To read the full-text of this research, you can request a copy directly from the authors.
Abstract
Offering strong Information Privacy to cloud users while enabling rich applications is a challenging task. We explore a new cloud platform architecture called Data Protection as a Service, which dramatically reduces the per-application development effort required to offer information privacy, while still allowing rapid development and maintenance.
Permission is hereby granted to make and distribute verbatim copies of this document without royalty or fee. Permission is granted to quote excerpts from this documented provided the original source is properly cited. ii When separately written programs are composed so that they may cooperate, they may instead destructively interfere in unanticipated ways. These hazards limit the scale and functionality of the software systems we can successfully compose. This dissertation presents a framework for enabling those interactions between components needed for the cooperation we intend, while minimizing the hazards of destructive interference. Great progress on the composition problem has been made within the object paradigm, chiefly in the context of sequential, single-machine programming among benign components. We show how to extend this success to support robust composition of concurrent and potentially malicious components distributed over potentially malicious machines. We present E, a distributed, persistent, secure programming language, and CapDesk, a virus-safe desktop built in E, as embodiments of the techniques we explain.
Current standard security practices do not provide substantial assurance that the end-to-end behavior of a computing system satisfies important security policies such as confidentiality. An end-to-end confidentiality policy might assert that secret input data cannot be inferred by an attacker through the attacker's observations of system output; this policy regulates information flow. Conventional security mechanisms such as access control and encryption do not directly address the enforcement of information-flow policies. Recently, a promising new approach has been developed: the use of programming-language techniques for specifying and enforcing information-flow policies. In this paper, we survey the past three decades of research on information-flow security, particularly focusing on work that uses static program analysis to enforce information-flow policies. We give a structured view of recent work in the area and identify some important open challenges.
The goal of a computer system is to run an application workload securely, reliably, efficiently, and fast. A computer's hardware architecture and operating system exist to support this goal, and it would be nice if they cooperated as effectively as possible. ...
We propose a fully homomorphic encryption scheme - i.e., a scheme that allows one to evaluate circuits over encrypted data without being able to decrypt. Our solution comes in three steps. First, we provide a general result - that, to construct an encryption scheme that permits evaluation of arbitrary circuits, it suffices to construct an encryption scheme that can evaluate (slightly augmented versions of) its own decryption circuit; we call a scheme that can evaluate its (augmented) decryption circuit bootstrappable. Next, we describe a public key encryption scheme using ideal lattices that is almost bootstrappable. Lattice-based cryptosystems typically have decryption algorithms with low circuit complexity, often dominated by an inner product computation that is in NC1. Also, ideal lattices provide both additive and multiplicative homomorphisms (modulo a public-key ideal in a polynomial ring that is represented as a lattice), as needed to evaluate general circuits. Unfortunately, our initial scheme is not quite bootstrap- pable - i.e., the depth that the scheme can correctly evalu- ate can be logarithmic in the lattice dimension, just like the depth of the decryption circuit, but the latter is greater than the former. In the final step, we show how to modify the scheme to reduce the depth of the decryption circuit, and thereby obtain a bootstrappable encryption scheme, with- out reducing the depth that the scheme can evaluate. Ab- stractly, we accomplish this by enabling the encrypter to start the decryption process, leaving less work for the de- crypter, much like the server leaves less work for the de- crypter in a server-aided cryptosystem. Categories and Subject Descriptors: E.3 (Data En-
We review the deflnition of difierential privacy and brie∞y survey a handful of very recent contributions to the difierential privacy frontier. 1 Background Difierential privacy is a strong privacy guarantee for an individual's in- put to a (randomized) function or sequence of functions, which we call a privacy mechanism. Informally, the guarantee says that the behavior of the mechanism is essentially unchanged independent of whether any individual opts into or opts out of the data set. Designed for statistical analysis, for example, of health or census data, the deflnition protects the privacy of individuals, and small groups of individuals, while permitting very difierent outcomes in the case of very difierent data sets. We begin by recalling some difierential privacy basics. While the frontier of a vibrant area is always in ∞ux, we will endeavor to give an impression of the state of the art by surveying a handful of extremely recent advances in the fleld. Formally, The degree of privacy ofiered is described by a parameter, ". Deflnition 1. A randomized function K gives "-difierential privacy if for all data sets D and D0 of Hamming distance d(D;D0) • 1 and all S µ Range(K), Pr(K(D) 2 S) • e" £ Pr(K(D0) 2 S)
We present a new technique for determining how much information abouta program's secret inputs is revealed by its public outputs. Incontrast to previous techniques based on reachability from secretinputs (tainting), it achieves a more precise quantitative result bycomputing a maximum flow of information between the inputs andoutputs. The technique uses static control-flow regions to soundlyaccount for implicit flows via branches and pointer operations, butoperates dynamically by observing one or more program executions andgiving numeric flow bounds specific to them (e.g., "17 bits"). Themaximum flow in a network also gives a minimum cut (a set of edgesthat separate the secret input from the output), which can be used toefficiently check that the same policy is satisfied on futureexecutions. We performed case studies on 5 real C, C++, and ObjectiveC programs, 3 of which had more than 250K lines of code. The toolchecked multiple security policies, including one that was violated bya previously unknown bug.
The Slow-Motion Internet
May 2011
E Naone
E. Naone, " The Slow-Motion Internet ", Technology Rev., Mar./Apr. 2011; www.technologyreview.com/files/54902/ GoogleSpeed_charts.pdf.
IBM's Blindfolded Calculator
Aug 2009
A Greenberg
A. Greenberg, " IBM's Blindfolded Calculator ", Forbes, 13 July 2009, [Online] Available: http://www.forbes.com/ forbes/2009/0713/breakthroughs-privacy-super-secret-encryption.html.
Microsoft Urges Laws to Boost Trust in the Cloud
Feb 2010
L Whitney Cnet News
L. Whitney, " Microsoft Urges Laws to Boost Trust in the Cloud ", CNET News, 20 Jan. 2010, [Online] Available: http://news.cnet.com /8301-1009_3-10437844-83.html.