Paper Info
Title
A software-hardware architecture for self-protecting data
Abstract
We propose a software-hardware architecture, DataSafe, that realizes the concept of self-protecting data: data that is protected by a given policy whenever it is accessed by any application -- including unvetted third-party applications. Our architecture provides dynamic instantiations of secure data compartments (SDCs), with hardware monitoring of the information flows from the compartment using hardware policy tags associated with the data at runtime. Unbypassable hardware output control prevents confidential information from being leaked out. Unlike previous hardware information flow tracking systems, DataSafe software architecture bridges the semantic gap by supporting flexible, high-level software policies for the data, seamlessly translating these policies to efficient hardware tags at runtime. Applications need not be modified to interface to these software-hardware mechanisms. DataSafe architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide lifetime enforcement of the confidentiality policies associated with the sensitive data.
Year
DOI
Venue
2012
10.1145/2382196.2382201
ACM Conference on Computer and Communications Security
Keywords
Field
DocType
efficient hardware tag,sensitive data,software-hardware architecture,hardware policy tag,secure data compartment,datasafe architecture,self-protecting data,hardware monitoring,previous hardware information flow,protected plaintext data,unbypassable hardware output control,architecture,security,trusted computing
Data architecture,Trusted Computing,Computer security,Computer science,Semantic gap,Software,Reference architecture,Software architecture,Plaintext,Hardware architecture
Conference
Citations 
PageRank 
References 
22
0.82
25
Authors
3
Name
Order
Citations
PageRank
Yu-Yuan Chen116315.53
Pramod A. Jamkhedkar215311.23
Ruby Lee32460261.28