A software-hardware architecture for self-protecting data

Yu Yuan Chen, Pramod A. Jamkhedkar, Ruby B. Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

51 Scopus citations


We propose a software-hardware architecture, DataSafe, that realizes the concept of self-protecting data: data that is protected by a given policy whenever it is accessed by any application - including unvetted third-party applications. Our architecture provides dynamic instantiations of secure data compartments (SDCs), with hardware monitoring of the information flows from the compartment using hardware policy tags associated with the data at runtime. Unbypassable hardware output control prevents confidential information from being leaked out. Unlike previous hardware information flow tracking systems, DataSafe software architecture bridges the semantic gap by supporting flexible, high-level software policies for the data, seamlessly translating these policies to efficient hardware tags at runtime. Applications need not be modified to interface to these software-hardware mechanisms. DataSafe architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide lifetime enforcement of the confidentiality policies associated with the sensitive data.

Original languageEnglish (US)
Title of host publicationCCS'12 - Proceedings of the 2012 ACM Conference on Computer and Communications Security
Number of pages14
StatePublished - 2012
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States
Duration: Oct 16 2012Oct 18 2012

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/TerritoryUnited States
CityRaleigh, NC

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


  • Architecture
  • Information flow tracking
  • Self-protecting data


Dive into the research topics of 'A software-hardware architecture for self-protecting data'. Together they form a unique fingerprint.

Cite this