Trusted Capsules

May 25, 2018

Security of data is tightly coupled to its access policy. However, in practice, a data owner has control of his data’s access policies only as far as the boundaries of his own systems. In this paper, we introduce graduated access control, which provides mobile, programmable, and dynamically-resolving policies for access control that extends a data owner’s policies across system boundaries. We realize this through a novel data-centric abstraction called trusted capsules and its associated system, the trusted data monitor.

A trusted capsule couples data and policy into a single mobile unit. A capsule is backwards-compatible and is indistinguishable from a regular file to applications. In coordination with the trusted data monitor a capsule provides data integrity and confidentiality on remote devices, strong authentication to a trusted capsule service, and supports nuanced and dynamic access control decisions on remote systems. We implemented our data monitor using ARM TrustZone.

We show that graduated access control can express novel and useful real world policies, such as revocation, remote monitoring, and risk-adaptable disclosure. We illustrate trusted capsules for different file formats, including JPEG, FODT, and PDF. We also show compatibility with unmodified applications, such as LibreOffice Writer, Evince, and VLC.

Security
PhD student | Coffee Drinker Meme Connoiseur

Talks

Cross-platform Data Integrity and Confidentiality with Graduated Access Control

Click on the Slides button above to view the built-in slides feature. --
May 11, 2018 12:00 AM Vancouver, BC
Puneet Mehrotra, Amanda Carbonari, Peter Chen, Ivan Beschastnikh, Andrew Warfield
PDF Project Video