SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
-
Upload
thomasine-daniels -
Category
Documents
-
view
221 -
download
5
Transcript of SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
![Page 1: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/1.jpg)
SCRUB: Secure Computing Research for
Users’ Benefit
David Wagner
http://scrub.cs.berkeley.edu/
1
![Page 2: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/2.jpg)
Security is hard
2
![Page 3: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/3.jpg)
What is SCRUB?
• SCRUB is a new center focusing on security for user’s benefit
• Model: industry funding + collaboration– 4 Intel researchers in residence at Berkeley
– $2.5M/year in funding– Open IP policy
• Schools: Berkeley, CMU, Drexel, Duke, UIUC
3
![Page 4: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/4.jpg)
Thin intermediation layer
Mobile security
Security analytics
Data-centric security
SCRUB
Research Agenda
![Page 5: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/5.jpg)
Security of Desktop Computing
• Problem: today’s desktops use a security architecture based upon 1970’s-era threat model.
5
![Page 6: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/6.jpg)
![Page 7: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/7.jpg)
Secure Desktop Computing
• A thin, low-level intermediation layer can enable secure computation• e.g., online banking – establish an island of security amidst the sea of malware
• Benefit to users: secure computing on insecure desktops
7
![Page 8: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/8.jpg)
Hardware
Intermediation layer
OS
Web browser
Banking app
Thinclient
Securing the desktop:Thin intermediation
layer
OS
![Page 9: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/9.jpg)
Mobile Security
9
• Huge growth in third-party apps:
![Page 10: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/10.jpg)
Mobile Security
• How do we ensure third-party apps are safe?
• New paradigm for secure computing: protect against apps, not against users
• Benefit to users: Secure smartphones, tablets
10
How do we build effective app permission systems?
How do we build effective app permission systems?
Can we make app stores more robust
and secure?
Can we make app stores more robust
and secure?
![Page 11: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/11.jpg)
Desktop OS
• Threat model:users attacking users
• Applications run withusers’ full privileges
11
![Page 12: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/12.jpg)
Modern Reality
• Threat model:apps attacking users
• One user per device• Users don’t trust all apps
12
![Page 13: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/13.jpg)
Permission Systems
User approves what permissions the application receives.
13
Does this provide security benefits?
![Page 14: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/14.jpg)
The Good News
• Permissions do limit harm from breaches
• Developers do comply• Only 30% of apps are overprivileged, and only a little
• But can users use permissions effectively?
14
Android apps get median of 4 permissions; desktop apps get 56. Only 10% of Android apps can cost users money, and only 15% get personal info.
![Page 15: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/15.jpg)
More work needed
• Some users can use permissions effectively• 20% demonstrated awareness and some comprehension• 20% have declined to install an app because of perms
• But, at least on Android, permissions are not effective for most users• Only 17% of Android users look at permissions• Only 24% understand Android permissions (more or less)
• Our user studies partially explain why, but more work is needed to find a good solution
15
![Page 16: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/16.jpg)
Apps as paradigm for security
• Beyond phones: app-based platforms offer a path to securing laptops and desktops.
16
PhoneDesktop
![Page 17: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/17.jpg)
Data-centric security
• Data increasingly resides not only on end-user devices, but also on servers, cloud, …
• Can we provide consistent protection for user data as it flows through a complex distributed system, no matter where it is stored?
• Benefit to users: visibility and control over their data
17
![Page 18: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/18.jpg)
Data-centric security• Cloud platform protects user data and ensures that apps can’t misuse it
• Each user’s data is separately encrypted. When cloud authenticates the user, it gives app access to user’s data. Cloud prevents apps from exfiltrating the data.
• Ability to audit who has access to data.
18
cloud servercloud server
App
encrypted storage
encrypted, authenticated channel
![Page 19: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/19.jpg)
Security analytics
• How can we accurately measure security?• Current approaches lead us in the dark
• Are our efforts to secure systems making progress?
• Goal: robust security metrics and analytics
• Benefit to users: Ability to prioritize, manage, and measure security
19
![Page 20: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/20.jpg)
Learn more
• Come visit us:SCRUB Open House, 2-4pm, 373 Soda Hall
• Come visit the TRUST center, too:TRUST Open House, 2-4pm, 337 Cory Hall
• Follow our work:http://scrub.cs.berkeley.edu/
20
![Page 21: SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.](https://reader036.fdocuments.in/reader036/viewer/2022062515/56649d095503460f949daa58/html5/thumbnails/21.jpg)