Highlights in my depth study on Secure Mobile Computation

1
Highlights in my depth study onSecure Mobile
Computation

• Freeman Yufei Huang
• Supervisory committee
• Dr. Skillicorn
• Dr. Martin
• Dr. Dingel

2
Table of Contents

• 1. Mobile computation and its security concerns

1. Protecting mobile computation hosts

1. Static approaches
2. Runtime approaches

1. Protecting mobile programs against hosts

1. Encrypted computation
2. Other weaker approaches

1. Conclusion and opportunities

3
Computation Distribution - Where
more on local

• Initiator does most computation locally, only
  requests raw data from remote node. E.g. a file
  server setting.

• Computation task shared between initiator and
  remote cooperating nodes. E.g. a typical
  client-server setting.

• Most computation done on remote nodes. Initiator
  only requests and gets final results. E.g. a web
  service setting, a mobile agent system.

more on remote
4
Computation Distribution - When
more static

• Application programs are pre-installed on remote
  nodes at static time. Initiator sends simple
  requests at runtime.

• Component libraries are pre-installed on remote
  nodes at static time. Initiator sends scripts at
  runtime for execution.

• Only basic runtime systems are pre-installed.
  Executable code or active agent is sent at
  runtime for execution.

more runtime
5
Computation Mobility

• Data mobility local programs request remote data
  to be transferred through network for use locally.

Control mobility local programs send control
messages to invoke remote programs for
cooperation.
Code mobility high-level scripts or executable
codes are sent to remote nodes for execution at
runtime.
Agent mobility active software agents move from
node to node and execute autonomously.
The last two types mobile computation.
6
Security for Mobile Computation
Two kinds of actors in mobile computation

• Mobile programs mobile scripts, mobile codes and
  mobile agents that represent mobile computation
  tasks.

Mobile computation hosts computing nodes that
accept and execute mobile programs.
Security in mobile computation is two-fold

• Security of mobile computation hosts
• Security of mobile programs against hosts

7
Table of Contents

• 1. Mobile computation and its security concerns

1. Protecting mobile computation hosts

1. Static approaches
2. Runtime approaches

1. Protecting mobile programs against hosts

1. Encrypted computation
2. Other weaker approaches

1. Conclusion and opportunities

8
Preliminary Security Policies

• Computing system a state machine.

A program in the system a set of possible state
transition (execution) traces.
Security policy a predicate on sets of traces.
Security property a simple policy whose
predicate evaluates individual traces.
Safety property regulates some bad thing should
not happen in a trace.
Liveness property regulates some good thing must
happen in a trace.
9
Protecting Mobile Computation Hosts

• Protecting traditional computing systems

Static verification, Runtime monitoring
Protecting mobile computation hosts

• Similarity enforcement of security policies
• Distinction
• Hosts have no control over development of mobile
  programs enforce security at load time or
  runtime only.
• Hosts respond in real-time require low
  complexity at load time and runtime.

10
Protecting Mobile Computation Hosts

• Adaptation of the traditional approaches

• Static verification can apply at load time, but
  the complexity of verification needs to be moved
  around.
• Security type checking
• Proof-Carrying Code

• Runtime monitoring is directly applicable, but
  its runtime overhead needs improvement.
• Code instrumentation

11
Static App Security Type Checking

• Type checking walks through a program to check
  whether it conforms to the syntactic and semantic
  rules of a typed language.

Security type checking - the syntactic and
semantic rules reflect a set of security policies.
Security type system of a typed language

• Security types. E.g. x high, a low

• Typing rules. E.g.

x high, a low (x a ) high

• Soundness proof

12
Static App Security Type Checking
Advantages in mobile computation

• Type checking at load time (by hosts) is
  efficient.

• No runtime overhead.

• The hard part - soundness proof - moves to the
  language designer.

Disadvantages

• Safety properties only.

• Soundness proof is a tough task.

Famous example Java bytecode verifier.
13
Static App Proof-Carrying Code

• Idea A mobile program must come with a proof
  that its code satisfies desired policies. A host
  only checks the proof.

14
Static App Proof-Carrying Code
Advantages in mobile computation

• PCC inherits the strength and generality of
  traditional static verification.

• proof checking at load time (by hosts) is
  efficient.

• The hard part theorem proving - moves to mobile
  program producers/initiators.

Disadvantages

• Tough task for program producer/initiator.

• Being very conservative.

15
Runtime App Runtime Monitoring

• Runs in parallel with target programs, monitoring
  real execution of the programs.

• Enforces safety properties only.

• Usually involves an event triggering mechanism.

• Frequent procedure calls runtime overhead.

• Examples security automata, MaC, Java Security
  Manager.

16
Runtime App Code Instrumentation

• Idea merge runtime monitors into target programs
  to reduce runtime overhead.

• Monitoring codes are inserted at static time
  around target instructions of concern.

• Mechanism is needed to protect inserted codes
  against target codes.

• Examples Software Fault Isolation(SFI) Security
  Automata SFI Implementation.

17
Protecting Hosts Workload Distribution
static time static time static time runtime
language designer mobile program producer host (load time) host (runtime)
static approach generic verification annotation annotation info collection, predicate verif. none
static approach verification w/ type checking type system proof typing rules annotation type checking none
static approach verification w/ PCC reqmt. on instructions annotation, VC gen. proof VC gen. proof checking none
runtime approach monitoring w/o instrumentation none / slight annotation none / slight annotation none monitoring
runtime approach monitoring w/ instrumentation slight annotation slight annotation code insertion lightweightmonitoring
computation stages
approaches
18
Observation about Policy Downgrade

• Many approaches can directly enforce only safety
  properties.

Downgrade To enforce a general policy P, enforce
a safety property S such that S ?P .

• Approaches that can directly enforce any policies
  also choose to downgrade, because verifying a
  general policy may be undecidable.

• Downgrade may be over-restrictive.

19
Table of Contents

• 1. Mobile computation and its security concerns

1. Protecting mobile computation hosts

1. Static approaches
2. Runtime approaches

1. Protecting mobile programs against hosts

1. Encrypted computation
2. Other weaker approaches

1. Conclusion and opportunities

20
Protecting Mobile Programs

• Encrypted Computation

1. Computing with Encrypted Data
2. Encrypting Polynomial Functions
3. Encrypting Functions of Matrix Form
4. Encryption of General Functions ?

Other Weaker Approaches

1. Code Obfuscation and Expiration
2. Computation Partitioning and Duplication
3. Detective Approaches

21
Computing with Encrypted Data Secure Function
Evaluation

• Goal private input x to a computation of a
  function f(x) must be kept private to its owner.

• Idea encrypt the input, and transform the
  function to adapt to the encrypted form

x ?E(x) , f (x) ? g( E(x) ) such that D(g(
E(x) ) ) f (x)

• Existing techniques transform the boolean circuit
  of a function.

• It protects input data, not the computation.

(x a program, f(x) an interpreter ?
Complexity !)
22
Computing with Encrypted Function

• Contrast to computing with encrypted data, the
  goal of computing with encrypted function is

f (x) ? E( f(x) ) such that D( E( f(x) ) ) f
(x)
The point is how to find such encryption scheme
that E and D are efficient provided the key, D is
hard without the key.
23
Encrypted Computation Encrypting Polynomial
Functions

• Encrypting function by composition

E( f(x) ) gf(x) , D( E( f(x) ) g-1 (g
f(x) ) f(x)

• It will work for polynomial functions if an
  algebraic homomorphic trapdoor one-way function E
  exists such that

E( xy) Plus( E(x) , E(y) ) , E( xy) Mult(
E(x) , E(y) )

• It hides coefficients but not the structure of a
  polynomial function.

• It is not extensible to general functions.

24
Encrypted Computation Encrypting Functions of
Matrix Form

• Encrypting boolean functions in the form of
  binary matrix by matrix composition.

• Encryption scheme is derived from McEliece
  public-key scheme with Goppa Code.

• Advantage boolean function is general.

• Disadvantages
• Very large size of the encrypted function
• Input to function can not be protected

25
Encrypted Computation Encrypting General
Functions ?

• Effort to encrypt both a boolean function and its
  inputs has not made significant progress.

• Unconditional security is impossible. Compromise
  on security is needed to gain practicality.

• Is function an appropriate form to represent
  general computation?

26
Other Approaches Code Obfuscation and Expiration

• Obfuscation uses heuristic techniques to modify
  programs into forms harder to understand but
  perform the same tasks.

• Problem obfuscation is not provably secure.
  De-obfuscation is always possible.

• Solution limiting the life-time of an obfuscated
  program.

• It is applicable to any program generally, but
  weak on protecting computation privacy.

27
Other Approaches Partitioning and Duplication

• Computation partitioning splits a computation
  into several parts, and sends them to different
  hosts for execution.

• Computation duplication sends the same
  computation to multiple hosts for execution and
  determine the result by majority vote.

• Approaches mainly focus on computation integrity
  rather than privacy.

• Mechanism is needed to prevent malicious host
  collaboration.

28
Other Approaches Detective Approaches

• State Appraisal detects malicious modification to
  mobile programs that would abuse resources.
• Execution Tracing requires hosts to submit the
  execution records of mobile programs, and replay
  them to detect deviations.
• Redundant data items and computation can be mixed
  with regular data and computation to detect
  malicious hosts.

Detective approaches detect integrity attacks
afterwards, and cannot detect privacy attacks.
29
Conclusions

• 1. Security in mobile computation is two-fold
  protecting both hosts and mobile programs.

1. Approaches to protect mobile computation hosts
   are natural extensions to those protecting
   traditional computing nodes. Protection is
   possible at both static time and runtime.
   Complexity and policy enforceability are two
   aspects to consider.

1. Protecting mobile programs is still a matter of
   feasibility. Existing approaches are either
   impractical or weak in security.

30
Research Opportunities

• Composability of security policies.
• Downgrade of security policies.
• Host security against runtime-generated code.

• Special-purpose computation representation and
  encryption scheme for specific application.
• Formal study of computation partitioning in
  protecting computation privacy, and its conjunct
  use with duplication.
• General use of redundant computation to detect
  malicious hosts.