GGrantIndex
← Search

CAREER: New Abstractions for Sensitive Data Management in Modern Operating Systems

$499,999FY2014CSENSF

Columbia University, New York NY

Investigators

Abstract

The evolution of data storage in modern operating systems (OSes) brings challenges for fine-grained data protection. While traditional OSes offer simple, relatively low-level data abstractions -- files and directories -- modern operating systems, including Android and iOS, embed much higher-level abstractions, such as relational databases and object-relational models. The new abstractions complicate file structures and access patterns, greatly challenging existing protection systems, such as encrypted file systems, deniable file systems, antiviruses, and anomaly detectors, which, fallen behind the times, continue to operate at file level. In this project, we are investigating new data protection abstractions that are better attuned to modern OSes. One example is a logical data object (LDO). An LDO corresponds to an application-specific resource -- such as an email, a document, or a bank account -- and includes all the data related to it, no matter how or where it is persisted (e.g., rows in databases, objects in object-relational models, files in the file system, etc.). Protection systems use LDOs to acquire rich semantics about the data to refine their effectiveness. Using LDOs, we are building HideIt, a fine-grained object hiding system that lets users select, through the familiar UIs of their unmodified applications, arbitrary objects -- such as individual emails, documents, bank accounts -- and hide or unhide them. By creating new, convenient protection abstractions, and teaching students and the broader community about them, we hope to promote a responsible approach to data management, in which users manage their data carefully, minimizing its exposure to attacks.

View original record on NSF Award Search →