Analysis for Distributed Storage Systems Using Thread Architecture

Principled Schedulability Analysis for Distributed Storage Systems Using Thread Architecture Models Suli Yang*, Jing Liu, Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau * work done while at UW-Madison Scheduling: A Fundamental Primitive

614 views • 34 slides
The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is

The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is

The Protection Mainstreaming Mobile Application (ProM) The Protection Mainstreaming App is available for download through the Google Play and iTunes App Stores. The Protection Mainstreaming App is based on the Global Protection Cluster Guidance

260 views • 3 slides
I nterposed Proportional Sharing f or a Storage Service Utility Wei J in J asleen Kaur UNC -

I nterposed Proportional Sharing f or a Storage Service Utility Wei J in J asleen Kaur UNC -

I nterposed Proportional Sharing f or a Storage Service Utility Wei J in J asleen Kaur UNC - Chapel Hill J ef f Chase Duke Univer sit y Resource Sharing in Ut ilit ies Resour ce ef f iciency Adapt ivit y Sur ge prot ect ion Client s

713 views • 36 slides
Practical Protection for Personal Storage in the Cloud Neal H. Walfield , Paul T. Stanton, John

Practical Protection for Personal Storage in the Cloud Neal H. Walfield , Paul T. Stanton, John

Practical Protection for Personal Storage in the Cloud Neal H. Walfield , Paul T. Stanton, John Linwood Griffin and Randal Burns Johns Hopkins University EuroSec 10 April 13th, 2010 Outline Personal Storage Today Practial Protection

685 views • 30 slides
Developing a national framework for child protection: Putting the child at the centre

Developing a national framework for child protection: Putting the child at the centre

Developing a national framework for child protection: Putting the child at the centre Professor Marie Connolly School of Health Sciences A principled approach to child protection Within a systemic frame o Rights are upheld and

472 views • 22 slides
Compelling Economics: Traditional Storage vs. StorSimple Traditional Storage + Data Protection

Compelling Economics: Traditional Storage vs. StorSimple Traditional Storage + Data Protection

Compelling Economics: Traditional Storage vs. StorSimple Traditional Storage + Data Protection Architecture StorSimple Cloud-integrated Storage Servers Servers Primary Volume Disk Array Primary Volume ($100K; Double if Replicated) Snapshot

190 views • 15 slides
NDS2 Secure storage, sharing and publishing of data in the NDS Maciej Brzeniak,

NDS2 Secure storage, sharing and publishing of data in the NDS Maciej Brzeniak,

NDS2 Secure storage, sharing and publishing of data in the NDS Maciej Brzeniak, Supercomputing Dept. of PSNC, www.psnc.pl TF-Storage meeting @Dubrovnik, Sep., 26-27th 2012 Project funded by: NCBiR for 2011-2013 under KMD2 project (no.

769 views • 21 slides
Micro-Blog: Sharing and Querying Content Through Mobile Phones and Social Participation

Micro-Blog: Sharing and Querying Content Through Mobile Phones and Social Participation

Micro-Blog: Sharing and Querying Content Through Mobile Phones and Social Participation Presented by Paul Ksiazek Motivation Sensor Networks Inexpensive Gather data over large area Mobile phones Virtual Information

455 views • 17 slides
Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di

Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di

Mobile Network Sharing Mobile Network Sharing Between Operators: Between Operators A Demand Trace-Driven Study Di Francesco et al. Outline Paolo Di Francesco, Francesco Malandrino, Luiz DaSilva Introduction Data Available Data Trinity

396 views • 14 slides
Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices Ludovic Courts,

Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices Ludovic Courts,

Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices 1 Storage Tradeoffs in a Collaborative Backup Service for Mobile Devices Ludovic Courts, Marc-Olivier Killijian, David Powell 20 October 2006 Storage Tradeoffs in a

373 views • 22 slides
File storage and file sharing for human rights organizations A design research case study

File storage and file sharing for human rights organizations A design research case study

File storage and file sharing for human rights organizations A design research case study Organizational Deployment of Secure Distributed Storage with Tahoe-LAFS project, supported by the Open Technology Fund Least Authority / Allon Bar &amp;

1.43k views • 34 slides
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March 31 2003 Why care about storage

399 views • 27 slides
Semantics-enabled Policies for Information Sharing and Protection in the Cloud Yuh-Jong Hu

Semantics-enabled Policies for Information Sharing and Protection in the Cloud Yuh-Jong Hu

Semantics-enabled Policies for Information Sharing and Protection in the Cloud Yuh-Jong Hu Win-Nan Wu Jiun-Jan Yang { hu, d9905, 98753036 } @cs.nccu.edu.tw Emerging Network Technology (ENT) Lab. Department of Computer Science National

889 views • 86 slides
Towards Blockchain-based Auditable Storage &amp; Secure Sharing of IoT Data Hossein Shafagh ,

Towards Blockchain-based Auditable Storage &amp; Secure Sharing of IoT Data Hossein Shafagh ,

Towards Blockchain-based Auditable Storage &amp; Secure Sharing of IoT Data Hossein Shafagh , Lukas Burkhalter, Anwar Hithnawi, Simon Duquennoy Summer School on Real-world Crypto and privacy, June 2017 Trust in the Internet How things started

384 views • 10 slides
Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University

Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University

Xcode 11.4 with iOS 13.4 and Swift 5.2 is here! Data Storage Mobile Applica,on Development in iOS School of EECS Washington State University Instructor: Larry Holder Mobile Applica,on Development in iOS 1 Data Storage Already seen:

616 views • 37 slides
Preparing 2008 1099-Rs in Pension Reporter Presented by Kristina Kananen, QPA QKA APA 2008

Preparing 2008 1099-Rs in Pension Reporter Presented by Kristina Kananen, QPA QKA APA 2008

Preparing 2008 1099-R's 12/30/2008 Preparing 2008 1099-Rs in Pension Reporter Presented by Kristina Kananen, QPA QKA APA 2008 1099-Rs in Pension Reporter What we will cover 1099-R fields and maneuvering in PR Data Needed

508 views • 17 slides
Status of OpenLoops and simulation of H WW backgrounds with Sherpa+OpenLoops Philipp

Status of OpenLoops and simulation of H WW backgrounds with Sherpa+OpenLoops Philipp

Status of OpenLoops and simulation of H WW backgrounds with Sherpa+OpenLoops Philipp Maierhfer Institute for Theoretical Physics University of Zrich RADCOR 2013 11th International Symposium on Radiative Corrections Lumley Castle, 24

471 views • 22 slides
Electroweak corrections in Higgs-boson production &amp; uncertainties in Higgs-boson decays

Electroweak corrections in Higgs-boson production &amp; uncertainties in Higgs-boson decays

Electroweak corrections in Higgs-boson production &amp; uncertainties in Higgs-boson decays Ansgar Denner, University of W urzburg Zurich phenomenology workshop: Higgs search confronts theory Zurich, January 10, 2012 Introduction

830 views • 39 slides
The Perturbed The Perturbed Carbon Cycle Carbon Cycle EES 3310/5310 EES 3310/5310 Global

The Perturbed The Perturbed Carbon Cycle Carbon Cycle EES 3310/5310 EES 3310/5310 Global

The Perturbed The Perturbed Carbon Cycle Carbon Cycle EES 3310/5310 EES 3310/5310 Global Climate Change Global Climate Change Jonathan Gilligan Jonathan Gilligan Class #12: Class #12: Monday, February 3 Monday, February 3 2020 2020

625 views • 28 slides
Organizing Showers &amp; Hygiene Access for People Living Outside October 9, 2020 HRSA

Organizing Showers &amp; Hygiene Access for People Living Outside October 9, 2020 HRSA

Organizing Showers &amp; Hygiene Access for People Living Outside October 9, 2020 HRSA disclaimer This webinar is supported by the Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS) as

534 views • 32 slides
Part I : Checking the Data E QU ITY VAL U ATION IN R Cli Ang Senior Vice President ,

Part I : Checking the Data E QU ITY VAL U ATION IN R Cli Ang Senior Vice President ,

Part I : Checking the Data E QU ITY VAL U ATION IN R Cli Ang Senior Vice President , Compass Le x econ Importance of Checking Projections Garbage - In Garbage - O u t Yo u ha v e to get comfortable w ith all elements of the projections

673 views • 19 slides
Ag2School Tax Credit The Ag2School program reduces tax impact of school building bond levies

Ag2School Tax Credit The Ag2School program reduces tax impact of school building bond levies

2019 Legislature Enhances Ag2School Tax Credit The Ag2School program reduces tax impact of school building bond levies for owners of farm land Ag2School is a 55% tax credit provided to all agricultural property except the house, garage,

287 views • 12 slides
Campaign Goals Exceptional Preeminent Physical Outstanding Growth in Strengthen Successful

Campaign Goals Exceptional Preeminent Physical Outstanding Growth in Strengthen Successful

Campaign Goals Exceptional Preeminent Physical Outstanding Growth in Strengthen Successful Academic Faculty Infrastructure and Accessible Research and Public Alumni Environment Education Scholarship Engagement Engage 500 Increase

309 views • 12 slides

More recommend