IEEE Symposium on Security and Privacy


Two co-located tutorials will be held on the afternoon of Wednesday, 20 May 2009:

A Quick Intro to Trusted Hardware

Radu Sion
Stony Brook Trusted Hardware Lab

Increasingly, modern networked storage and computation services are fundamentally vulnerable to faulty behavior and malicious compromise. In online, un-trusted environments, security, privacy and correctness assurances become essential functionality requirements. However, achieving such assurances efficiently is extremely challenging. Scalability requirements often do not allow for centralized points of trust, while distributed alternatives are rarely practical due to large computation and communication overheads.

The advent of general-purpose trustworthy hardware offering tamper-resistance and reactivity, allows for fundamentally new paradigms of trust. Trust chains spanning untrusted and possibly hostile environments can now be built by deploying such secure tamper-proof hardware at the service processing components' site. The trusted hardware will run certified logic on behalf of clients; close data-proximity coupled with tamper-resistant guarantees allow an optimal balance and partly de-coupling of the efficiency-security trade-off. Long speculated about technology has now matured to enable such applications. Computing can now be both efficient and secure.

In this tutorial we explore hardware deployed in the design and implementation of trusted, efficient, and scalable computing. We discuss known vulnerabilities and attacks, adversarial and deployment models for hardware ranging from simple TPM micro-controllers and smart-cards, ARM TrustZone components, on-disk encryption mechanisms such as Seagate's Full Disk Encryption (FDE) units, to full-fledged FIPS 140-2 Level 4 certified IBM 4758 and the newer IBM 4764 PCI-X cryptographic coprocessors. Time-permitting we will also provide a hands-on programming session for IBM 4758 SCPUs.

An important part of the tutorial will lie in conveying the insights of how practical limitations of trusted hardware devices pose a set of significant challenges in achieving sound assurances in practical applications in financial (trading systems, online banking, ATMs), commercial, governmental and defense applications. Specifically, heat dissipation concerns under tamper-resistant requirements limit the maximum allowable spatial gate-density. As a result, e.g., general-purpose secure co-processors (SCPUs) are often significantly constrained in both computation ability and memory capacity, being up to one order of magnitude slower that host CPUs. We will explore how to achieve efficiency in this setting by designs accessing secure hardware sparsely, asynchronously from the main data flow.


Radu Sion Radu Sion is an assistant professor of Computer Science in Stony Brook University, heading the Network Security and Applied Cryptography Laboratory. His research focuses on data security and practical information assurance mechanisms. Sion also directs the Stony Brook Trusted Hardware Laboratory, a central expertise and research knowledge repository on secure hardware.

Models and Methods for Disclosure Limitation

Johannes Gehrke (Cornell University) and Ashwin Machanavajjhala (Yahoo! Research)

The digitization of our daily lives has led to an explosion in the collection of data by governments, corporations, and individuals. Protection of confidentiality of this data is of utmost importance. However, knowledge of statistical properties of this private data can have significant societal benefit, for example, in decisions about the allocation of public funds based on Census data, or in the analysis of medical data from different hospitals to understand the interaction of drugs. This tutorial will survey recent research that builds bridges between the two seemingly conflicting goals of sharing data while limiting disclosure. The tutorial will cover definitions of disclosure and associated methods how to enforce it. We also show how definitions of disclosure for data privacy can be modified to applications traditionally considered in this conference, such as anonymous routing.

Part I: Privacy definitions

  • Measures of anonymity - k-anonymity: record linkage and estimating uniques in population
  • Modeling privacy and adversarial background knowledge: l-diversity, worst case background knowledge and privacy skyline, alpha beta privacy, differential privacy, perfect privacy and its relation to access control, epsilon-privacy framework and discussion on when to use which definition.
  • Composability and the problem of multiple releases
Part II: Anonymization Algorithms
  • Offline: Generalization, synthetic data generation
  • Online: noise addition