making programs forget enforcing lifetime for sensitive
play

Making Programs Forget: Enforcing Lifetime for Sensitive Data - PowerPoint PPT Presentation

Sep 13, 2023 •297 likes •437 views

Making Programs Forget: Enforcing Lifetime for Sensitive Data Jayanthkumar Kannan (Google Inc), Gautam Altekar (UC Berkeley), Petros Maniatis (Intel Labs), Byung-Gon Chun (Intel Labs) 1 The Problem: Lingering Data Sensitive Data How long is

  1. Making Programs Forget: Enforcing Lifetime for Sensitive Data Jayanthkumar Kannan (Google Inc), Gautam Altekar (UC Berkeley), Petros Maniatis (Intel Labs), Byung-Gon Chun (Intel Labs) 1

  2. The Problem: Lingering Data Sensitive Data • How long is your data around? (Chow et. al. '04) o Where in memory? o Maybe on disk? 2

  3. Hard to Provide Sensitive Data Lifetime Existing approaches fall short • Shutdown the application? • Reboot? • Rely on application support? • Memory scrubbing? (Chow et al '05: Data shredding) • Change user behavior? (Borders et al '09: Capsules) • Time-based data access control? (Perlman '05) 3

  4. Goal: Guaranteed Data Lifetime • Guarantee: Data indicated as sensitive is not retrievable from system beyond specified time limit • Requirements • No application support • Non- disruptive : shouldn’t crash, interrupt your normal workflow • Contribution: Promising start, much further to go 4

  5. Observation: State Equivalence • For any program state computed from sensitive data, there usually exists an equivalent state not derived from the sensitive data • Example: o You get a sensitive email, read it, and then send and read some other emails o Equivalent State: Send and read other emails 5

  6. Approach: State Reincarnation • Replace current sensitive state with equivalent non-sensitive state • Challenge: How do we derive equivalent non- sensitive state? 6

  7. Deriving an Equivalent State • Key idea: deterministic replay with perturbed input Sensitive input Substitute w/ Non- ( user-designated) sensitive input sys_read(buf ) sys_read(buf ) Sensitive Non-sensitive state state S S’ 1. Original execution 2. Replay execution (record all inputs) (replace sensitive inputs) 7

  8. Challenges • Picking the sensitive-input replacements • Completeness: Eliminating all sensitive data • Overhead: Run-time cost 8

  9. Picking sensitive-input replacements • Given sensitive input I, and subsequent input I1, I2, we compute I' which leads to same execution path o Using tainting and constraint solving (Altekar '09) • Replay with I' • Hard-cases: Spell-checker, Hashing 9

  10. Completeness • Sensitive data can linger in various areas (OS buffers); how can we remove all of it? • Technique: Implement perturbed replay in VM • Need to trust VM not to retain data 10

  11. Overhead • We implemented recording at user-level • Slowdown: ~1.2X on bash 11

  12. Conclusion • Contributions: o Guaranteed Lifetime Property o State Reincarnation • Future work: o Picking right inputs for replay o Measuring overhead for consistent substitution 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Repairing Decision-Making Programs Under Uncertainty Samuel Drews Aws Albarghouthi Loris

Repairing Decision-Making Programs Under Uncertainty Samuel Drews Aws Albarghouthi Loris

Repairing Decision-Making Programs Under Uncertainty Samuel Drews Aws Albarghouthi Loris DAntoni University of Wisconsin-Madison Example Fairness Condition decision- making program Example Fairness Condition sensitive feature (e.g.

656 views • 48 slides
Drafting And Enforcing Complex Indemnifjcation Provisions D. Hull Youngblood, Jr. and Peter N.

Drafting And Enforcing Complex Indemnifjcation Provisions D. Hull Youngblood, Jr. and Peter N.

Drafting And Enforcing Complex Indemnifjcation Provisions D. Hull Youngblood, Jr. and Peter N. Flocos D. Hull Youngblood, Jr. is a partner in the Forget about copy and paste. The best indem Austin, Texas offjce nifjcation provisions start

311 views • 17 slides
Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs Raffi Khatchadourian 1* ,

Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs Raffi Khatchadourian 1* ,

Enforcing Behavioral Constraints in Evolving Aspect-Oriented Programs Raffi Khatchadourian 1* , Johan Dovland 2 , and Neelam Soundarajan 1 1 The Ohio State University, USA 2 University of Oslo, Norway * Partially administered during visit to

368 views • 33 slides
Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li

Making k- Object-Sensitive Pointer Analysis More Precise with Still k -Limiting Tian Tan , Yue Li and Jingling Xue SAS 2016 September, 2016 1 A New Pointer Analysis for Object-Oriented Programs 2 Pointer Analysis Determine which

965 views • 70 slides
Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V

Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V

Making AI forget you: Data deletion in machine learning T ONY G INART M ELODY G UAN , G REG V ALIANT , J AMES Z OU Advances in Neural Information Processing Systems December 12, 2019 AI systems today... Data Algorithm Model Users AI systems

561 views • 12 slides
Lifetime Products EcoHousing Initiative February 2010 WHO IS LIFETIME? Lifetime Products, Inc.

Lifetime Products EcoHousing Initiative February 2010 WHO IS LIFETIME? Lifetime Products, Inc.

Lifetime Products EcoHousing Initiative February 2010 WHO IS LIFETIME? Lifetime Products, Inc. is a privately held company headquartered in Clearfield, Utah, employing over 1,100 people. Our 2.6 million square-foot manufacturing facility in Utah

384 views • 15 slides
2016-17 Budget Proposal Mission: Making lifetime connections to campus, one person at a time

2016-17 Budget Proposal Mission: Making lifetime connections to campus, one person at a time

2016-17 Budget Proposal Mission: Making lifetime connections to campus, one person at a time Vision: To be the heart and soul of this great University Program Highlights and Impact Overview Opened the renovated Memorial Union West Wing in

403 views • 27 slides
They may forget what you said, but they will never forget how you made them feel .

They may forget what you said, but they will never forget how you made them feel .

They may forget what you said, but they will never forget how you made them feel . @ModestRobert @BunnyfootSays 1 Emotional Design 2 Technology moves from utilitarian to higher needs including emotion 3 Technology moves from

918 views • 55 slides
Toward a Developmentally Sensitive DSM-5: Chair: Patricia K. Kerig Making PTSD Criteria

Toward a Developmentally Sensitive DSM-5: Chair: Patricia K. Kerig Making PTSD Criteria

Toward a Developmentally Sensitive DSM-5: Chair: Patricia K. Kerig Making PTSD Criteria Developmentally Appropriate Michael S. Scheeringa PTSD as a Gateway Disorder in Children Justin Kenardy, Alexandra De Young, Erin Charlton Child

789 views • 78 slides
A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted insecurely Failure to protect all sensitive data Usernames, passwords, password hashes, credit-card information, identity info Session

415 views • 17 slides
Cognitive De-biasing Strategies for Critical, Time Sensitive Decision- making in Austere

Cognitive De-biasing Strategies for Critical, Time Sensitive Decision- making in Austere

Cognitive De-biasing Strategies for Critical, Time Sensitive Decision- making in Austere Environmental Emergencies What I Learned Spending 14 hours Peeing In My Wetsuit - Andrew Munoz Objectives Identify cognitive centers Isolate biases

601 views • 33 slides
Making any planar surface into a touch-sensitive display by a mere projector and camera Jingwen

Making any planar surface into a touch-sensitive display by a mere projector and camera Jingwen

Making any planar surface into a touch-sensitive display by a mere projector and camera Jingwen Dai Ronald Chung Computer Vision Laboratory Dept. of Mech. and Automation Engineering The Chinese University of Hong Kong PROCAMS2012, Providence, RI,

308 views • 16 slides
Lest we forget The tumult and the shouting dies; The Captains and the Kings depart: Still stands

Lest we forget The tumult and the shouting dies; The Captains and the Kings depart: Still stands

Lest we forget The tumult and the shouting dies; The Captains and the Kings depart: Still stands Thine ancient sacrifice, An humble and a contrite heart. Lord God of Hosts, be with us yet, Lest we forget lest we forget! Far-called our

507 views • 11 slides
Making electricity demand weather-sensitive? A French example... Since 1974: 63 GW of installed

Making electricity demand weather-sensitive? A French example... Since 1974: 63 GW of installed

Making electricity demand weather-sensitive? A French example... Since 1974: 63 GW of installed nuclear capacity (58 reactors) Electric heating: 36% of residential electricity consumption | 2001-2011: electric heating for more than 60% of

520 views • 10 slides
Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of

Ease of Doing Business - Enforcing Contracts A localised perspective on the efficacy of enforcing contracts in Malaysia Sabarina Samadi ASEAN INSIDERS 5-6 December 2016 by origin and passion 1 OVERVIEW Introduction to the Malaysian

390 views • 37 slides
Making Systems Sensitive to the Users Time and Working Memory Constraints Anthony Jameson,

Making Systems Sensitive to the Users Time and Working Memory Constraints Anthony Jameson,

Making Systems Sensitive to the Users Time and Working Memory Constraints Anthony Jameson, Ralph Schfer, Thomas Weis, Andr Berthold, Thomas Weyrath Project "Resource-Adaptive Dialog" DFG Collaborative Research Center on

314 views • 18 slides
Nonlinear mixed-effects models using Stata Yulia Marchenko Executive Director of Statistics

Nonlinear mixed-effects models using Stata Yulia Marchenko Executive Director of Statistics

Nonlinear mixed-effects models Nonlinear mixed-effects models using Stata Yulia Marchenko Executive Director of Statistics StataCorp LLC 2018 UK Stata Conference Yulia Marchenko (StataCorp) 1 / 49 Nonlinear mixed-effects models Outline

727 views • 49 slides
1 0.8 0.6 0.4 0.2 1 0.8 0 0.6 0.4 y 0.2 0.5 x 1 1 z = x 1 / 3 y 1 / 3 (2)

1 0.8 0.6 0.4 0.2 1 0.8 0 0.6 0.4 y 0.2 0.5 x 1 1 z = x 1 / 3 y 1 / 3 (2)

ECO 305 MICROECONOMIC THEORY FALL 2003 SOME GRAPHICS OF PRODUCTION FUNCTIONS This is posted on the web site in two versions a PDF fi le which has color pictures, and a Scienti fi c Workplace (SWP) LaTeX fi le which you can download to

506 views • 5 slides
Innovation Inputs and Outputs in Argentine Manufacturing Firms in Bad Times (1998-2001) Daniel

Innovation Inputs and Outputs in Argentine Manufacturing Firms in Bad Times (1998-2001) Daniel

Innovation Inputs and Outputs in Argentine Manufacturing Firms in Bad Times (1998-2001) Daniel Chudnovsky, Andrs Lpez & Germn Pupato Universidad de San Andrs, Universidad de Buenos Aires & CENIT Paper prepared for the 1 st

686 views • 14 slides
October 14, 2020 Virtual Talking Circle Crowd-Sourcing the RISE Vision Virtual Talking C

October 14, 2020 Virtual Talking Circle Crowd-Sourcing the RISE Vision Virtual Talking C

October 14, 2020 Virtual Talking Circle Crowd-Sourcing the RISE Vision Virtual Talking C Circles t to Date Topics : Innovation in a Time of Crisis, Virtual Communities of Practice, Virtual Care, Learners as

483 views • 13 slides
TASO: Optimizing Deep Learning with Automatic Generation of Graph Substitutions Zhihao Jia , Oded

TASO: Optimizing Deep Learning with Automatic Generation of Graph Substitutions Zhihao Jia , Oded

TASO: Optimizing Deep Learning with Automatic Generation of Graph Substitutions Zhihao Jia , Oded Padon, James Thomas, Todd Warszawski, Matei Zaharia, and Alex Aiken Stanford University SOSP19 12/14/19 1 Current Rule-based DNN

894 views • 35 slides
Substitution-model reasoning for Hofl A Hofl interpreter Theory of Programming Languages Computer

Substitution-model reasoning for Hofl A Hofl interpreter Theory of Programming Languages Computer

Introduction Abstract Syntax Interpreter bindrec Substitution-model reasoning for Hofl A Hofl interpreter Theory of Programming Languages Computer Science Department Wellesley College Introduction Abstract Syntax Interpreter bindrec Table

188 views • 6 slides
Parallel Numerical Algorithms Chapter 3 Dense Linear Systems Section 3.3 Triangular

Parallel Numerical Algorithms Chapter 3 Dense Linear Systems Section 3.3 Triangular

Triangular Systems 1D Algorithms Wavefront Algorithms 2D Algorithms and TRSM Parallel Numerical Algorithms Chapter 3 Dense Linear Systems Section 3.3 Triangular Linear Systems Michael T. Heath and Edgar Solomonik Department of

514 views • 40 slides
Symbolwise MAP Estimation for Multiple-Trace Insertion/Deletion/Substitution Channels Ryo

Symbolwise MAP Estimation for Multiple-Trace Insertion/Deletion/Substitution Channels Ryo

Symbolwise MAP Estimation for Multiple-Trace Insertion/Deletion/Substitution Channels Ryo Sakogawa and Haruhiko Kaneko Tokyo Institute of Technology ISIT2020 R. Sakogawa, H. Kaneko (TokyoTech) MAP Estimation for Multiple-Trace IDS ISIT2020 1

625 views • 25 slides

More recommend