log in  |  register  |  feedback?  |  help  |  web accessibility
Logo
Building web applications on top of encrypted data using Mylar
George Pittarelli - University of Maryland
Wednesday, September 17, 2014, 2:00-3:00 pm Calendar
  • You are subscribed to this talk through .
  • You are watching this talk through .
  • You are subscribed to this talk. (unsubscribe, watch)
  • You are watching this talk. (unwatch, subscribe)
  • You are not subscribed to this talk. (watch, subscribe)
Abstract

Web applications rely on servers to store and process confidential
information. However, anyone who gains access to the server (e.g., an
attacker, a curious administrator, or a government) can obtain all of
the data stored there. This paper presents Mylar, a platform for
building web applications, which protects data confidentiality against
attackers with full access to servers. Mylar stores sensitive data
encrypted on the server, and decrypts that data only in users'
browsers. Mylar addresses three challenges in making this approach
work. First, Mylar allows the server to perform keyword search over
encrypted documents, even if the documents are encrypted with different
keys. Second, Mylar allows users to share keys and encrypted data
securely in the presence of an active adversary. Finally, Mylar ensures
that client-side application code is authentic, even if the server is
malicious. Results with a prototype of Mylar built on top of the Meteor
framework are promising: porting 6 applications required changing just
36 lines of code on average, and the performance overheads are modest,
amounting to a 17% throughput loss and a 50 ms latency increase for
sending a message in a chat application.

Bio

George Pittarelli is a first year PhD student in the University of Maryland, working with Dr. Bobby Bhattacharjee. His interests lie primarily in Systems and Networking.

This talk is organized by Ramakrishna Padmanabhan