PPD: Platform for Private Data
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

PPD: Platform for Private Data PowerPoint PPT Presentation


  • 49 Views
  • Uploaded on
  • Presentation posted in: General

PPD: Platform for Private Data. Mohit Tiwari with Krste Asanović , Dawn Song, Petros Maniatis *, Prashanth Mohan, Charalampos Papamanthou , Elaine Shi, Emil Stefanov , Nguyen Tran UC Berkeley Intel* . The Age of Big Data. Plentiful, and Private. Rich Applications.

Download Presentation

PPD: Platform for Private Data

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ppd platform for private data

PPD: Platform for Private Data

MohitTiwari

with KrsteAsanović, Dawn Song,

PetrosManiatis*, Prashanth Mohan, CharalamposPapamanthou,

Elaine Shi, Emil Stefanov, Nguyen Tran

UC Berkeley Intel*


The age of big data

The Age of Big Data

Plentiful, and Private


Rich applications

Rich Applications

Richness

Time


Need data protection as a service

Need Data Protection as a Service

Vulnerable software

(Un) Intentional Misuse

Insider Attacks


Ideal privacy preserving cloud

Ideal: Privacy Preserving Cloud

Developer

End User

privacy evidence

privacy policy

App

API

Cloud provider


Ideal platform for private data

Ideal: Platform for Private Data

  • Data protection as a service

  • Users

    • control access to their data

    • access third-party applications

  • Developers

    • save resources, need not be security experts

    • access personal data hitherto unavailable


Challenge 1

Challenge #1

Untrusted applications own users’ data.

Developer

End User

API

Cloud provider


Challenge 2

Challenge #2

Novice Users


Ppd platform for private data

PPD: Platform for Private Data

Developer

End User

intuitive

privacy policy

privacy evidence

App

API

  • App

  • +

  • Guest OS

private data vault

sealed container

PPD Cloud provider


Outline of this talk

Outline of this talk

  • PPD: Platform for Private Data

  • PPD Architecture

  • PPD Prototype and Evaluation


Ppd applications

PPD Applications

user

initiated

sharing


Ppd architecture users

PPD Architecture: Users

End-User

Trusted

User Interface

Protected

Channel

ACLs

Hardware with TPM

PPD

Cloud Provider

Untrusted Storage


Ppd architecture applications

PPD Architecture: Applications

Developer

End-User

Trusted

User Interface

uni-directional

App

per-capsule: RW

per-user: R all, W flagged

Application Container

  • Cleartext

  • data

PPD

Cloud Provider

Hardware with TPM

PPD Controller and ACL Manager

  • Untrusted Application

Untrusted Storage


Ppd architecture storage

PPD Architecture: Storage

Developers

End-Users

App

App

Trusted

User Interface

PPD

Storage Proxy

  • Dedup, Caching, Replication,…

Storage Container

Integrity

check

PPD

Cloud Provider

Hardware with TPM

PPD Controller and ACL Manager

  • Untrusted Application

Untrusted Storage


Ppd timeline 1 user attests client

PPD Timeline #1: User attests Client

User Client Cloud Server

Alice

TPM.send(hw id)

Trusted PPD Server

Attest(code)

Response (result)

Separation kernel

onclient checked

sitekey

sitekey

Client

attested


Ppd timeline 2 user launches app

PPD Timeline #2: User launches App

User Client Cloud Server

Launch trusted UI

Alice

Authentication

App

+

Guest OS

PPD

UI, Control

Launch application

Trusted PPD Kernel

PPD

UI, Control

App

+

Guest OS

App communication

Trusted PPD Kernel


User and developer interface

User and Developer Interface

  • User creates data capsules

    • personal by default and decides who to share it with

    • does not specify a lattice of security labels

  • PPD Systemprovides trusted UI to user

    • User conveys change of ACLs to PPD

  • Developers can request

    • Application Containers: per-user, per-data-capsule

    • Storage Containers: per-application, per-system


Outline of this talk1

Outline of this talk

  • PPD: Platform for Private Data

  • PPD Architecture

  • PPD Prototype and Evaluation


Ppd building blocks

PPD Building Blocks

  • Data capsules

    • E.g. “tax documents”, “thanksgiving ”

    • System assigns ACL as private by default

  • Protected Containers

    • Linux containers (LXC), Copy-on-write FS (UnionFS).

    • Stops all explicit communication, except channels.

    • Hardware side channels, timing leaks out of scope


Ppd building blocks1

PPD Building Blocks

  • Protected Channels

    • iptables firewall rules for LXC containers

    • Encryption, integrity-checking (TLS/SSL for network)

    • Trusted Channel from User to PPDto change ACLs

  • Storage Proxies

    • Key-value proxy: put, get, and setACL interface

    • File-system proxy: fuse-based layer on key-val proxy


Ppd building blocks2

PPD Building Blocks

  • PPD Controller

    • manages containers and channels

    • dynamically creates containers based on user or application requests

    • assigns iptables rules for all containers

  • Remote Attestation

    • Intel TXT, TPM v1.2

    • attest correct PPD code on untrusted machines


Ppd applications1

PPD Applications

  • Friendshare: online storage with de-duplication (like Dropbox)

  • Git: repository version control server

  • Etherpad: online, collaborative editing (like Google Docs)


Ppd prototype

PPD Prototype

End Users

ACL changes

TLS Proxy

TLS Proxy

ACL Store

Controller

ApplicationLayer

LXCContainers

FriendShare

EtherPad

DeDup

StorageLayer

K/V Proxy

FS Proxy

TPMChip

(Remote Attestation)

Storage

IPTables

Linux Kernel

Secure Block Device


Eval porting apps for ppd

Eval: Porting Apps for PPD

  • Scripts to install and configure apps in containers

  • Application v. Storage containers

    • Friendshare

      • Application: Scan directories, chunk files, change ACL

      • Storage: De-duplication

    • Git, Etherpad

      • Application: entire functionality


Eval ppd application performance

Eval: PPD Application Performance

  • Minimal effect on Friendsharethroughput

Big Requests: 10KB images

Small Requests: 10 filenames


Ppd application performance

PPD Application Performance

  • Minimal effect onFriendsharelatency


Summary

Summary

  • PPD: New Data-Centric Cloud Platform

    • user controlled sharing

    • rich, mostly legacy applications

  • PPD Architecture

    • untrusted application and storage components

  • PPD Prototype and Evaluation

    • small performance and porting cost


The ppd team

The PPD Team


Current and future work

Current and Future Work

  • Applications

    • medical applications, business data analytics

  • Client-side PPD on Android

    • light-weight containers and channels on Nexus S

  • Application initiated sharing

    • differential privacy


Related approaches

Related Approaches

  • DIFC

    • PPD does not do fine-grained information flow tracking

    • Constrained containers + Dev API = simple system

  • Capabilities

    • Can be used to implement containers and channels

    • Re-write legacy applications

  • Android Security

    • Static, Coarse-grained permissions

    • User does not own data


Conclusion

Conclusion

Developer

End User

privacy policy

privacy evidence

App

API

PPD Cloud provider


Backups

Backups


Ppd insights

PPD Insights

  • Co-design UI and System software

    • User decisions are intuitive (“share doc with Bob”)

    • System manages untrusted apps and private data

  • Developer API

    • Per-user functionality v. Cross-user Optimizations

  • Privacy: Data owners’ access control policy

    • Apps ‘see’ data only in sealed containers


Summary1

Summary


Ppd evaluation etherpad

PPD Evaluation: Etherpad


Ppd evaluation git

PPD Evaluation: Git


Ppd platform for private data1

PPD: Platform for Private Data

  • PPD is a data-centric cloud platform

    • rich, untrusted applications

    • strong privacy guarantees for end user

  • PPD will spark innovation

    • through apps from small developers

    • making more private data available


Ppd design

PPD Design

  • Simplest: User + PPD

    • Data capsules + ACL: (UI)

  • Next: User + Application (front-end) + PPD

    • Per-user, Sharing

  • Next: + Backend Storage

    • Rich optimizations, integrity checked


  • Login