Private environments for programs

Dunn, Alan Mark

25 September 2014

Commodity computer systems today do not provide system support for privacy. As a result, given the creation of new leak opportunities by ever-increasing software complexity, leaks of private data are inevitable. This thesis presents Suliban and Lacuna, two systems that allow programs to execute privately on commodity hardware. These systems demonstrate different points in a design space wherein stronger privacy guarantees can be traded for greater system usability. Suliban uses trusted computing technology to run computation-only code privately; we refer to this protection as "cloaking". In particular, Suliban can run malicious computations in a way that is resistant to analysis. Suliban uses the Trusted Platform Module and processor late launch to create an execution environment entirely disjoint from normal system software. Suliban uses a remote attestation protocol to demonstrate to a malware distribution platform that the environment has been correctly created before the environment is allowed to receive a malicious payload. Suliban's execution outside of standard system software allows it to resist attackers with privileged operating system access and those that can perform some forms of physical attack. However, Suliban cannot access system services, and requires extra case-by-case measures to get outside information like the date or host file contents. Nonetheless, we demonstrate that Suliban can run computations that would be useful in real malware. In building Suliban, we uncover which defenses are most effective against it and highlight current problems with the use of the Trusted Platform Module. Lacuna instead aims at achieving forensic deniability, which guarantees that an attacker that gains full control of a system after a computation has finished cannot learn answers to even binary questions (with a few exceptions) about the computation. This relaxation of Suliban's guarantees allows Lacuna to run full-featured programs concurrently with non-private programs on a system. Lacuna's key primitive is the ephemeral channel, which allows programs to use peripherals while maintaining forensic deniability. This thesis extends the original Lacuna work by investigating how Linux kernel statistics leak private session information and how to mitigate these leaks. / text

System-level privacy

Code obfuscation

Data leaks

Trusted computing

Virtualization

Návrh řešení pro efektivní analýzu bezpečnostních dat / Design of a Solution for Effective Analysis of Security Data

Podlesný, Šimon

January 2021

The goal of this thesis is to design architecture capable of processing big data with focus on data leaks. For this purpose multiple data storage systems were described a and compared. The proposed architecture can load, process, store and access data for analytic purposes while taking into account authentication and authorisation of users and principles of modern agile infrastructure.

Řízení externích zařízení na macOS s cílem zabránit úniku dat / Control of External Devices on macOS to Prevent Data Leaks

Zuzelka, Jozef

January 2020

Práca sa zaoberá problematikou kontroly a blokovania externých zariadení v operačnom systéme Apple macOS za účelom ochrany pred únikom citlivých dát. Implementované riešenie ukazuje zvolené prístupy pre blokovanie externých a cloudových diskov. Pre blokovanie USB diskov bol použitý DiskAbitration framework, čo je najvodnejšie riešenie tohto typu úlohy. Avšak cloudové disky sú v skutočnosti synchronizované zložky a úlohu nehrajú ovládače ani strom pripojených zariadení. Ku kontrole operácií v cloudových diskoch bol použitý Endpoint Security framework. Aktuálne podporovaní cloudový poskytovatelia sú iCloud a Dropbox a prístup k nim môže byť obmedzený úplne alebo iba na čítanie. Schopnosť synchronizácie vzdialenýh zmien bola zachovaná avšak v prípade Dropboxu si to žiada nepoužívať ich aplikáciu na správu súborov.