-
Notifications
You must be signed in to change notification settings - Fork 0
Home
As cloud computing technology gains popularity, an increasing amount of data and computation are moving to the third-party cloud services. In particular, the Software-as-a-Service (SaaS) model has become gained wide acceptance due to its advantages such as ubiquitous accessibility, no need for installation, and the pay-as-you-go payment model.
Accompanied by this new technological trend is heightened awareness and concerns over data privacy. Business and users can be reluctant to use SaaS, for fear of losing control over their sensitive data.
Today’s paradigm is for users and data owners to fully trust the cloud service provider. Specifically, they need to trust that the cloud service provider will consistently make wise and well-informed decisions when it comes to protecting the privacy of their data. Unless law makers, industry, and consumer privacy groups strive to make a change, this paradigm is likely to persist.
Past experiences have taught us that protecting user privacy is a delicate issue. For example, AOL and Netflix released anonymized search query logs and movie preference data. However, researchers were able to deanonymize and re-identify users in both datasets after their release.
Another threat is potential security breaches caused by software vulnerabilities in the cloud service’s infrastructure. For example, a recent security breach of RockYou, a social gaming company, led to the exposure of 32 million user accounts and passwords. Privacy leaks can also happen through insider attacks. For example, Google recently fired an employee who snooped on four teenagers’ accounts.
We propose a new paradigm called privacy evidence for data. The idea is for service providers to produce evidence or proofs to data owners that certain privacy policies have been enforced for their data stored at the remote server. For example, the service provider can prove that a user’s data or its derivatives have not been released to any other party. This way, users can be assured of the privacy of their data stored at the service provider.
To enable privacy evidence, we will provide a Platform for Private Data (or PPD) to be run at the cloud service provider. The platform for private data enables the following features and privacy guarantees:
-
Data analytics without direct access to data. The privacy platform allows a cloud service provider to offer data analytics to users without direct access to the data in cleartext form. Sensitive data and their derivatives are stored and handled in encrypted format, forming data capsules. When applications need to access or operate on the data, the data capsules are decrypted on the fly inside a sandboxed environment isolated from untrusted OS and application code. An underlying Trusted Computing Base (TCB) is responsible for policy checking and enforcement, and attesting to privacy properties or the provenance of sensitive data objects.
-
Easy development of privacy-preserving applications. The privacy platform allows application developers who may not be privacy or security experts to conveniently develop privacy-preserving applications on top of the platform.
-
Secure provenance and privacy evidence. The privacy platform offer privacy evidence to a user, stating that its privacy policies have been enforced. The privacy evidence can simply state a high-level privacy property, e.g., a user’s data has not been shared with any other party. The privacy platform can also offer more fine-grained privacy evidence in the form of data provenance logs. Basically, apart from monitoring data usage, the TCB can also record all transactions and accesses to data in a secure provenance log. We ensure that untrusted OS or applications cannot tamper with the provenance logs.
-
Scalability and high assurance. Last but not the least, we wish to achieve scalability and high assurance at the same time. Ideally, the performance overhead introduced by the privacy platform should be sufficiently low (e.g., comparable to the overhead of todays virtual machine technology) to ensure its practicality. To offer high assurance, we wish to investigate techniques that allow us to reduce the trust to a small TCB responsible for critical operations such as enforcing privacy policies and isolation, and providing attestation of privacy properties.
Please email ppd.berkeley@gmail.com to learn more. Or contact any of the developers here.