Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels

Alan M. Dunn; Michael Z. Lee; Suman Jana; Sangman Kim; Mark Silberstein; Yuanzhong Xu; Vitaly Shmatikov; Emmett Witchel

Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels

Alan M. Dunn, Michael Z. Lee, Suman Jana, Sangman Kim, Mark Silberstein, Yuanzhong Xu, Vitaly Shmatikov, Emmett Witchel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Modern systems keep long memories. As we show in this paper, an adversary who gains access to a Linux system, even one that implements secure deallocation, can recover the contents of applications' windows, audio buffers, and data remaining in device drivers-long after the applications have terminated. We design and implement Lacuna, a system that allows users to run programs in “private sessions.” After the session is over, all memories of its execution are erased. The key abstraction in Lacuna is an ephemeral channel, which allows the protected program to talk to peripheral devices while making it possible to delete the memories of this communication from the host. Lacuna can run unmodified applications that use graphics, sound, USB input devices, and the network, with only 20 percentage points of additional CPU utilization.

Original language	English
Title of host publication	Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012
Pages	61-75
Number of pages	15
ISBN (Electronic)	9781931971966
State	Published - 2012
Externally published	Yes
Event	10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 - Hollywood, United States Duration: 8 Oct 2012 → 10 Oct 2012

Publication series

Name	Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

Conference

Conference	10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012
Country/Territory	United States
City	Hollywood
Period	8/10/12 → 10/10/12

All Science Journal Classification (ASJC) codes

Information Systems
Computer Networks and Communications
Hardware and Architecture

Cite this

Dunn, A. M., Lee, M. Z., Jana, S., Kim, S., Silberstein, M., Xu, Y., Shmatikov, V., & Witchel, E. (2012). Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. In Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 (pp. 61-75). (Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012).

@inproceedings{eacbcd9f4167439088805afe770a09e8,

title = "Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels",

abstract = "Modern systems keep long memories. As we show in this paper, an adversary who gains access to a Linux system, even one that implements secure deallocation, can recover the contents of applications' windows, audio buffers, and data remaining in device drivers-long after the applications have terminated. We design and implement Lacuna, a system that allows users to run programs in “private sessions.” After the session is over, all memories of its execution are erased. The key abstraction in Lacuna is an ephemeral channel, which allows the protected program to talk to peripheral devices while making it possible to delete the memories of this communication from the host. Lacuna can run unmodified applications that use graphics, sound, USB input devices, and the network, with only 20 percentage points of additional CPU utilization.",

author = "Dunn, {Alan M.} and Lee, {Michael Z.} and Suman Jana and Sangman Kim and Mark Silberstein and Yuanzhong Xu and Vitaly Shmatikov and Emmett Witchel",

note = "Publisher Copyright: {\textcopyright} 2012 by The USENIX Association. All Rights Reserved.; 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012 ; Conference date: 08-10-2012 Through 10-10-2012",

year = "2012",

language = "الإنجليزيّة",

series = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",

pages = "61--75",

booktitle = "Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012",

}

Dunn, AM, Lee, MZ, Jana, S, Kim, S, Silberstein, M, Xu, Y, Shmatikov, V & Witchel, E 2012, Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. in Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012. Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012, pp. 61-75, 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012, Hollywood, United States, 8/10/12.

Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels. / Dunn, Alan M.; Lee, Michael Z.; Jana, Suman et al.
Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012. 2012. p. 61-75 (Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Eternal sunshine of the spotless machine

T2 - 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

AU - Dunn, Alan M.

AU - Lee, Michael Z.

AU - Jana, Suman

AU - Kim, Sangman

AU - Silberstein, Mark

AU - Xu, Yuanzhong

AU - Shmatikov, Vitaly

AU - Witchel, Emmett

PY - 2012

Y1 - 2012

N2 - Modern systems keep long memories. As we show in this paper, an adversary who gains access to a Linux system, even one that implements secure deallocation, can recover the contents of applications' windows, audio buffers, and data remaining in device drivers-long after the applications have terminated. We design and implement Lacuna, a system that allows users to run programs in “private sessions.” After the session is over, all memories of its execution are erased. The key abstraction in Lacuna is an ephemeral channel, which allows the protected program to talk to peripheral devices while making it possible to delete the memories of this communication from the host. Lacuna can run unmodified applications that use graphics, sound, USB input devices, and the network, with only 20 percentage points of additional CPU utilization.

AB - Modern systems keep long memories. As we show in this paper, an adversary who gains access to a Linux system, even one that implements secure deallocation, can recover the contents of applications' windows, audio buffers, and data remaining in device drivers-long after the applications have terminated. We design and implement Lacuna, a system that allows users to run programs in “private sessions.” After the session is over, all memories of its execution are erased. The key abstraction in Lacuna is an ephemeral channel, which allows the protected program to talk to peripheral devices while making it possible to delete the memories of this communication from the host. Lacuna can run unmodified applications that use graphics, sound, USB input devices, and the network, with only 20 percentage points of additional CPU utilization.

UR - http://www.scopus.com/inward/record.url?scp=84977840356&partnerID=8YFLogxK

M3 - منشور من مؤتمر

T3 - Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

SP - 61

EP - 75

BT - Proceedings of the 10th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2012

Y2 - 8 October 2012 through 10 October 2012

ER -

Eternal sunshine of the spotless machine: Protecting privacy with ephemeral channels

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this