DATS - Data Containers for Web Applications

Hunger, Casen; Vilanova, Lluís; Papamanthou, Charalampos; Etsion, Yoav; Tiwari, Mohit

doi:10.1145/3173162.3173213

Cited by 8 publications

(3 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, currently, there is no mechanism deployed in the host programs that restricts them to obey the reference monitor. The DATS architecture for web applications [49] limits request processing to a restricted set of permissions. Given recent efforts in privilege separation [44], [50], restricting the permissions of host programs after authorization is future work.…”

Section: Discussionmentioning

confidence: 99%

TALISMAN: Tamper Analysis for Reference Monitors

Capobianco,

Zhou,

Basu

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Correct access control enforcement is a critical foundation for data security. The reference monitor is the key component for enforcing access control, which is supposed to provide tamperproof mediation of all security-sensitive operations. Since reference monitors are often deployed in complex software handling a wide variety of operation requests, such as operating systems and server programs, a question is whether reference monitor implementations may have flaws that prevent them from achieving these requirements. In the past, automated analyses detected flaws in complete mediation. However, researchers have not yet developed methods to detect flaws that may tamper with the reference monitor, despite the many vulnerabilities found in such programs. In this paper, we develop TALISMAN, an automated analysis for detecting flaws that may tamper the execution of reference monitor implementations. At its core, TALISMAN implements a precise information flow integrity analysis to detect violations that may tamper the construction of authorization queries. TALISMAN applies a new, relaxed variant of noninterference that eliminates several spurious implicit flow violations. TALISMAN also provides a means to vet expected uses of untrusted data in authorization using endorsement. We apply TALISMAN on three reference monitor implementations used in the Linux Security Modules framework, SELinux, AppArmor, and Tomoyo, verifying 80% of the arguments in authorization queries generated by these LSMs. Using TALISMAN, we also found vulnerabilities in how pathnames are used in authorization by Tomoyo and AppArmor allowing adversaries to circumvent authorization. TALISMAN shows that tamper analysis of reference monitor implementations can automatically verify many cases and also enable the detection of critical flaws.

show abstract

Section: Discussionmentioning

confidence: 99%

TALISMAN: Tamper Analysis for Reference Monitors

Capobianco,

Zhou,

Basu

et al. 2024

Proceedings 2024 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Recent architectures offer privacy-preserving offloaded computation. Data privacy techniques include Trusted Execution Environments (TEEs) [34,51,68], as well as memory access control and obfuscation [33,56,65,67]. While these prior techniques are vulnerable to side channel attacks, HE is not.…”

Section: Related Workmentioning

confidence: 99%

Client-optimized algorithms and acceleration for encrypted compute offloading

Hagen

Lucia

2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

View full text Add to dashboard Cite

Homomorphic Encryption (HE) enables secure cloud offload processing on encrypted data. HE schemes are limited in the complexity and type of operations they can perform, motivating client-aided implementations that distribute computation between client (unencrypted) and server (encrypted). Prior client-aided systems optimize server performance, ignoring client costs: client-aided models put encryption and decryption on the critical path and require communicating large ciphertexts. We introduce Client-aided HE for Opaque Compute Offloading (CHOCO), a client-optimized system for encrypted offload processing. CHOCO reduces ciphertext size, reducing communication and computing costs through HE parameter minimization and through "rotational redundancy", a new HE algorithm optimization. We present Client-aided HE for Opaque Compute Offloading Through Accelerated Cryptographic Operations (CHOCO-TACO), an accelerator for HE encryption and decryption, making client-aided HE feasible for even resource-constrained clients. CHOCO supports two popular HE schemes (BFV and CKKS) and several applications, including DNNs, PageRank, KNN, and K-Means. CHOCO reduces communication by up to 2948× over prior work. With CHOCO-TACO client enc-/decryption is up to 1094× faster and uses up to 648× less energy. CCS CONCEPTS• Security and privacy → Cryptography; • Computer systems organization → Parallel architectures; • Software and its engineering → Designing software.

show abstract

“…Recent architectures offer privacy-preserving offloaded computation. Some techniques ensure data privacy, such as Trusted Execution Environments (TEEs) [8]- [10] and memory access control and obfuscation [58]- [61]. While these prior techniques are vulnerable to side channel attacks, HE is not and data remain private while offloaded; HE is favorable thanks to its strong, proven privacy guarantee.…”

Section: Hardware Securitymentioning

confidence: 99%

Practical Encrypted Computing for IoT Clients

van der Hagen,

Lucia

2021

Preprint

View full text Add to dashboard Cite

Privacy and energy are primary concerns for sensor devices that offload compute to a potentially untrusted edge server or cloud. Homomorphic Encryption (HE) enables offload processing of encrypted data. HE offload processing retains data privacy, but is limited by the need for frequent communication between the client device and the offload server. Existing client-aided encrypted computing systems are optimized for performance on the offload server, failing to sufficiently address client costs, and precluding HE offload for low-resource (e.g., IoT) devices. We introduce Client-aided HE for Opaque Compute Offloading (CHOCO), a client-optimized system for encrypted offload processing. CHOCO introduces rotational redundancy, an algorithmic optimization to minimize computing and communication costs. We design Client-aided HE for Opaque Compute Offloading Through Accelerated Cryptographic Operations (CHOCO-TACO), a comprehensive architectural accelerator for client-side cryptographic operations that eliminates most of their time and energy costs. Our evaluation shows that CHOCO makes client-aided HE offloading feasible for resourceconstrained clients. Compared to existing encrypted computing solutions, CHOCO reduces communication cost by up to 2948×. With hardware support, client-side encryption/decryption is faster by 1094× and uses 648× less energy. In our end-to-end implementation of a large-scale DNN (VGG16), CHOCO uses 37% less energy than local (unencrypted) computation.

show abstract

DATS - Data Containers for Web Applications

Cited by 8 publications

References 37 publications

TALISMAN: Tamper Analysis for Reference Monitors

TALISMAN: Tamper Analysis for Reference Monitors

Client-optimized algorithms and acceleration for encrypted compute offloading

Practical Encrypted Computing for IoT Clients

Contact Info

Product

Resources

About