Security and privacy in the age of software controlled surroundings

Prashanth MohanDavid Culler

What are your expectations of privacy and security when you

are in a shared space?

Changing the way we interact

In a personalized world

A living and breathing surrounding

No more key chains or key cards

Digital Security

Physical SecurityData Platform (BOSS)

Data VisualizationApps

Data Sources Control Data

Data LearningApps

How can we ensure sandboxed data analysis?

How can we restrictmixing of data?

How can we understand

arbitrary data types?

How can we ensure the

reliability of control data?

How can we improve the integrity of

data sources?

Enforcing end-to-end user policies

• Mobad - How can we maximize benefit while analyzing data locally (for privacy)?

• Rubicon - Can we reuse existing software systems while still obtaining privacy guarantees?

• Gupt - How can we mine data without divulging the privacy of individuals?

Many open privacy questionsCan we describe privacy in higher level constructs??

How do we make sense of the wide variety of data sources?

Who has access to what data?

Is the building a natural boundary for data?

Security of building networks

Static Analysis Techniques

Code Instrumentation

Dynamic Analysis using Input Replay

Brainstorm: Ensuring security

• Secure the networks!• Understand the state machine of the building

– “control transactions” limit bad states• How can we apply the principle of least

privilege for apps on BOSS?• Software security at the firmware layer

Thank You

Prashanth Mohan

https://www.cs.berkeley.edu/~prmohan

prmohan@cs.berkeley.edu

Backup

Topics for discussion

• When you enter a public building, what are your privacy and security expectations?

• How expensive should attacks become in order to limit malicious behavior?

• Is privacy a lost cause?• How much of these problems can be solved

with appropriate regulation?

17

User data

Processeddata

Research Progress

Client Device Web Application

Multiple users’ data

Learning Models

Machine Learning

Client Data Privacy: EuroSys13, HotSec12, MobiSys10

Cloud Data Privacy: IEEESP13*, SIGMOD12

18

Functional Blocks

Integrity Checking

ACL Checking

User Authentication

Image source: Wikipedia

Template Processor

Isolated Containers

Easy drop-in solution for existing 3-tier programs

19

TLS Proxy TLS Proxy

Secure Block DeviceStorage

TPM Chip (Remote Attestation)

Linux Kernel

IPTables

Cont

rolle

r

ACL Store

ACL changes

EtherPad

FriendShare

ApplicationLayer

K/V Proxy FS Proxy

DeDupStorageLayer

End Users

20

Differential PrivacyPrivacy budget

Randomized algorithm Any measurable setNeighbors: two datasets

differing in exactly one entry

Function Sensitivity

df

LapDfDA

)()(

Web Frontend

Data Set Manager

1. Data Set2. Data Parser3. Privacy ↵Budget (ε)

Isolated Execution Chambers

Isolated Execution Chambers

Isolated Execution Chambers

Computation Manager

Untrusted Computation

Comp Mgr XML RPC Layer

Computation Differentially Private Answer

Noise Generator

1. Computation2. [Bounds Estimator]

Auditing