Bunker: a privacy-oriented platform for network tracing
作者: Andrew G. Miklas , Alec Wolman , Angela Demke Brown , Stefan Saroiu
DOI:
关键词: Computer security 、 Software 、 TRACE (psycholinguistics) 、 Database 、 Virtualization 、 Software development 、 Tracing 、 Encryption 、 Information sensitivity 、 Computer science 、 Usability
摘要: ISPs are increasingly reluctant to collect and store raw network traces because they can be used compromise their customers' privacy. Anonymization techniques mitigate this concern by protecting sensitive information. Trace anonymization performed offline (at a later time) or online collection time). Offline suffers from privacy problems must stored on disk - until the deleted, there is potential for accidental leaks exposure subpoenas. Online drastically reduces risks but complicates software engineering efforts trace processing at line speed. This paper presents Bunker, tracing system that combines development benefits of with anonymization. Bunker uses virtualization, encryption, restricted I/O interfaces protect software, exporting only an anonymized trace. We present design implementation evaluate its security properties, show ease use developing complex application.
参考文章(38)
Henry M. Levy, Alastair Wolman, Sharing and caching characteristics of internet content University of Washington. ,(2002)
Jacobus van der Merwe, Z. Morley Mao, Oliver Spatscheck, Rangarajan Vasudevan, Reval: a tool for real-time evaluation of DDoS mitigation strategies usenix annual technical conference. pp. 15- 15 ,(2006)
C Diot, D Mcauley, A Moore, G Iannaccone, Luigi Rizzo, Como: An open infrastructure for network monitoring-research agenda pp. 1- 14 ,(2005)
Henry Levy, Anna Karlin, Tashana Landray, Denise Pinnel, Alec Wolman, Neal Cardwell, Molly Brown, Geoff Voelker, Nitin Sharma, Organization-based analysis of web-object sharing and caching usenix symposium on internet technologies and systems. pp. 3- 3 ,(1999)
Alex Iliev, Sean Smith, Prototyping an armored data vault rights management on Big Brother's computer privacy enhancing technologies. pp. 144- 159 ,(2002) , 10.1007/3-540-36467-6_11
Michael P. Collins, Michael K. Reiter, Finding Peer-to-Peer File-Sharing Using Coarse Network Behaviors Computer Security – ESORICS 2006. pp. 1- 17 ,(2006) , 10.1007/11863908_1
Bennet S. Yee, J. D. Tygar, Dyad : a system for using physically secure coprocessors ,(1991)
Niels Provos, Encrypting virtual memory usenix security symposium. pp. 3- 3 ,(2000)
Fabian Monrose, Scott E. Coull, Michael P. Collins, Charles V. Wright, Michael K. Reiter, Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Network Traces. network and distributed system security symposium. ,(2007)
P.M. Chen, B.D. Noble, When virtual is better than real [operating system relocation to virtual machines] Proceedings Eighth Workshop on Hot Topics in Operating Systems. pp. 133- 138 ,(2001) , 10.1109/HOTOS.2001.990073