DOCSLIB.ORG

Efficient Data Protection by Noising, Masking, and Metering

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Efficient Data Protection by Noising, Masking, and Metering EFFICIENT DATA PROTECTION BY NOISING, MASKING, AND METERING Qiuyu Xiao A Dissertation submitted to the faculty at the University of North Carolina at Chapel Hill in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Computer Science. Chapel Hill 2019 Approved by: Michael K. Reiter Lujo Bauer Jasleen Kaur Jonathan M. McCune Donald E. Porter © 2019 Qiuyu Xiao ALL RIGHTS RESERVED ii ABSTRACT Qiuyu Xiao: Efficient Data Protection by Noising, Masking, and Metering (Under the direction of Michael K. Reiter) Protecting data secrecy is an important design goal of computing systems. Conventional tech- niques like access control mechanisms and cryptography are widely deployed, and yet security breaches and data leakages still occur. There are several challenges. First, sensitivity of the sys- tem data is not always easy to decide. Second, trustworthiness is not a constant property of the system components and users. Third, a system’s functional requirements can be at odds with its data protection requirements. In this dissertation, we show that efficient data protection can be achieved by noising, masking, or metering sensitive data. Specifically, three practical problems are addressed in the dissertation—storage side-channel attacks in Linux, server anonymity vio- lations in web sessions, and data theft by malicious insiders. To mitigate storage side-channel attacks, we introduce a differentially private system, dpprocfs, which injects noise into side- channel vectors and also reestablishes invariants on the noised outputs. Our evaluations show that dpprocfs mitigates known storage side channels while preserving the utility of the proc filesys- tem for monitoring and diagnosis. To enforce server anonymity, we introduce a cloud service, PoPSiCl, which masks server identifiers, including DNS names and IP addresses, with person- alized pseudonyms. PoPSiCl can defend against both passive and active network attackers with minimal impact to web-browsing performance. To prevent data theft from insiders, we introduce a system, Snowman, which restricts the user to access data only remotely and accurately meters the sensitive data output to the user by conducting taint analysis in a replica of the application execution without slowing the interactive user session. iii TABLE OF CONTENTS LIST OF TABLES . viii LIST OF FIGURES . ix LIST OF ABBREVIATIONS . xi CHAPTER 1: INTRODUCTION . 1 1.1 Noising . 2 1.2 Masking . 3 1.3 Metering . 4 CHAPTER 2: DPPROCFS: NOISING SIDE-CHANNEL VECTORS TO MITIGATE STORAGE SIDE CHANNELS1 .......................................... 6 2.1 Background . 9 2.1.1 Side Channel Attacks via PROCFS . 9 2.1.2 Differential Privacy . 10 2.1.3 d-Privacy................................................................ 11 2.2 Design of a d-Private Procfs . 13 2.2.1 Threat Model . 13 2.2.2 Design Overview . 14 2.2.3 d∗-Private Mechanism Design . 17 2.2.4 Consistency Enforcement . 22 2.3 Implementation . 23 2.3.1 d∗-Private Mechanism Implementation . 24 1This chapter is excerpted from previously published work [161] iv 2.3.2 Invariant Generation . 25 2.3.3 Reestablishing Invariants . 27 2.4 Evaluation . 28 2.4.1 Security Evaluation . 29 2.4.1.1 Defending Against Keystroke Timing Attacks . 29 2.4.1.2 Mitigating Website Inference . 30 2.4.2 Utility Evaluation . 32 2.4.2.1 Relative Error . 32 2.4.2.2 Rank Accuracy of top ......................................... 34 2.5 Discussion . 37 2.6 Summary . 39 CHAPTER 3: POPSICL: MASKING SERVER IDENTIFIERS TO ENFORCE SERVER ANONYMITY2 .......................................................... 40 3.1 Background . 43 3.2 Design Principles. 45 3.2.1 Security . 45 3.2.2 Usability . 48 3.3 Design . 50 3.3.1 Registering a PoPSiCl . 50 3.3.2 Connection Establishment . 52 3.3.3 HTTP-specific Mechanisms . 55 3.3.4 Design Principles, Revisited . 58 3.4 Implementation . 60 3.4.1 PoPSiCl Store . 60 3.4.2 Cloud SDN Controller . 62 3.4.3 Tenant HTTP Server . 62 2This chapter is excerpted from previously published work [162] v 3.5 Evaluation . 63 3.5.1 Performance . 64 3.5.2 Scalability . 66 3.6 Traffic Analysis . 70 3.6.1 Design . 71 3.6.2 Evaluation . 72 3.7 Discussion . 74 3.8 Summary . 76 CHAPTER 4: SNOWMAN: METERING GRAPHICAL DATA LEAKAGE TO DE- TECT SENSITIVE DATA EXFILTRATION. 77 4.1 Background . 80 4.2 System Design and Implementation . 83 4.2.1 Overview . ..
Load more

Recommended publications
  • Model Driven Scheduling for Virtualized Workloads
    Model Driven Scheduling for Virtualized Workloads Proefschrift voorgelegd op 28 juni 2013 tot het behalen van de graad van Doctor in de Wetenschappen – Informatica, bij de faculteit Wetenschappen, aan de Universiteit Antwerpen. PROMOTOREN: prof. dr. Jan Broeckhove dr. Kurt Vanmechelen Sam Verboven RESEARCH GROUP COMPUTATIONAL MODELINGAND PROGRAMMING Dankwoord Het behalen van een doctoraat is een opdracht die zonder hulp onmogelijk tot een goed einde kan gebracht worden. Gelukkig heb ik de voorbije jaren de kans gekregen om samen te werken met talrijke stimulerende collega’s. Stuk voor stuk hebben zij bijgedragen tot mijn professionele en persoonlijke ontwikkeling. Hun geduldige hulp en steun was essentieel bij het overwinnen van de vele uitdagingen die met een doctoraat gepaard gaan. Graag zou ik hier dan ook enkele woorden van dank neerschrijven. Allereerst zou ik graag prof. dr. Jan Broeckhove en em. prof. dr. Frans Arickx bedanken om mij de kans te geven een gevarieerde en boeiend academisch traject te starten. Bij het beginnen van mijn doctoraat heeft Frans mij niet alleen geholpen om een capabel onderzoeker te worden, ook bij het lesgeven heeft hij mij steeds met raad en daad bijgestaan. Na het emiraat van Frans heeft Jan deze begeleiding overgenomen en er voor gezorgd dat ik het begonnen traject ook succesvol kon beeïndigen. Beiden hebben ze mij steeds grote vrijheid gegeven in mijn zoektocht om interessante onderzoeksvragen te identificeren en beantwoorden. Vervolgens zou ik graag dr. Peter Hellinckx en dr. Kurt Vanmechelen bedanken voor hun persoonlijke en vaak intensieve begeleiding. Zelfs voor de start van mijn academische carrière, bij het schrijven van mijn Master thesis, heeft Peter mij klaar- gestoomd voor een vlotte start als onderzoeker.
    [Show full text]
  • Towards Better Performance Per Watt in Virtual Environments on Asymmetric Single-ISA Multi-Core Systems
    Towards Better Performance Per Watt in Virtual Environments on Asymmetric Single-ISA Multi-core Systems Viren Kumar Alexandra Fedorova Simon Fraser University Simon Fraser University 8888 University Dr 8888 University Dr Vancouver, Canada Vancouver, Canada [email protected] [email protected] ABSTRACT performance per watt than homogeneous multicore proces- Single-ISA heterogeneous multicore architectures promise to sors. As power consumption in data centers becomes a grow- deliver plenty of cores with varying complexity, speed and ing concern [3], deploying ASISA multicore systems is an performance in the near future. Virtualization enables mul- increasingly attractive opportunity. These systems perform tiple operating systems to run concurrently as distinct, in- at their best if application workloads are assigned to het- dependent guest domains, thereby reducing core idle time erogeneous cores in consideration of their runtime proper- and maximizing throughput. This paper seeks to identify a ties [4][13][12][18][24][21]. Therefore, understanding how to heuristic that can aid in intelligently scheduling these vir- schedule data-center workloads on ASISA systems is an im- tualized workloads to maximize performance while reducing portant problem. This paper takes the first step towards power consumption. understanding the properties of data center workloads that determine how they should be scheduled on ASISA multi- We propose that the controlling domain in a Virtual Ma- core processors. Since virtual machine technology is a de chine Monitor or hypervisor is relatively insensitive to changes facto standard for data centers, we study virtual machine in core frequency, and thus scheduling it on a slower core (VM) workloads. saves power while only slightly affecting guest domain per- formance.
    [Show full text]
  • Big Data Benchmarking Workshop Publications
    Benchmarking Datacenter and Big Data Systems Wanling Gao, Zhen Jia, Lei Wang, Yuqing Zhu, Chunjie Luo, Yingjie Shi, Yongqiang He, Shiming Gong, Xiaona Li, Shujie Zhang, Bizhu Qiu, Lixin Zhang, Jianfeng Zhan INSTITUTE OFTECHNOLOGY COMPUTING http://prof.ict.ac.cn/ICTBench 1 Acknowledgements This work is supported by the Chinese 973 project (Grant No.2011CB302502), the Hi- Tech Research and Development (863) Program of China (Grant No.2011AA01A203, No.2013AA01A213), the NSFC project (Grant No.60933003, No.61202075) , the BNSFproject (Grant No.4133081), and Huawei funding. 2/ Big Data Benchmarking Workshop Publications BigDataBench: a Big Data Benchmark Suite from Web Search Engines. Wanling Gao, et al. The Third Workshop on Architectures and Systems for Big Data (ASBD 2013) in conjunction with ISCA 2013. Characterizing Data Analysis Workloads in Data Centers. Zhen Jia, et al. 2013 IEEE International Symposium on Workload Characterization (IISWC-2013) Characterizing OS behavior of Scale-out Data Center Workloads. Chen Zheng et al. Seventh Annual Workshop on the Interaction amongst Virtualization, Operating Systems and Computer Architecture (WIVOSCA 2013). In Conjunction with ISCA 2013.[ Characterization of Real Workloads of Web Search Engines. Huafeng Xi et al. 2011 IEEE International Symposium on Workload Characterization (IISWC-2011). The Implications of Diverse Applications and Scalable Data Sets in Benchmarking Big Data Systems. Zhen Jia et al. Second workshop of big data benchmarking (WBDB 2012 India) & Lecture Note in Computer
    [Show full text]
  • Imageman.Net Getting Started
    ImageMan.Net Getting Started 1 ImageMan.Net Version 3 The ImageMan.Net product includes fully managed .Net components providing an easy to use, yet rich imaging toolkit. Fully Managed Assemblies support X-Copy deployment and do not use COM Support for reading/writing many image formats including TIFF, BMP, DIB, RLE, PCX, DCX, TGA, PCX, DCX, JPG, JPEG 2000, PNG, GIF, EMF, WMF, PDF(with optional PDF Export/Import Addon Options), even plug in your own image codecs Object oriented architecture simplifies development. High level functionality allows for quick development while low level classes provide ultimate control Works with the ImageMan.Net Twain controls to easily scan from Twain compatible scanners, cameras and frame grabbers Winforms Viewer, File Open, Thumbnail Viewer, Annotation and Annotation Toolstrip controls Barcode creation and recognition support for 1-d and 2-d barcodes symbologies including QR, Datamatrix, 3 of 9, Codabar, PDF417, Code 3 of 9, Code 3 of 9 Extended, Code 93, EAN-8, EAN-13, UPC-A, UPC-E, Aztec, Interleaved 2 of 5, Codabar and more Document Edition includes royalty free OCR, Annotations and document processing commands including despeckle, border removal, border cleanup and more Supports building client side Winforms and ASP.Net server side applications 32 & 64 bit assemblies for .Net 2.0, .Net 3.x and 4.x Support for Visual Studio 2005, 2008, 2010, 2012 and 2013 Context Sensitive Online Help and Documentation Backed up by Data Techniques professional support staff 1 ImageMan.Net Getting Started ImageMan.Net Getting Started 2 What's New in Version 3 What's new in the Summer Release PDFEncoder & OCR Engine Enhanced the Searchable PDF Support by assuring that the searchable text lines up with the raster image content.
    [Show full text]
  • An Experimental Evaluation of Datacenter Workloads on Low-Power Embedded Micro Servers
    An Experimental Evaluation of Datacenter Workloads On Low-Power Embedded Micro Servers Yiran Zhao, Shen Li, Shaohan Hu, Hongwei Wang Shuochao Yao, Huajie Shao, Tarek Abdelzaher Department of Computer Science University of Illinois at Urbana-Champaign fzhao97, shenli3, shu17, hwang172, syao9, hshao5, [email protected] ABSTRACT To reduce datacenter energy cost, power proportional- This paper presents a comprehensive evaluation of an ultra- ity [47] is one major solution studied and pursued by both low power cluster, built upon the Intel Edison based micro academia and industry. Ideally, it allows datacenter power servers. The improved performance and high energy effi- draw to proportionally follow the fluctuating amount of work- ciency of micro servers have driven both academia and in- load, thus saving energy during non-peak hours. However, dustry to explore the possibility of replacing conventional current high-end servers are not energy-proportional and brawny servers with a larger swarm of embedded micro ser- have narrow power spectrum between idling and full uti- vers. Existing attempts mostly focus on mobile-class mi- lization [43], which is far from ideal. Therefore, researchers cro servers, whose capacities are similar to mobile phones. try to improve energy-proportionality using solutions such We, on the other hand, target on sensor-class micro servers, as dynamic provisioning and CPU power scaling. The for- which are originally intended for uses in wearable technolo- mer relies on techniques such as Wake-On-LAN [36] and gies, sensor networks, and Internet-of-Things. Although VM migration [24] to power on/off servers remotely and dy- sensor-class micro servers have much less capacity, they are namically.
    [Show full text]
  • New Developments in Marketing
    18 New developments in marketing The application of the Internet is leading to new developments in marketing, in relation to both suppliers and customers. A major development is the change from supply driven to demand driven. No longer is the major focus to make a transaction (deal), but to create an individual relationship. Part of the changed focus is the involvement of supplier and buyer in the buying process as described earlier, the different forms of relationship in the supply chain and with suppliers, and finally the interaction and communication with customers. 18.1 Changes in the role of suppliers The relationship with suppliers will change in a business-to-business environment (Figure 18.1). The dependency on each other will grow, but will also make the relationship closer. The market is agile and dynamic, market changes are rapid and the loyalty of customers is Internet strategy Reach Information Stock, sales conditions Communication Product information, delivery time, EDI, email Transaction EDI, VMI, Development/time service contract Infrastructure VPN, concept sharing, collaborating Figure 18.1 Relationship with suppliers Technology enables change communication drives change Taylor & Francis proofs - not for distribution 218 Marketing strategy in a dynamic world diminishing. This will lead to a more flexible approach to the market. The standard supply chain will lead to inflexibility because of the different roles of supplier, wholesaler, logistic service supplier and retailer, but also because of the ‘buffer stock’ in the supply chain. There will be a need for less stock in the total chain, which will lead to a ‘single stock location’ approach.
    [Show full text]
  • Adaptive Control of Apache Web Server
    Adaptive Control of Apache Web Server Erik Reed Abe Ishihara Ole J. Mengshoel Carnegie Mellon University Carnegie Mellon University Carnegie Mellon University Moffett Field, CA 94035 Moffett Field, CA 94035 Moffett Field, CA 94035 [email protected] [email protected] [email protected] Abstract least load. Typical implementations of load balancing deal with round robin balancing for domain name service Traffic to a Web site can vary dramatically. At the same (DNS) [7]. Much of existing frameworks and previous time it is highly desirable that a Web site is reactive. To research deal with inter-server connections and balanc- provide crisp interaction on thin clients, 150 milliseconds ing, with little or no focus on dynamic parameter adjust- has been suggested as an upper bound on response time. ment of individual servers. Unfortunately, the popular Apache Web server is lim- Focusing on an individual Web server rather than a ited in its capabilities to be reactive under varying traf- cluster of machines, we investigate in this paper an alter- fic. To address this problem, we design in this paper an native approach to ensuring quick and predictable user adaptive controller for the Apache Web server. A modi- response, namely feedback control and specifically Min- fied recursive least squares algorithm is used to identify imum Degree Pole Placement control [5]. This can be in system dynamics and a minimum degree pole placement an environment where inter-server load balancing is al- controller is implemented to adjust the maximum num- ready in place, or when a single server is handling Web ber of concurrent connections.
    [Show full text]
  • Energy Efficiency of Server Virtualization
    Energy Efficiency of Server Virtualization Jukka Kommeri Tapio Niemi Olli Helin Helsinki Institute of Physics, Helsinki Institute of Physics, Helsinki Institute of Physics, Technology program, CERN, Technology program, CERN, Technology program, CERN, CH-1211 Geneva 23, Switzerland CH-1211Geneva 23, Switzerland CH-1211 Geneva 23, Switzerland [email protected] [email protected] [email protected] Abstract—The need for computing power keeps on growing. combine several services into one physical server. In this The rising energy expenses of data centers have made server way, these technologies make it possible to take better consolidation and virtualization important research areas. advantage of hardware resources. Virtualization and its performance have received a lot of attention and several studies can be found on performance. In this study, we focus on energy efficiency of different So far researches have not studied the overall performance virtualization technologies. Our aim is to help the system and energy efficiency of server consolidation. In this paper we administrator to decide how services should be consolidated study the effect of server consolidation on energy efficiency with to minimize energy consumption without violating quality an emphasis on quality of service. We have studied this with of service agreements. several synthetic benchmarks and with realistic server load by performing a large set of measurements. We found out that We studied energy consumption of virtualized servers with energy-efficiency depends on the load of the virtualized service two open source virtualization solutions; KVM and Xen. and the number of virtualized servers. Idle virtual servers do They were tested both under load and idle.
    [Show full text]
  • Remote Profiling of Resource Constraints of Web Servers Using
    Remote Profiling of Resource Constraints of Web Servers Using Mini-Flash Crowds Pratap Ramamurthy Vyas Sekar Aditya Akella Balachander Krishnamurthy UW-Madison CMU UW-Madison AT&T–Labs Research Anees Shaikh IBM Research Abstract often limited, this can be difficult. Hence, large providers Unexpected surges in Web request traffic can exercise who can afford it typically resort to over-provisioning, or server-side resources (e.g., access bandwidth, process- employ techniques such as distributed content delivery or ing, storage etc.) in undesirable ways. Administra- dynamic server provisioning, to minimize the impact of tors today do not have requisite tools to understand the unexpected surges in request traffic. Smaller application impact of such “flash crowds” on their servers. Most providers may trade-off robustness to large variations in Web servers either rely on over-provisioning and admis- workload for a less expensive infrastructure that is provi- sion control, or use potentially expensive solutions like sioned for the expected common case. CDNs, to ensure high availability in the face of flash This approach still leaves operators without a sense crowds. A more fine-grained understanding of the per- of how their application infrastructure will handle large formance of individual server resources under emulated increases in traffic, due to planned events such as annual but realistic and controlled flash crowd-like conditions sales or Web casts, or unexpected flash crowds. While can aid administrators to make more efficient resource these events may not occur frequently, the inability of the management decisions. In this paper, we present mini- infrastructure to maintain reasonably good service, or at flash crowds (MFC) – a light-weight profiling service least degrade gracefully, can lead to significant loss of that reveals resource bottlenecks in a Web server infras- revenue and dissatisfied users.
    [Show full text]
  • Optimal Power Allocation in Server Farms
    Optimal Power Allocation in Server Farms Anshul Gandhi∗ Mor Harchol-Balter∗ Rajarshi Das† Charles Lefurgy†† March 2009 CMU-CS-09-113 School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 ∗School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, USA †IBM T.J. Watson Research Center, Hawthorne, NY, USA ††IBM Research, Austin, TX, USA Research supported by NSF SMA/PDOS Grant CCR-0615262 and a 2009 IBM Faculty Award. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of NSF or IBM. Keywords: Power Management, Server Farm, Response Time, Power-to-Frequency, Data Center Abstract Server farms today consume more than 1.5% of the total electricity in the U.S. at a cost of nearly $4.5 billion. Given the rising cost of energy, many industries are now looking for solutions on how to best make use of their available power. An important question which arises in this context is how to distribute available power among servers in a server farm so as to get maximum perfor- mance. By giving more power to a server, one can get higher server frequency (speed). Hence it is commonly believed that for a given power budget, performance can be maximized by oper- ating servers at their highest power levels. However, it is also conceivable that one might prefer to run servers at their lowest power levels, which allows more servers for a given power budget. To fully understand the effect of power allocation on performance in a server farm with a fixed power budget, we introduce a queueing theoretic model, which also allows us to predict the opti- mal power allocation in a variety of scenarios.
    [Show full text]
  • Location Based Service in Indoor Environment Using Quick Response Code Technology
    LOCATION BASED SERVICE IN INDOOR ENVIRONMENT USING QUICK RESPONSE CODE TECHNOLOGY a,* a Farshad Hakimpour , Ali Zare Zardiny a Department of Geomatics Engineering, Faculty of Engineering, University of Tehran, (fhakimpour, zare_zardiny)@ut.ac.ir KEYWORDS: Location Based Service, QR Code, Indoor Positioning, NFC, RFID, WiFi ABSTRACT: Today by extensive use of intelligent mobile phones, increased size of screens and enriching the mobile phones by Global Positioning System (GPS) technology use of location based services have been considered by public users more than ever.. Based on the position of users, they can receive the desired information from different LBS providers. Any LBS system generally includes five main parts: mobile devices, communication network, positioning system, service provider and data provider. By now many advances have been gained in relation to any of these parts; however the users positioning especially in indoor environments is propounded as an essential and critical issue in LBS. It is well known that GPS performs too poorly inside buildings to provide usable indoor positioning. On the other hand, current indoor positioning technologies such as using RFID or WiFi network need different hardware and software infrastructures. In this paper, we propose a new method to overcome these challenges. This method is using the Quick Response (QR) Code Technology. QR Code is a 2D encrypted barcode with a matrix structure which consists of black modules arranged in a square grid. Scanning and data retrieving process from QR Code is possible by use of different camera-enabled mobile phones only by installing the barcode reader software. This paper reviews the capabilities of QR Code technology and then discusses the advantages of using QR Code in Indoor LBS (ILBS) system in comparison to other technologies.
    [Show full text]
  • Benchmarking Models and Tools for Distributed Web-Server Systems
    Benchmarking Models and Tools for Distributed Web-Server Systems Mauro Andreolini1, Valeria Cardellini1, and Michele Colajanni2 1 Dept. of Computer, Systems and Production University of Roma “Tor Vergata” Roma I-00133, Italy andreolini,cardellini @ing.uniroma2.it, { } 2 Dept. of Information Engineering University of Modena Modena I-41100, Italy [email protected] Abstract. This tutorial reviews benchmarking tools and techniques that can be used to evaluate the performance and scalability of highly accessed Web-server systems. The focus is on design and testing of lo- cally and geographically distributed architectures where the performance evaluation is obtained through workload generators and analyzers in a laboratory environment. The tutorial identifies the qualities and issues of existing tools with respect to the main features that characterize a benchmarking tool (workload representation, load generation, data col- lection, output analysis and report) and their applicability to the analysis of distributed Web-server systems. 1 Introduction The explosive growth in size and usage of the Web is causing enormous strain on users, network service, and content providers.Sophisticated software components have been implemented for the provision of critical services through the Web. Consequently, many research efforts have been directed toward improving the performance of Web-based services through caching and replication solutions.A large variety of novel content delivery architectures, such as distributed Web- server systems, cooperative proxy
    [Show full text]