DataSafe - A Hardware-Software Architecture for Self-Protecting Data

Web Published:

Princeton Docket #14-2960

Computer applications are downloaded frequently from unknown sources. One has to trust that the applications do not do anything harmful. In cloud computing, third-party applications are frequently used, like analytics or management programs, to process proprietary or high value data. If these applications are allowed to process confidential or sensitive data, one has to trust that they do not intentionally or inadvertently leak data.  Similarly, many applications are downloaded into smartphones from App stores.  Smartphone users  may give permission for the application to access their private data, but do not want their data to be disseminated to other parties.  Allowing third-party applications to process sensitive data poses several challenges.


To address these challenges, researchers in the Department of Electrical Engineering at Princeton University have developed novel software-hardware security architecture, DataSafe, for self-protecting data: data that is protected by a given policy whenever it is accessed by any application – including unvetted third-party applications. Applications need not be modified on a DataSafe-enabled machine to use its protections. The owner of data has to identify which data he wants to protect, with which confidentiality policy.


This proposed architecture is designed to prevent illegitimate secondary dissemination of protected plaintext data by authorized recipients, to track and protect data derived from sensitive data, and to provide lifetime enforcement of the confidentiality policies associated with the sensitive data. The DataSafe software components enable the use of flexible high-level security policies for protecting the data, seamlessly translating these policies to hardware tags at run-time. DataSafe hardware components can be added to any microprocessor, to track protected data during execution and prevent the output of protected data from the machine, according to the hardware output-restriction tags derived from the software policy associated with the data.



·         Data protection


·         Cyber security


·         Running unvetted applications on sensitive data, securely



·         Prevent illegitimate secondary dissemination of protected plaintext data after recipients or applications have been authorized to access the data


·         Tracks and protects data derived from sensitive data


·         Provides lifetime protection of data confidentiality




Yu-Yuan Chen, Pramod Jamkhedkar and Ruby Lee, “A hardware-software architecture for self-protecting

data.” Proceedings of the ACM Computer and Communication Security Conference, October 2012. Presented at ACM CCS Conference on Oct 16, 2012.


Yu-Yuan Chen, "Architecture for Data-Centric Security", PhD Thesis, Electrical Engineering Department, Princeton, NJ, Princeton University, November 2012. Thesis Advisor: Prof. Ruby B. Lee.  Relevant chapters: chapters 5 and 6. PhD defense presentation Oct 12, 2012.


Faculty Inventor


Ruby B. Lee is the Forrest G. Hamrick Professor in Engineering and Professor of Electrical Engineering at Princeton University, with an affiliated appointment in the Computer Science Department. She is the director of the Princeton Architecture Laboratory for Multimedia and Security (PALMS). Professor Lee is an expert in hardware-enhanced security and has designed architectures for secure processors, secure caches that do not leak information through side-channel attacks, and secure servers for cloud computing. Her research is in the intersection of computer architecture and cyber security.  She is a Fellow of the Association for Computing Machinery (ACM) and a Fellow of the Institute of Electrical and Electronic Engineers (IEEE). She holds over 120 U.S. and international patents.


Intellectual Property Status

 Patent protection is pending.

Princeton is seeking to identify appropriate partners for the further development and commercialization of this technology.



John Ritter
Princeton University Office of Technology Licensing • (609) 258-1570•

Laurie Bagley
Princeton University Office of Technology Licensing • (609) 258-5579•



Patent Information:
Computers and Software
For Information, Contact:
John Ritter
Princeton University
Ruby Lee
Pramod Jamkhedkar
Yu-Yuan Chen
data security