Publications

Refine Results

(Filters Applied) Clear All

Bootstrapping and Maintaining Trust in the Cloud(469.63 KB)

Published in:
Proceedings of the 32nd Annual Computer Security Applications Conference, ACSAC 2016

Summary

Today's infrastructure as a service (IaaS) cloud environments rely upon full trust in the provider to secure applications and data. In this paper we introduce keylime, a scalable trusted cloud key management system. Keylime provides an end-to-end solution for both bootstrapping hardware rooted cryptographic identities for IaaS nodes and for system integrity monitoring of those nodes via periodic attestation.
READ LESS

Summary

Today's infrastructure as a service (IaaS) cloud environments rely upon full trust in the provider to secure applications and data. In this paper we introduce keylime, a scalable trusted cloud key management system. Keylime provides an end-to-end solution for both bootstrapping hardware rooted cryptographic identities for IaaS nodes and for...
READ MORE

Leveraging Data Provenance to Enhance Cyber Resilience(273.48 KB)

Summary

Creating bigger and better walls to keep adversaries out of our systems has been a failing strategy. The recent attacks against Target and Sony Pictures, to name a few, further emphasize this. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers that manage to overcome the “hard-shell” defenses. In this paper, we provide background information on data provenance, details on provenance collection, analysis, and storage techniques and challenges.
READ LESS

Summary

Creating bigger and better walls to keep adversaries out of our systems has been a failing strategy. The recent attacks against Target and Sony Pictures, to name a few, further emphasize this. Data provenance is a critical technology in building resilient systems that will allow systems to recover from attackers...
READ MORE

High-throughput ingest of data provenance records in Accumulo

Published in:
HPEC 2016: IEEE Conf. on High Performance Extreme Computing, 13-15 September 2016.

Summary

Whole-system data provenance provides deep insight into the processing of data on a system, including detecting data integrity attacks. The downside to systems that collect whole-system data provenance is the sheer volume of data that is generated under many heavy workloads. In order to make provenance metadata useful, it must be stored somewhere where it can be queried. This problem becomes even more challenging when considering a network of provenance-aware machines all collecting this metadata. In this paper, we investigate the use of D4M and Accumulo to support high-throughput data ingest of whole-system provenance data. We find that we are able to ingest 3,970 graph components per second. Centrally storing the provenance metadata allows us to build systems that can detect and respond to data integrity attacks that are captured by the provenance system.
READ LESS

Summary

Whole-system data provenance provides deep insight into the processing of data on a system, including detecting data integrity attacks. The downside to systems that collect whole-system data provenance is the sheer volume of data that is generated under many heavy workloads. In order to make provenance metadata useful, it must...
READ MORE

Charting a Security Landscape in the Clouds: Data Protection and Collaboration in Cloud Storage(1.6 MB)

Published in:
MIT Lincoln Laboratory Technical Report 1210

Summary

This report surveys different approaches to securely storing and sharing data in the cloud based on traditional notions of security: confidentiality, integrity, and availability, with the main focus on confidentiality. An appendix discusses the related notion of how users can securely authenticate to cloud providers.
READ LESS

Summary

This report surveys different approaches to securely storing and sharing data in the cloud based on traditional notions of security: confidentiality, integrity, and availability, with the main focus on confidentiality. An appendix discusses the related notion of how users can securely authenticate to cloud providers.
READ MORE

Cryptography for Big Data Security(538.97 KB)

Published in:
Chapter in Big Data: Storage, Sharing, and Security, Fei Hu (editor), Auerbach Publications

Summary

New and improved security tools are needed to protect systems collecting and handling big data to allow applications to reap the benefits of big data analysis without the risk of such catastrophic attacks. Modern cryptography offers many powerful technologies that can help protect big data applications throughout the data lifecycle, as it is being collected, stored in repositories, and processed by analysts. In this chapter, we give a brief survey of several of these technologies and explain how they can help big data security.
READ LESS

Summary

New and improved security tools are needed to protect systems collecting and handling big data to allow applications to reap the benefits of big data analysis without the risk of such catastrophic attacks. Modern cryptography offers many powerful technologies that can help protect big data applications throughout the data lifecycle,...
READ MORE

SoK: Privacy on Mobile Devices – It’s Complicated(1.07 MB)

Summary

Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users’ lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications and features, in many cases without a full appreciation of the nature and extent of the information that they are exposing to a variety of third parties.

READ LESS

Summary

Modern mobile devices place a wide variety of sensors and services within the personal space of their users. As a result, these devices are capable of transparently monitoring many sensitive aspects of these users’ lives (e.g., location, health, or correspondences). Users typically trade access to this data for convenient applications...
READ MORE

Spyglass: Demand-Provisioned Linux Containers for Private Network Access(1.26 MB)

Published in:
Proceedings of the 29th Large Installation System Administration conference (LISA15), Washington D.C.

Summary

System administrators have super-user access to the low level infrastructure of the systems and networks they maintain. Given the typical administrator’s breadth of access to this infrastructure, administrators or the client devices they use are a prime target for compromise by a motivated adversary. In this paper, we describe Spyglass, a tool for managing, securing, and auditing administrator access to private or sensitive infrastructure networks by creating on-demand bastion hosts inside of Linux containers.
READ LESS

Summary

System administrators have super-user access to the low level infrastructure of the systems and networks they maintain. Given the typical administrator’s breadth of access to this infrastructure, administrators or the client devices they use are a prime target for compromise by a motivated adversary. In this paper, we describe Spyglass,...
READ MORE

Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity(280.86 KB)

Summary

Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets statically and checking them at runtime. In this work, we show that even a fine grained form of CFI with unlimited number of tags and a shadow stack (to check calls and returns) is ineffective in protecting against malicious attacks.
READ LESS

Summary

Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets statically and checking them at runtime. In this work, we show that even a fine grained form of CFI with unlimited number of tags...
READ MORE

Timely Rerandomization for Mitigating Memory Disclosures(215.65 KB)

Published in:
Proceedings of ACM Conference on Computer and Communications Security (CCS)

Summary

Address Space Layout Randomization (ASLR) can increase the cost of exploiting memory corruption vulnerabilities. One major weakness of ASLR is that it assumes the secrecy of memory addresses and is thus ineffective in the face of memory disclosure vulnerabilities. In this paper we present an approach that synchronizes randomization with potential runtime disclosure.
READ LESS

Summary

Address Space Layout Randomization (ASLR) can increase the cost of exploiting memory corruption vulnerabilities. One major weakness of ASLR is that it assumes the secrecy of memory addresses and is thus ineffective in the face of memory disclosure vulnerabilities. In this paper we present an approach that synchronizes randomization with...
READ MORE

Unifying Leakage Classes: Simulatable Leakage and Pseudoentropy(324.96 KB)

Published in:
Information Theoretic Security, Lecture Notes in Computer Science, vol. 9063, pp. 69-86

Summary

Leakage resilient cryptography designs systems to withstand partial adversary knowledge of secret state. Ideally, leakage-resilient systems withstand current and future attacks, restoring confidence in the security of implemented cryptographic systems. Understanding the relation between classes of leakage functions is an important aspect. In this work, we consider the memory leakage model, where the leakage class contains functions over the system’s entire secret state. Standard limitations include functions with bounded output length, functions that retain (pseudo) entropy in the secret, and functions that leave the secret computationally unpredictable.
READ LESS

Summary

Leakage resilient cryptography designs systems to withstand partial adversary knowledge of secret state. Ideally, leakage-resilient systems withstand current and future attacks, restoring confidence in the security of implemented cryptographic systems. Understanding the relation between classes of leakage functions is an important aspect. In this work, we consider the memory leakage...
READ MORE