1. bookVolume 2020 (2020): Issue 3 (July 2020)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

Mitigator: Privacy policy compliance using trusted hardware

Published Online: 17 Aug 2020
Page range: 204 - 221
Received: 30 Nov 2019
Accepted: 16 Mar 2020
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English

Through recent years, much research has been conducted into processing privacy policies and presenting them in ways that are easy for users to understand. However, understanding privacy policies has little utility if the website’s data processing code does not match the privacy policy. Although systems have been proposed to achieve compliance of internal software to access control policies, they assume a large trusted computing base and are not designed to provide a proof of compliance to an end user. We design Mitigator, a system to enforce compliance of a website’s source code with a privacy policy model that addresses these two drawbacks of previous work. We use trusted hardware platforms to provide a guarantee to an end user that their data is only handled by code that is compliant with the privacy policy. Such an end user only needs to trust a small module in the hardware of the remote back-end machine and related libraries but not the entire OS. We also provide a proof-of-concept implementation of Mitigator and evaluate it for its latency. We conclude that it incurs only a small overhead with respect to an unmodified system that does not provide a guarantee of privacy policy compliance to the end user.

Keywords

[1] Advanced Micro Devices. Secure Encrypted Virtualization API Version 0.17. Technical preview, Advanced Micro Devices, 2018. URL https://www.amd.com/system/files/TechDocs/55766_SEV-KM_API_Specification.pdf.Search in Google Scholar

[2] Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play. In 28th USENIX Security Symposium, pages 585–602, Santa Clara, CA, August 2019. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity19/presentation/andow.Search in Google Scholar

[3] Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pages 689–703, Savannah, GA, 2016. USENIX Association. URL https://www.usenix.org/conference/osdi16/technical-sessions/presentation/arnautov.Search in Google Scholar

[4] Pierre-Louis Aublin, Florian Kelbert, Dan O’Keeffe, Divya Muthukumaran, Christian Priebe, Joshua Lind, Robert Krahn, Christof Fetzer, David Eyers, and Peter Pietzuch. TaLoS: Secure and Transparent TLS Termination inside SGX Enclaves. Technical report, Imperial College London, 2017. URL https://www.doc.ic.ac.uk/research/technicalreports/2017/DTRS17-5.pdf.Search in Google Scholar

[5] Michael Backes, Konrad Rieck, Malte Skoruppa, Ben Stock, and Fabian Yamaguchi. Efficient and Flexible Discovery of PHP Application Vulnerabilities. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pages 334–349, 2017. 10.1109/EuroSP.2017.14.Search in Google Scholar

[6] Eleanor Birrell, Anders Gjerdrum, Robbert van Renesse, Håvard Johansen, Dag Johansen, and Fred B. Schneider. SGX Enforcement of Use-Based Privacy. In Proceedings of the 2018 Workshop on Privacy in the Electronic Society, WPES’18, pages 155–167, New York, NY, USA, 2018. ACM. 10.1145/3267323.3268954. URL https://dl.acm.org/citation.cfm?id=3268954.Search in Google Scholar

[7] Travis D. Breaux and Florian Schaub. Scaling requirements extraction to the crowd: Experiments with privacy policies. In 2014 IEEE 22nd International Requirements Engineering Conference (RE), pages 163–172, 2014. 10.1109/RE.2014.6912258.Search in Google Scholar

[8] Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. Telling Your Secrets without Page Faults: Stealthy Page Table-Based Attacks on Enclaved Execution. In 26th USENIX Security Symposium (USENIX Security 17), pages 1041–1056, Vancouver, BC, 2017. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity17/technicalsessions/presentation/van-bulck.Search in Google Scholar

[9] Chia che Tsai, Donald E. Porter, and Mona Vij. Graphene- SGX: A Practical Library OS for Unmodified Applications on SGX. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 645–658, Santa Clara, CA, 2017. USENIX Association. URL https://www.usenix.org/conference/atc17/technical-sessions/presentation/tsai.Search in Google Scholar

[10] Victor Costan, Ilia Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium (USENIX Security 16), pages 857–874, Austin, TX, 2016. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan.Search in Google Scholar

[11] Lorrie Cranor, Marc Langheinrich, Massimo Marchiori, Martin Presler-Marshall, and Joseph Reagle. The Platform for Privacy Preferences 1.0 (P3P 1.0) Specification. https://www.w3.org/TR/P3P/, 2002.Search in Google Scholar

[12] Lorrie Faith Cranor. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10:273–308, 2012. http://jthtl.org/content/articles/V10I2/JTHTLv10i2_Cranor.PDF.Search in Google Scholar

[13] Eslam Elnikety, Aastha Mehta, Anjo Vahldiek-Oberwagner, Deepak Garg, and Peter Druschel. Thoth: Comprehensive Policy Compliance in Data Retrieval Systems. In 25th USENIX Security Symposium (USENIX Security 16), pages 637–654, Austin, TX, 2016. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/elnikety.Search in Google Scholar

[14] Michael Freyberger, Warren He, Devdatta Akhawe, Michelle L Mazurek, and Prateek Mittal. Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet Browsers. Proceedings on Privacy Enhancing Technologies, 2018(2):47–63, 2018. http://dx.doi.org/10.1515/popets-2018-0012.Search in Google Scholar

[15] Daniel B. Giffin, Amit Levy, Deian Stefan, David Terei, David Mazières, John C. Mitchell, and Alejandro Russo. Hails: Protecting Data Privacy in Untrusted Web Applications. In Presented as part of the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), pages 47–60, Hollywood, CA, 2012. USENIX. URL https://www.usenix.org/conference/osdi12/technicalsessions/presentation/giffin.Search in Google Scholar

[16] Hamza Harkous, Kassem Fawaz, Rémi Lebret, Florian Schaub, Kang G. Shin, and Karl Aberer. Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning. In 27th USENIX Security Symposium (USENIX Security 18), pages 531–548, Baltimore, MD, 2018. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity18/presentation/harkous.Search in Google Scholar

[17] Intel Corporation. Intel® Software Guard Extensions (Intel® SGX) Developer Guide. https://download.01.org/intelsgx/linux-2.5/docs/Intel_SGX_Developer_Guide.pdf, 2019.Search in Google Scholar

[18] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. Pixy: a static analysis tool for detecting Web application vulnerabilities. In 2006 IEEE Symposium on Security and Privacy (S P’06), 2006. 10.1109/SP.2006.29.Search in Google Scholar

[19] Jayanthkumar Kannan, Petros Maniatis, and Byung-Gon Chun. Secure Data Preservers For Web Services. In 2nd USENIX Conference on Web Application Development, WebApps’ 11, pages 3–3, Berkeley, CA, USA, 2011. USENIX Association. URL http://dl.acm.org/citation.cfm?id=2002168.2002171.Search in Google Scholar

[20] Klaudia Krawiecka, Arseny Kurnikov, Andrew Paverd, Mohammad Mannan, and N. Asokan. SafeKeeper: Protecting Web Passwords Using Trusted Execution Environments. In Proceedings of the 2018 World Wide Web Conference, WWW ’18, pages 349–358, Republic and Canton of Geneva, Switzerland, 2018. International World Wide Web Conferences Steering Committee. 10.1145/3178876.3186101.Search in Google Scholar

[21] Dayeol Lee, David Kohlbrenner, Shweta Shinde, Kriste Asanovic, Dawn Song, Ilia Lebedev, Srini Devdas, Sagar Karandikar, and Albert Ou. Keystone - Open-source Secure Hardware Enclave. https://keystone-enclave.org/, 2019.Search in Google Scholar

[22] Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing. In 26th USENIX Security Symposium (USENIX Security 17), pages 557–574, Vancouver, BC, 2017. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/lee-sangho.Search in Google Scholar

[23] Petros Maniatis, Devdatta Akhawe, Kevin R Fall, Elaine Shi, and Dawn Song. Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection. In 13th Workshop on Hot Topics in Operating Systems, volume 7, pages 193–205. USENIX Association, 2011. URL https://www.usenix.org/legacy/event/hotos/tech/final_files/ManiatisAkhawe.pdf.Search in Google Scholar

[24] Sajin Sasy, Sergey Gorbunov, and Christopher W. Fletcher. ZeroTrace : Oblivious Memory Primitives from Intel SGX. In Proceedings of the 25th Annual Network and Distributed Systems Security Symposium, NDSS’18, 2018. URL http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_02B-4_Sasy_paper.pdf.Search in Google Scholar

[25] Shayak Sen, Saikat Guha, Anupam Datta, Sriram K. Rajamani, Janice Tsai, and Jeannette M. Wing. Bootstrapping Privacy Compliance in Big Data Systems. In Proceedings of the 2014 IEEE Symposium on Security and Privacy, SP ’14, pages 327–342, Washington, DC, USA, 2014. IEEE Computer Society. 10.1109/SP.2014.28.Search in Google Scholar

[26] Shweta Shinde, Dat Le Tien, Shruti Tople, and Prateek Saxena. Panoply: Low-TCB Linux Applications With SGX Enclaves. In Proceedings of the 24th Annual Network and Distributed Systems Security Symposium, NDSS’17, 2017. http://dx.doi.org/10.14722/ndss.2017.23500. URL https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/panoply-low-tcb-linux-applications-sgx-enclaves/.Search in Google Scholar

[27] Rocky Slavin, Xiaoyin Wang, Mitra Bokaei Hosseini, James Hester, Ram Krishnan, Jaspreet Bhatia, Travis D Breaux, and Jianwei Niu. Toward a framework for detecting privacy policy violations in android application code. In Proceedings of the 38th International Conference on Software Engineering, pages 25–36. ACM, 2016. 10.1145/2884781.2884855.Search in Google Scholar

[28] Jo Van Bulck, Marina Minkin, Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Mark Silberstein, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In Proceedings of the 27th USENIX Security Symposium, pages 991–1008. USENIX Association, 2018. URL https://www.usenix.org/conference/usenixsecurity18/presentation/bulck.Search in Google Scholar

[29] Frank Wang, Ronny Ko, and James Mickens. Riverbed: Enforcing user-defined privacy constraints in distributed web services. In 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI 19), pages 615–630, Boston, MA, 2019. USENIX Association. ISBN 978-1-931971-49-2. URL https://www.usenix.org/conference/nsdi19/presentation/wang-frank.Search in Google Scholar

[30] Zack Whittaker. Equifax breach was ‘entirely preventable’ had it used basic security measures, says House report. https://techcrunch.com/2018/12/10/equifax-breachpreventable-house-oversight-report/, 2019.Search in Google Scholar

[31] Shomir Wilson, Florian Schaub, Aswarth Abhilash Dara, Frederick Liu, Sushain Cherivirala, Pedro Giovanni Leon, Mads Schaarup Andersen, Sebastian Zimmeck, Kanthashree Mysore Sathyendra, N. Cameron Russell, Thomas B. Norton, Eduard Hovy, Joel Reidenberg, and Norman Sadeh. The creation and analysis of a website privacy policy corpus. In Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, ACL 2016, Berlin, Germany, 2016. ACL. dx.doi.org/10.18653/v1/P16-1126. URL https://www.aclweb.org/anthology/P16-1126.Search in Google Scholar

[32] Sebastian Zimmeck and Steven M. Bellovin. Privee: An Architecture for Automatically Analyzing Web Privacy Policies. In 23rd USENIX Security Symposium (USENIX Security 2014), pages 1–16, San Diego, CA, 2014. USENIX Association. URL https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/zimmeck.Search in Google Scholar

[33] Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shormir Wilson, Norman Sadeh, Steven M. Bellovin, and Joel Reidenberg. Automated Analysis of Privacy Requirements for Mobile Apps. In 24th Network & Distributed System Security Symposium (NDSS 2017), NDSS 2017, San Diego, CA, 2017. Internet Society. URL https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/automated-analysis-privacy-requirementsmobile-apps/.Search in Google Scholar

[34] Sebastian Zimmeck, Peter Story, Rafael Goldstein, David Baraka, Shaoyan Li, Yuanyuan Feng, and Norman Sadeh. Compliance Traceability: Privacy Policies as Software Development Artifacts. Open Day for Privacy, Usability, and Transparency, July 2019. https://sebastianzimmeck.de/zimmeckEtAlTraceability2019Abstract.pdf.Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo