Protecting Outsourced Data Privacy with Lifelong Policy Carrying

The lack of remote data access control capability and the loss of remote data access trail make data owners hesitate when they have to outsource their sensitive data to remote third party platform. The data owners have no choice but to trust the remote third party software before they ship their data to the remote environment. In this paper we propose a new set of guiding principles for protecting outsourced data with data owner specified policy. Compared with traditional access control mechanism equipped by service providers, which can be regarded as the first layer of confinement, we aim to provide data owner a second layer of confinement on data propagation and access without modifying existing data-access applications. This is achieved by two critical techniques: (1) a policy-carrying data model that binds customer data with logical data access policy, and (2) a remote application running environment which acts as data access verifier and propagation controller. To demonstrate the feasibility of this approach, we build the logical data propagation and access control (LDPAC) system, in which a human-readable policy abstract is provided to formulate data propagation and access. When policy-carrying data is shipped to remote service provider, the per-node LDPAC verifier module conducts the logical proof checking to mediate sensitive data access. Meanwhile, the authorized application which intends to access sensitive data is forced to run in an application container, in order to prevent sensitive data leakage through in-memory data breaches. Our evaluation shows that LDPAC system adds reasonable performance overhead for the remote sensitive data access and propagation mediation, while preserving the original service deployment.

[1]  Emin Gün Sirer,et al.  Logical attestation: an authorization architecture for trustworthy computing , 2011, SOSP.

[2]  Kang G. Shin,et al.  Using hypervisor to provide data secrecy for user applications on a per-page basis , 2008, VEE '08.

[3]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[4]  Siani Pearson,et al.  Sticky Policies: An Approach for Managing Privacy across Multiple Parties , 2011, Computer.

[5]  Ruby B. Lee,et al.  A software-hardware architecture for self-protecting data , 2012, CCS.

[6]  Eddie Kohler,et al.  Making information flow explicit in HiStar , 2006, OSDI '06.

[7]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[8]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[9]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[10]  Angelos D. Keromytis,et al.  libdft: practical dynamic data flow tracking for commodity systems , 2012, VEE '12.

[11]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[12]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[13]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[14]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[15]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[16]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[17]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[18]  Wei Xu,et al.  Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.

[19]  Robert Love,et al.  Kernel korner: intro to inotify , 2005 .

[20]  Yanpei Chen,et al.  What's New About Cloud Computing Security? , 2010 .

[21]  Martín Abadi,et al.  Authentication in the Taos operating system , 1993, SOSP '93.

[22]  Christoforos E. Kozyrakis,et al.  Real-World Buffer Overflow Protection for Userspace and Kernelspace , 2008, USENIX Security Symposium.

[23]  Adrian Perrig,et al.  SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes , 2007, SOSP.

[24]  Butler W. Lampson,et al.  31. Paper: Computer Security in the Real World Computer Security in the Real World , 2022 .

[25]  Elaine Shi,et al.  Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection , 2011, HotOS.