Context-Aware Privacy-Optimizing Address Tracing

Abstract

Application tuning requires a coordinated effort across hardware and software to achieve optimized application performance. Execution traces offer unique insights into a program’s behavior over real inputs and serve as an invaluable resource for hardware and software engineers during the co-optimization process. Unfortunately, these traces are rarely shared between technology partners because even the simplest address traces gathered from applications that utilize private data can divulge sensitive information. Developers must choose between sharing accurate and precise execution information that will lead to the best co-optimization results while protecting sensitive data. This is the fundamental tradeoff between utility and privacy in the context of program traces.Concurrently, global policy is moving in favor of providing users with privacy protections. As a field, we must develop tools, mechanisms, and primitives to uphold these regulatory protections. In this work, we utilize the leading industry standard: the LINDDUN privacy threat modeling method, to model the threats to privacy of traces. We leverage advances in information flow tracking techniques and LINDDUN’s mitigation strategies to prevent inadvertent leakage of information. We introduce multiple classes of privacy-enhancing tracing techniques that allow context-aware differentiation of what information should remain in the trace and in what amounts based on annotations of private user input. To explore how meaningful the privatized traces are, we compare cache simulation and prefetching properties. This new approach leaks as few as zero bits of sensitive information and has an order of magnitude better utility than prior work.