ABSTRACT
Cloud computing allows clients to upload data and computation to untrusted servers, which leads to potential violations to the confidentiality of client data. We propose JCrypt, a static program analysis which transforms a Java program into an equivalent one, so that it performs computation over encrypted data and preserves data confidentiality. JCrypt minimizes computation over encrypted data. It consists of two stages. The first stage is a type-based information flow analysis which partitions the program so that only sensitive parts need to be encrypted. The second stage is an inter-procedural data-flow analysis, similar to the classical Available Expressions. It deduces the appropriate encryption scheme for sensitive variables. We implemented JCrypt for Java and showed that our analysis is effective and practical using five benchmark suites. JCrypt encrypts a significantly larger percentage of benchmarks compared to MrCrypt, the closest related work.
- J. A. Bank, A. C. Myers, and B. Liskov. Parameterized types for Java. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '97, pages 132--145, New York, NY, USA, 1997. ACM. Google ScholarDigital Library
- S. Chong, J. Liu, A. C. Myers, X. Qi, K. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In Proceedings of Twenty-first ACM SIGOPS Symposium on Operating Systems Principles, SOSP '07, pages 31--44, New York, NY, USA, 2007. ACM. Google ScholarDigital Library
- M. Cooney. IBM touts encryption innovation: New technology performs calculations on encrypted data without decrypting it. Network World, June 2009.Google Scholar
- W. Dietl and P. MÃijller. Universes: Lightweight ownership for JML. Journal of Object Technology, 4(8):5--32, 2005.Google ScholarCross Ref
- A. J. Feldman, W. P. Zeller, M. J. Freedman, and E. W. Felten. SPORC: Group collaboration using untrusted cloud resources. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI'10, Berkeley, CA, USA, 2010. USENIX Association. Google ScholarDigital Library
- C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, STOC '09, pages 169--178, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- C. Gentry. Computing arbitrary functions of encrypted data. Commun. ACM, 53(3):97--105, Mar. 2010. Google ScholarDigital Library
- C. Gentry and S. Halevi. Implementing Gentry's fully-homomorphic encryption scheme. In Proceedings of the 30th Annual International Conference on Theory and Applications of Cryptographic Techniques: Advances in Cryptology, EUROCRYPT'11, pages 129--148, Berlin, Heidelberg, 2011. Springer-Verlag. Google ScholarDigital Library
- W. Huang, W. Dietl, A. Milanova, and M. D. Ernst. Inference and checking of object ownership. In Proceedings of the 26th European Conference on Object-Oriented Programming, ECOOP'12, pages 181--206, Berlin, Heidelberg, 2012. Springer-Verlag. Google ScholarDigital Library
- W. Huang, Y. Dong, and A. Milanova. Type-based taint analysis for Java web applications. In Proceedings of the 17th International Conference on Fundamental Approaches to Software Engineering - Volume 8411, pages 140--154, New York, NY, USA, 2014. Springer-Verlag New York, Inc. Google ScholarDigital Library
- W. Huang, Y. Dong, and A. Milanova. Type-based taint analysis for Java web applications. Technical report, Rensselaer Polytechnic Institute, Department of Computer Science, 2014.Google Scholar
- W. Huang, Y. Dong, A. Milanova, and J. Dolby. Scalable and precise taint analysis for Android. In Proceedings of the 2015 International Symposium on Software Testing and Analysis, ISSTA 2015, pages 106--117, New York, NY, USA, 2015. ACM. Google ScholarDigital Library
- W. Huang, A. Milanova, W. Dietl, and M. D. Ernst. Reim & ReImInfer: Checking and inference of reference immutability and method purity. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA '12, pages 879--896, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- O. Lhoták and L. Hendren. Scaling Java points-to analysis using SPARK. In Proceedings of the 12th International Conference on Compiler Construction, CC'03, pages 153--169, Berlin, Heidelberg, 2003. Springer-Verlag. Google ScholarDigital Library
- N. Liu, X. Yang, X. H. Sun, J. Jenkins, and R. Ross. YARNsim: Simulating Hadoop YARN. In Cluster, Cloud and Grid Computing (CCGrid), 2015 15th IEEE/ACM International Symposium on, pages 637--646, May 2015.Google ScholarDigital Library
- P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish. Depot: Cloud storage with minimal trust. ACM Trans. Comput. Syst., 29(4):12:1--12:38, Dec. 2011. Google ScholarDigital Library
- A. Milanova and W. Huang. Dataflow and type-based formulations for reference immutability. In 19th International Workshop on Foundations of Object-Oriented Languages, FOOL'12, 2012.Google Scholar
- A. Milanova and W. Huang. Inference and checking of context-sensitive pluggable types. In Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE '12, pages 26:1--26:4, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- A. Milanova and W. Huang. Composing polymorphic information flow systems with reference immutability. In Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs, FTfJP '13, pages 5:1--5:7, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- A. Milanova, W. Huang, and Y. Dong. CFL-reachability and context-sensitive integrity types. In Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools, PPPJ '14, pages 99--109, New York, NY, USA, 2014. ACM. Google ScholarCross Ref
- R. Padhye and U. P. Khedker. Interprocedural data flow analysis in Soot using value contexts. In Proceedings of the 2Nd ACM SIGPLAN International Workshop on State Of the Art in Java Program Analysis, SOAP '13, pages 31--36, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. CryptDB: Protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, SOSP '11, pages 85--100, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- S. Rass and D. Slamanig. Cryptography for Security and Privacy in Cloud Computing. Artech House, Inc., Norwood, MA, USA, 2013. Google ScholarDigital Library
- A. Sampson, W. Dietl, E. Fortuna, D. Gnanapragasam, L. Ceze, and D. Grossman. Enerj: Approximate data types for safe and general low-power computation. In Proceedings of the 32Nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '11, pages 164--174, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- M. Shah, E. Stark, R. A. Popa, and N. Zeldovich. Language support for efficient computation over encrypted data. In Off the Beaten Track Workshop: Underrepresented Problems for Programming Language Researchers, Philadelphia, PA, January 2012.Google Scholar
- S. D. Tetali, M. Lesani, R. Majumdar, and T. Millstein. MrCrypt: Static analysis for secure cloud computations. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA '13, pages 271--286, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
- S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Untrusted hosts and confidentiality: Secure program partitioning. In Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, SOSP '01, pages 1--14, New York, NY, USA, 2001. ACM. Google ScholarDigital Library
Recommendations
MrCrypt: static analysis for secure cloud computations
OOPSLA '13: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applicationsIn a common use case for cloud computing, clients upload data and computation to servers that are managed by a third-party infrastructure provider. We describe MrCrypt, a system that provides data confidentiality in this setting by executing client ...
MrCrypt: static analysis for secure cloud computations
OOPSLA '13In a common use case for cloud computing, clients upload data and computation to servers that are managed by a third-party infrastructure provider. We describe MrCrypt, a system that provides data confidentiality in this setting by executing client ...
Confidential deniable authentication using promised signcryption
In a deniable authentication protocol, a receiver is convinced that a received message is indeed from a particular sender, but cannot prove this to any third party. Deniable authentication protocols satisfy deniability and intended receiver properties. ...
Comments