|
ABSTRACT:
|
Progress in networking research depends crucially on applying novel
analysis tools to real-world traces of network activity. This often
conflicts with privacy and security requirements; many raw network
traces include information that should never be revealed to others. The
traditional resolution of this dilemma uses trace anonymization to
remove secret information from traces, theoretically leaving enough
information for research purposes while protecting privacy and
security. However, trace anonymization can have both technical and
non-technical drawbacks. We propose an alternative to trace-to-trace
transformation that operates at a different level of abstraction. Since
the ultimate goal is to transform raw traces into research results, we
say: cut out the middle step. We propose a model for shipping flexible
analysis code to the data, rather than vice versa. Our model aims to
support independent, expert, prior review of analysis code. We propose a
system design using layered abstraction to provide both ease of use, and
ease of verification of privacy and security properties. The system
would provide pre-approved modules for common analysis functions. We
hope our approach could significantly increase the willingness of trace
owners to share their data with researchers. We have loosely prototyped
this approach in previously published research.
|