New Abstractions for Responsible Data Management

Speaker  Roxana Geambasu

Affiliation  University of Washington

Host  Helen Wang

Duration  01:27:37

Date recorded  5 December 2013

Modern mobile and cloud technologies, which billions of users rely upon to access and host sensitive data, have become easy targets for theft, espionage, hacking, and legal attacks. Despite the threats, today's data management practices are looser and more irresponsible than ever. Although prone to theft and loss, mobile devices are saturated with confidential information due to careless operating system design that never securely erases data and applications that hoard it aggressively for performance. Cloud services accumulate endless logs of user activity, such as searches, site visits, and locations; they retain them for extended periods of time, mine them for business value, and at times share them with others – all without the users' knowledge or control. This has become an untenable situation.

In this talk, I will describe my ongoing efforts to design, build, and deploy systems to facilitate a more rigorous and responsible approach to data management in clouds and on mobile devices. These efforts are organized in two directions: (1) devising new abstractions for mobile and cloud programmers to better reason about the data they hoard, whether it is all needed, and how it can be trimmed to promote security; and (2) creating tools to increase user awareness about how their data is being managed, what it is being used for, with whom it is being shared, etc. As examples of each direction, I will describe two systems that we are now building and evaluating with encouraging results. CleanOS (published at OSDI'12) is an Android-based OS that provides programmers with a sensitive data object abstraction, and manages that abstraction rigorously to prevent its accumulation on a theft-prone device. xRay (in progress) is a browser plugin that lets users audit how Web services, such as Amazon, Gmail, or YouTube, use their personal data (e.g., search or purchase history, emails, etc.) to target ads, products, or prices.

©2013 Microsoft Corporation. All rights reserved.
> New Abstractions for Responsible Data Management