Max-Planck-Institut für Informatik
max planck institut
informatik
mpii logo Minerva of the Max Planck Society
 

MPI-INF or MPI-SWS or Local Campus Event Calendar

<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:Techniques to Protect Confidentiality and Integrity of Persistant and In-Memory Data
Speaker:Anjo Vahldiek-Oberwagner
coming from:Max Planck Institute for Software Systems
Speakers Bio:
Event Type:SWS Student Defense Talks - Thesis Defense
Visibility:SWS
We use this to send out email in the morning.
Level:Public Audience
Language:English
Date, Time and Location
Date:Tuesday, 5 February 2019
Time:17:30
Duration:60 Minutes
Location:Saarbrücken
Building:E1 5
Room:029
Abstract
Today computers store and analyze valuable and sensitive data. As a result we need

to protect this data against confidentiality and integrity violations that can result
in the illicit release, loss, or modification of a user’s and an organization’s sensitive
data such as personal media content or client records. Existing techniques protecting
confidentiality and integrity lack either efficiency or are vulnerable to malicious
attacks. In this thesis we suggest techniques, Guardat and ERIM, to efficiently and
robustly protect persistent and in-memory data.

To protect the confidentiality and integrity of persistent data, clients specify
per-file policies to Guardat declaratively, concisely and separately from code. Guardat
enforces policies by mediating I/O in the storage layer. In contrast to prior techniques,
we protect against accidental or malicious circumvention of higher software layers.
We present the design and prototype implementation, and demonstrate that Guardat
efficiently enforces example policies in a web server.

To protect the confidentiality and integrity of in-memory data, ERIM isolates
sensitive data using Intel Memory Protection Keys (MPK), a recent x86 extension
to partition the address space. However, MPK does not protect against malicious
attacks by itself. We prevent malicious attacks by combining MPK with call gates
to trusted entry points and ahead-of-time binary inspection. In contrast to existing
techniques, ERIM efficiently protects frequently-used session keys of web servers,
an in-memory reference monitor’s private state, and managed runtimes from native
libraries. These use cases result in high switch rates of the order of 10 5 –10 6 switches/s.
Our experiments demonstrate less then 1% runtime overhead per 100,000 switches/s,
thus outperforming existing techniques.

Contact
Name(s):
Video Broadcast
Video Broadcast:YesTo Location:Kaiserslautern
To Building:G26To Room:111
Meeting ID:
Tags, Category, Keywords and additional notes
Note:
Attachments, File(s):

Created:
Maria-Louise Albrecht/MPI-KLSB, 01/17/2019 02:34 PM
Last modified:
Maria-Louise Albrecht/MPI-KLSB, 01/17/2019 02:37 PM
  • Maria-Louise Albrecht, 01/17/2019 02:37 PM -- Created document.