Download   Report
  1. No category

tinman_poster - 0.2

TinMan: Eliminating Confidential Mobile Data Exposure with Security Oriented Offloading
Yubin Xia, Yutao Liu, Cheng Tan, Mingyang Ma, Haibing Guan, Binyu Zang, Haibo Chen
IPADS, Shanghai Jiao Tong University (http://ipads.se.sjtu.edu.cn)
Yubin Xia. [email protected]
Goals & Threat Model
Problem & Motivation
Main Idea
• Offload all c ors accesses to a trusted node
Confidential Record (cor) Exposure
• E.g., password, bank account, social security number
• Such c ritical data remain on a device for long time [1]
• These data might be stolen from a phone
Goals: Nothing to lose!
• Zero exposure of cors on the device at any time
• Support existing apps • Small overhead on both performance and power
Threat Model
• Not trust the software stack on the mobile device
• Only trust the trusted n ode, which maybe a private cloud, a PC at home, etc.
Our Solution: TinMan
1:
Evaluation
Security-oriented Offloading
Latency of PayPal login latency
Caffeinemark
8000
18
Original system
TinMan (symmetric-taint)
TinMan (asymmetric-taint)
7000
CaffeineMark 3.0 Score
Offload cor accesses to a trusted node
• Use tainting to track c or data flow on the client
• Store a placeholder for each cor
Multiple levels of migration
• Ensure no plaintext of a cor exists on the client device
• Make the offloading transparent to applications
6000
12.3
12
5000
4000
3000
9.6%
20.1%
2000
9.4
9
9.2
7.1
6
3
1000
0
Original login
On-demand offload
SSL/TCP offload
15
Elapsed Time (Seconds)
Design Overall
• Using security-­‐oriented offloading mechanism to seamlessly support existing applications
On-­‐demand Offloading
• Java DSM offloading engine based on COMET [2]
• Track dataflow of placeholders of cors on the client
SSL Offloading: Session Injection
• Migrate a part of an SSL session from
mobile device to the trusted node
• Different transferred metadata based on different encryption methods used by SSL
TCP Offloading: Payload Replacement
• Trusted node replaces the payload of the packet with the cor, and then sends it out
Asymmetric Tainting
• Adopt lightweight tainting on the mobile device
• Adopt full-­‐fledged tainting on the trusted node
Sieve
Loop
Logic
String
Float
Method Overall Score
0
Orig TinM
inal
an
WIFI
Orig TinM
inal
an
Configurations
3G
1. Y. Tang, P. Ames, S. Bhamidipati, A. Bijlani, R. Geambasu, and N . Sarda. Cleanos: Limiting mobile data exposure with idle eviction. I n O SDI, 2012.
2. M. S. Gordon, D. A. Jamshidi, S. Mahlke, Z. M. Mao, and X. Chen. Comet: code offload b y migrating execution trans-­‐ parently. I n OSDI, 2012.
This is a conference paper poster. The paper will be presented on Session 8, 09:00 -­‐ 10:15 on 24 April.
HOW TO: Configuring NetScaler SSL Offload to work with the N-series Summary:

HOW TO: Configuring NetScaler SSL Offload to work with the N-series Summary:

Document 71211

Document 71211

SSL Key Management Whitepaper

SSL Key Management Whitepaper

Students of Agamathi Balika Vidyalaya, Panadura who obtained the highest... The new premises of the Lyceum International School was opened

Students of Agamathi Balika Vidyalaya, Panadura who obtained the highest... The new premises of the Lyceum International School was opened

European Youth Conference - Let`s Take Care of the Planet! May 20

European Youth Conference - Let`s Take Care of the Planet! May 20

Résumé - Varun Arora

Résumé - Varun Arora

Document 186403

Document 186403

V A R U N A R O... The Flatiron School Summer 2014

V A R U N A R O... The Flatiron School Summer 2014

Heterogeneous Resource Allocation for Hierarchical Software

Heterogeneous Resource Allocation for Hierarchical Software

Oakland County Extended Validation SSL Certificate Executive Summary

Oakland County Extended Validation SSL Certificate Executive Summary

abcdocz.com

© Copyright 2024