context-centric security - usenix...context-centric security mohit tiwari, prashanth mohan, andrew...
TRANSCRIPT
![Page 1: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/1.jpg)
Context-centric Security
Mohit Tiwari, Prashanth Mohan, Andrew Osheroff,
Hilfi Alkaff, Eric Love, Elaine Shi,
Dawn Song, Krste Asanović
UC Berkeley
1
![Page 2: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/2.jpg)
Context-centric Security
• Contexts are light-weight real-life events
– a conference hallway meeting, a birthday party
• User shares contexts with contacts
– policies not based on permissions or labels
• System infers all low-level details
– in contrast to current practice…
2
![Page 3: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/3.jpg)
App-centric Privacy: Problematic
• Permissions are abstruse
– SD Card, File systems,…
– 56 of 100+: dangerous
– Statically assigned
• App owns user’s data
3
What a Dope!
![Page 4: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/4.jpg)
Data-centric Privacy: Problematic
Data
X
Principals Policies on Labels
4
![Page 5: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/5.jpg)
B’day Party
Class Project
Files Camera Microphone Wifi
Apps
Contexts
System resources
Users
Problem: User maps Contexts to Policies
5
![Page 6: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/6.jpg)
Bubbles: Context-centric Security
• Data clusters around real-world contexts.
• Privacy policy as access control on contexts.
• Apps run in Bubbles; cannot affect privacy.
B’day Party Class Project
6
![Page 7: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/7.jpg)
Using Bubbles
B’day Plans
Time-line 7
email a caterer?
![Page 8: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/8.jpg)
Using Bubbles
B’day Catering
Time-line 8
![Page 9: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/9.jpg)
Using Bubbles
B’day Party
9
Caterer: not part of party bubble Two contexts within same event
![Page 10: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/10.jpg)
A Bubble is the Minimum Unit of Sharing
• Untrusted code can arbitrarily mix data inside a bubble.
– Hence, sharing one item == sharing any item.
• Have to limit cross-bubble declassification
– So that user has flexibility of re-sharing, e.g. meeting notes
• Bubbles have to be very light-weight contexts
– I would put every 1:1 meeting at Usenix into a unique bubble
10
![Page 11: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/11.jpg)
Challenges in implementing Bubbles
• Lots of bubbles UI for navigating bubbles
• Apps don’t own data API for developers
• System implementation Infer dangerous permissions, and create light-weight containers
11
![Page 12: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/12.jpg)
Recent Bubbles
B’day Party B’day Plans B’day Catering
Bubbles Contacts 12
![Page 13: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/13.jpg)
Local Bubbles
B’day Party
13
Hike
Tilden
Sailing Henry Wharf
Farmers Market
![Page 14: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/14.jpg)
Bubbles App Design Pattern
Developer Updates, Ads, …
Developer Zone
User
B’day Plan
B’day Party
Public profile info
14
![Page 15: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/15.jpg)
• Application-initiated sharing – Recommendation engines, Spam filters – Differential privacy, k-anonymity, …
• User-initiated sharing
– Storing, sharing, and editing docs – Real-time communication (voice, video)
• Anonymous: Not tied to real identity – Games, flashlights, wallpapers, – Browsing news, reviews, recipes, …
0
10
20
30
40
50
60
70
80
90
100
Free Paid
Many Apps fit inside Bubbles Pe
rcen
t
15
![Page 16: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/16.jpg)
System Infers Dangerous Permissions
• User-controlled resources: 7
– location, camera, microphone, read-contacts
• Virtualized resource: 27
– internal and external storage, system logs, app cache and history,…
• Communication with firewall rules: 17
– internet access, wifi, telephony
16
![Page 17: Context-centric Security - USENIX...Context-centric Security Mohit Tiwari, Prashanth Mohan, Andrew Osheroff, Hilfi Alkaff, Eric Love, Elaine Shi, Dawn Song, Krste Asanović UC BerkeleyContext-centric](https://reader033.vdocument.in/reader033/viewer/2022051917/600907a8ebcf4a7d8b771384/html5/thumbnails/17.jpg)
Context-centric Security
Bubbles Project
• Context = minimum unit of sharing data.
• Is working in contexts intuitive? Learnable?
• Does API support all useful functionality?
17