secure distributed computation and storage
play

Secure Distributed Computation and Storage Jed Liu Michael D. - PowerPoint PPT Presentation

Apr 18, 2023 •254 likes •650 views

A Platform for Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas Waye Andrew C. Myers Department of Computer Science Cornell University 22 nd ACM SIGOPS Symposium on Operating Systems Principles 14

  1. A Platform for Secure Distributed Computation and Storage Jed Liu Michael D. George K. Vikram Xin Qi Lucas Waye Andrew C. Myers Department of Computer Science Cornell University 22 nd ACM SIGOPS Symposium on Operating Systems Principles 14 October 2009

  2. The Web is Not Enough • The Web: decentralized information-sharing • Limitations for integrating information – Medicine, finance, government, military, … – Need security and consistency Is there a principled way to build federated applications while guaranteeing security and consistency? Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  3. Fabric: A System and a Language • Decentralized system for securely sharing information and computation • All information looks like an ordinary program object • Objects refer to each other with references – Any object can be referenced uniformly from anywhere – References can cross nodes and trust domains – All references look like ordinary object pointers node1 n Compiler and runtime enforce child: node2 security and consistency value: 42 despite distrust n.child.value++ Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  4. Fabric Enables Federated Sharing Different HIPAA-compliant HIPAA-compliant policy policy General Psychiatrist Practitioner (GP) Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  5. Fabric Enables Federated Sharing General Psychiatrist Practitioner (GP) Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  6. Fabric Enables Federated Sharing Different HIPAA-compliant HIPAA-compliant policy policy General Psychiatrist Practitioner (GP) Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  7. Example: Filling a Prescription Order medication Check for conflicts Pharmacist Verify prescription Get current medications Psychiatrist General Practitioner Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  8. Example: Filling a Prescription Security issues Consistency issues • Pharmacist shouldn’t see • Need atomicity entire record • Doctors might be accessing • Psychiatrist doesn’t fully trust medical record concurrently pharmacist with update – Need secure distributed Fill order computation Pharmacist Update inventory Mark prescription as filled Must be done by pharmacist Must be done by psychiatrist Psychiatrist Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  9. Pharmacy Example in Fabric Order orderMed(PatRec psyRec, PatRec gpRec, Prescription p) { if (!psyRec.hasPrescription(p)) return Order. INVALID ; if (isDangerous(p, gpRec.getMeds())) return Order. DANGER ; Check for conflicts Get current Get prescriptions medications } Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  10. Pharmacy Example in Fabric Order orderMed(PatRec psyRec, PatRec gpRec, Prescription p) { atomic { if (!psyRec.hasPrescription(p)) return Order. INVALID ; if (isDangerous(p, gpRec.getMeds())) return Order. DANGER ; Worker psy = psyRec.getWorker(); psyRec.markFilled@psy(p); Fill order updateInventory(p); return Order.fill(p); Mark prescription as filled } } Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  11. A High-Level Language Order orderMed(PatRec psyRec, PatRec gpRec, Prescription p) { atomic { if (!psyRec.hasPrescription(p)) return Order. INVALID ; if (isDangerous(p, gpRec.getMeds())) return Order. DANGER ; Worker psy = psyRec.getWorker(); psyRec.markFilled@psy(p); updateInventory(p); Java with: • Remote calls return Order.fill(p); • Nested transactions (atomic blocks) } • Label annotations for security (elided) } Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  12. A High-Level Language Order orderMed(PatRec psyRec, PatRec gpRec, Prescription p) { atomic { if (!psyRec.hasPrescription(p)) return Order. INVALID ; if (isDangerous(p, gpRec.getMeds())) return Order. DANGER ; Worker psy = psyRec.getWorker(); psyRec.markFilled@psy(p); • All objects accessed uniformly regardless of location updateInventory(p); • Objects fetched as needed return Order.fill(p); • Remote calls are explicit } Run-time system requirement: } • Secure transparent data shipping Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  13. Remote Calls Order orderMed(PatRec psyRec, PatRec gpRec, Prescription p) { atomic { if (!psyRec.hasPrescription(p)) return Order. INVALID ; if (isDangerous(p, gpRec.getMeds())) return Order. DANGER ; Worker psy = psyRec.getWorker(); Remote call — pharmacist runs psyRec.markFilled@psy(p); method at psychiatrist’s node updateInventory(p); return Order.fill(p); Run-time system requirements: } • Secure transparent data shipping • Secure remote calls } Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  14. Federated Transactions Order orderMed(PatRec psyRec, PatRec gpRec, Prescription p) { Federated transaction — spans multiple nodes & trust domains atomic { if (!psyRec.hasPrescription(p)) return Order. INVALID ; if (isDangerous(p, gpRec.getMeds())) return Order. DANGER ; Worker psy = psyRec.getWorker(); Remote call — pharmacist runs psyRec.markFilled@psy(p); method at psychiatrist’s node updateInventory(p); return Order.fill(p); Run-time system requirements: } • Secure transparent data shipping • Secure remote calls } • Secure federated transactions Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  15. Fabric Security Model • Decentralized system – anyone can join • What security guarantees can we provide? • Decentralized security principle: You can’t be hurt by what you don’t trust • Need notion of “you” and “trust” in system and language – Principals and acts-for Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  16. Principals and Trust in Fabric • Principals represent users, nodes, groups, roles • Trust delegated via acts-for – “Alice acts-for Bob” means “Bob trusts Alice” – Like “speaks-for” [LABW91] – Generates a principal hierarchy acts for acts for A doc A pharm Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  17. Trust Management • Fabric principals are objects Determines whether class Principal { p acts for this principal boolean delegatesTo(principal p); void addDelegatesTo(principal p) where caller (this); … Caller must have } authority of this principal • Explicit trust delegation via method calls // Adds “Alice acts-for Bob” to principal hierarchy bob.addDelegatesTo(alice) – Compiler and run-time ensure that caller has proper authority Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  18. Security Labels in Fabric • Based on Jif programming language [M99] • Decentralized label model [ML98] – Labels specify security policies to be enforced Confidentiality: Alice Bob Alice permits Bob to read Integrity: Alice Bob Alice permits Bob to write class Prescription { Drug{Psy A pharm ; Psy Psy} drug; Dosage{Psy A pharm ; Psy Psy} dosage; … } • Compiler and run-time system ensure that policies are satisfied Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  19. Security Labels in Fabric • Based on Jif programming language [M99] • Decentralized label model [ML98] – Labels specify security policies to be enforced Confidentiality: Alice Bob Alice permits Bob to read Integrity: Alice Bob Alice permits Bob to write class Prescription { Drug{Psy A pharm ; Psy Psy} drug; Run-time system requirements: Dosage{Psy A pharm ; Psy Psy} dosage; • Secure transparent data shipping … } • Secure remote calls • Compiler and run-time system ensure that policies are • Secure federated transactions • Enforcement of security labels satisfied Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  20. Contributions • Language combining: – Remote calls – Nested transactions – Security annotations • System with: – Secure transparent data shipping – Secure remote calls – Secure federated transactions – Enforcement of security labels Challenge: How to provide all these in the same system? Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  21. Fabric Run-Time System • Decentralized platform for secure, consistent sharing of information and computation – Nodes join freely – No central control over security • Nodes are principals – Root of trust – Authentication: X.509 certificates bind hostnames to principal objects Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  22. Fabric Architecture transaction Worker nodes remote (Workers) call Dissemination nodes Storage nodes (Stores) Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

  23. Fabric Architecture transaction Worker nodes remote (Workers) call Dissemination nodes • Storage nodes securely store persistent objects • Each object specifies its own security policy, enforced by store Jed Liu – Fabric: A Platform for Secure Distributed Computation and Storage

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation

Communication Locality in C i i L li i Secure Multi Party Secure Multi-Party Computation Computation How to Run Sublinear Algorithms in a Distributed Algorithms in a Distributed Setting Elette Boyle Shafi Goldwasser Stefano Tessaro

1.01k views • 36 slides
CERN, June 2008 large, reliable, and secure distributed online storage harness idle resources of

CERN, June 2008 large, reliable, and secure distributed online storage harness idle resources of

CERN, June 2008 large, reliable, and secure distributed online storage harness idle resources of participating computers old dream of computer science The design of a world-wide, fully transparent distributed file system for simultaneous

1.05k views • 102 slides
Secure Distributed Computation on Private Inputs David Pointcheval ENS - CNRS - INRIA

Secure Distributed Computation on Private Inputs David Pointcheval ENS - CNRS - INRIA

Secure Distributed Computation on Private Inputs David Pointcheval ENS - CNRS - INRIA Foundations & Practice of Security Clermont-Ferrand, France - October 27th, 2015 The Cloud David Pointcheval Introduction 2 / 30 Access from

761 views • 41 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.28k views • 126 slides
Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F

Secure 2-Party Computation Lecture 14 Yao s Garbled Circuit RECALL SIM-Secure MPC F F proto proto iface iface Secure (and correct) if: s.t. output of is distributed Env Env identically in REAL IDEAL REAL and

1.33k views • 102 slides
Computation on Natural Graphs Presenter: Mengxiao Wang Problem: Existing distributed graph

Computation on Natural Graphs Presenter: Mengxiao Wang Problem: Existing distributed graph

CSE 6350 File and Storage System Infrastructure in Data centers Supporting Internet-wide Services PowerGraph: Distributed Graph-Parallel Computation on Natural Graphs Presenter: Mengxiao Wang Problem: Existing distributed graph computation

498 views • 11 slides
Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook

Kurma: Secure Geo-distributed Multi-cloud Storage Gateways Ming Chen and Erez Zadok Stony Brook University File Systems and Storage Lab (FSL) Cloud Storage Gateways l Benefits of cloud gateways Public NAS u Combine advantages of both Cloud

650 views • 51 slides
Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure

https://2.bp.blogspot.com/-Q_39kDXs93c/UOecpSOTX5I/AAAAAAAAA2k/WaIfMiKzQOw/s1600/eniac1+%281%29.jpg Secure computation With material from Matthew Green, Elaine Shi, CS Unplugged, others Secure computation Zero-knowledge proofs

465 views • 33 slides
Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a

Secure Outsourcing of Computation Ron Rothblum MIT Outsourcing Computation Motivation: allow a computationally weak client to outsource its computation to an untrusted server. = () Main security concerns: 1. Correctness:

377 views • 4 slides
Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai

Round-Optimal Secure Multiparty Computation with Honest Majority Prabhanjan Ananth Arka Rai Choudhuri Aarushi Goel Abhishek Jain CRYPTO 2018 Secure Multiparty Computation ! # ! $ ! " ! % Secure Multiparty Computation Securely compute

1.18k views • 102 slides
Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine

Secure Computation ORAM The Case of 3-Party Computation Stanislaw Jarecki, UC Irvine Cryptography in the RAM Model Workshop, Cambridge, MA, June 2016 AC15: Sky Faber, S.J. , Sotirios Kentros, Boyang Wei New Work: S.J. , Boyang Wei Secure

595 views • 23 slides
YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid

YFS 1.0 is the next generation distributed file system for secure private, public and hybrid cloud storage deployments. YFS 1.0 is not a hardware appliance. Backward compatible with IBM AFS 3.6 and OpenAFS. No flag day required

359 views • 16 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides
Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.)

Secure Computation with Low Communication from Cross-checking Dov Gordon (George Mason U.) Samuel Ranellucci (Unbound Tech) Xiao Wang (MIT & Boston U.) Secure Computation 4 parties each hold private data. They wish to compute C(x 1

414 views • 24 slides
A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu,

A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu,

A Language for Probabilistically Oblivious Computation David Darais , Ian Sweet, Chang Liu, Michael Hicks Secure Storage S[42] secret Cloud You s = S[42] Storage S[s] secret Implementation = encrypt the data Read/write indices

787 views • 59 slides
HU HUD Stan andar ards for or Succes ess Pilot ilot Da Data Collection: Pa Participant

HU HUD Stan andar ards for or Succes ess Pilot ilot Da Data Collection: Pa Participant

HU HUD Stan andar ards for or Succes ess Pilot ilot Da Data Collection: Pa Participant Health Da Data Elements Virtual Conference April 17, 2017 To Todays Presenter D. Rob Haley PhD, MBA, MHS Co-Founder and Executive Vice

989 views • 62 slides
Spotlight Jaliah Ali Garine Mouradian Lets talk about this Who were some of your favorite

Spotlight Jaliah Ali Garine Mouradian Lets talk about this Who were some of your favorite

Children in the Spotlight Jaliah Ali Garine Mouradian Lets talk about this Who were some of your favorite childhood stars from any movies and shows from that you used to watch? Do they look familiar ? Where are they now? Manipulated for

162 views • 12 slides
Infant and Child Mental Health Webinar 2 Engaging with parents and infants in the first

Infant and Child Mental Health Webinar 2 Engaging with parents and infants in the first

Emerging Minds Webinar Series Infant and Child Mental Health Webinar 2 Engaging with parents and infants in the first thousand days 7:15 pm to 8:30 pm AEST Monday 17 th September 2018 Emerging Minds and MHPN wishes to acknowledge the

525 views • 27 slides
Bree Collaborative Meeting November 14, 2018 | Puget Sound Regional Council Housekeeping Web

Bree Collaborative Meeting November 14, 2018 | Puget Sound Regional Council Housekeeping Web

Bree Collaborative Meeting November 14, 2018 | Puget Sound Regional Council Housekeeping Web Access: listed throughout room Slide 2 Agenda Chair Report September 26 th Meeting Minutes Action Item : Approve minutes Implementation

688 views • 49 slides
1/29/2016 Flvio Casoy, 2013 CTRP was one of the most important clinical rotations I had in

1/29/2016 Flvio Casoy, 2013 CTRP was one of the most important clinical rotations I had in

1/29/2016 Flvio Casoy, 2013 CTRP was one of the most important clinical rotations I had in residency. I learned so much and it definitely shaped my worldview as a psychiatrist and as a psychotherapist. Undoubtedly, the best and richest part

700 views • 15 slides
A Team Approach to Care for We have nothing to disclose Children with Cerebral Palsy Christina

A Team Approach to Care for We have nothing to disclose Children with Cerebral Palsy Christina

3/9/2018 A Team Approach to Care for We have nothing to disclose Children with Cerebral Palsy Christina Buysse, MD Helen Phung, PT Supervisor Patty Walsh, OT Chief Therapist California Childrens Services CCS Medical Therapy Program

741 views • 22 slides
FUNDING LANDSCAPE FOR TELEPSYCHIATRY Jacqueline Calderone, MD Assistant Professor &

FUNDING LANDSCAPE FOR TELEPSYCHIATRY Jacqueline Calderone, MD Assistant Professor &

FUNDING LANDSCAPE FOR TELEPSYCHIATRY Jacqueline Calderone, MD Assistant Professor & Associate Director of Primary Care Telepsychiatry Department of Family Medicine & Department of Psychiatry Ass Helen and Arthur E. Johnson Depression

346 views • 11 slides
Program Approaches and Community Responses Sharmila Shetty , MD| Medical Epidemiologist, Emergency

Program Approaches and Community Responses Sharmila Shetty , MD| Medical Epidemiologist, Emergency

Suicidality Among Refugees: Program Approaches and Community Responses Sharmila Shetty , MD| Medical Epidemiologist, Emergency Response and Recovery Branch, Centers for Disease Control and Prevention (CDC) Chhabi Sharma , MBBS| Psychiatrist,

754 views • 63 slides

More recommend