Return to search

Protecting sensitive information from untrusted code

As computer systems support more aspects of modern life, from finance to health care, security is becoming increasingly important. However, building secure systems remains a challenge. Software continues to
have security vulnerabilities due to reasons ranging from programmer
errors to inadequate programming tools. Because of these
vulnerabilities we need mechanisms that protect sensitive data
even when the software is untrusted.

This dissertation shows that secure and practical frameworks can be built
for protecting users' data from untrusted applications in both desktop
and cloud computing environment.

Laminar is a new framework that secures desktop applications by
enforcing policies written as information flow rules. Information flow control, a form of mandatory access control, enables programmers to write powerful, end-to-end security guarantees while reducing
the amount of trusted code. Current programming abstractions and implementations of this model either compromise end-to-end security guarantees or require substantial modifications to applications, thus deterring adoption. Laminar addresses these shortcomings by exporting
a single set of abstractions to control information flows through
operating system resources and heap-allocated objects. Programmers express security policies by labeling data and represent access restrictions on code using a new abstraction called a security region.
The Laminar programming model eases incremental deployment, limits dynamic security checks, and supports multithreaded programs that can access
heterogeneously labeled data.

In large scale, distributed computations safeguarding information requires solutions beyond mandatory access control. An important challenge is to ensure that the computation, including its output,
does not leak sensitive information about the inputs. For untrusted code, access control cannot guarantee that the output does not leak information. This dissertation proposes Airavat, a MapReduce-based system which augments mandatory access control with differential privacy to guarantee security and privacy for distributed computations. Data providers control the security policy for their sensitive data, including a mathematical bound on potential privacy violations. Users without security expertise can perform computations
on the data; Airavat prevents information leakage beyond the data
provider's policy. Our prototype implementation of Airavat
demonstrates that several data mining tasks can be performed in a
privacy preserving fashion with modest performance overheads. / text

Identiferoai:union.ndltd.org:UTEXAS/oai:repositories.lib.utexas.edu:2152/ETD-UT-2010-08-1951
Date13 December 2010
CreatorsRoy, Indrajit
Source SetsUniversity of Texas
LanguageEnglish
Detected LanguageEnglish
Typethesis
Formatapplication/pdf

Page generated in 0.0014 seconds