Protecting Outsourced Data Privacy with Lifelong Policy Carrying
作者: Xiaoguang Wang , Qi Yong , Yuehua Dai , Jianbao Ren , Zhang Hang
DOI: 10.1109/HPCC.AND.EUC.2013.128
关键词:
摘要: The lack of remote data access control capability and the loss trail make owners hesitate when they have to outsource their sensitive third party platform. no choice but trust software before ship environment. In this paper we propose a new set guiding principles for protecting outsourced with owner specified policy. Compared traditional mechanism equipped by service providers, which can be regarded as first layer confinement, aim provide second confinement on propagation without modifying existing data-access applications. This is achieved two critical techniques: (1) policy-carrying model that binds customer logical policy, (2) application running environment acts verifier controller. To demonstrate feasibility approach, build (LDPAC) system, in human-readable policy abstract provided formulate access. When shipped provider, per-node LDPAC module conducts proof checking mediate Meanwhile, authorized intends forced run an container, order prevent leakage through in-memory breaches. Our evaluation shows system adds reasonable performance overhead mediation, while preserving original deployment.
sci-hub.se 参考文章(25)
Robert Love, Kernel korner: intro to inotify Linux Journal. ,vol. 2005, pp. 8- ,(2005)
Devdatta Akhawe, Petros Maniatis, Kevin Fall, Dawn Song, Elaine Shi, Stephen McCamant, Do you know where your data are?: secure data capsules for deployable data protection hot topics in operating systems. pp. 22- 22 ,(2011)
Sandeep Bhatkar, R. Sekar, Wei Xu, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks usenix security symposium. pp. 9- ,(2006)
Krishna P. Gummadi, Nuno Santos, Rodrigo Rodrigues, Stefan Saroiu, Policy-sealed data: a new abstraction for building trusted cloud services usenix security symposium. pp. 10- 10 ,(2012)
Christos Kozyrakis, Hari Kannan, Michael Dalton, Real-world buffer overflow protection for userspace & kernelspace usenix security symposium. pp. 395- 410 ,(2008)
Yu-Yuan Chen, Pramod A. Jamkhedkar, Ruby B. Lee, A software-hardware architecture for self-protecting data Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 14- 27 ,(2012) , 10.1145/2382196.2382201
Arvind Seshadri, Mark Luk, Ning Qu, Adrian Perrig, SecVisor Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles - SOSP '07. ,vol. 41, pp. 335- 350 ,(2007) , 10.1145/1294261.1294294
Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, Fred B. Schneider, Logical attestation Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles - SOSP '11. pp. 249- 264 ,(2011) , 10.1145/2043556.2043580
Ahmad-Reza Sadeghi, Christian Stüble, Property-based attestation for computing platforms Proceedings of the 2004 workshop on New security paradigms - NSPW '04. pp. 67- 77 ,(2005) , 10.1145/1065907.1066038
Steve Vandebogart, Petros Efstathopoulos, Eddie Kohler, Maxwell Krohn, Cliff Frey, David Ziegler, Frans Kaashoek, Robert Morris, David Mazieres, None, Labels and event processes in the Asbestos operating system ACM Transactions on Computer Systems. ,vol. 25, pp. 11- ,(2007) , 10.1145/1314299.1314302