It Takes Two to #MeToo - Using Enclaves to Build Autonomous Trusted
Systems
release_eb56ph6fyjhk7pvuca52uqbbyq
by
Danny Harnik and Paula Ta-Shma and Eliad Tsfadia
2018
Abstract
We provide enhanced security against insider attacks in services that manage
extremely sensitive data. One example is a #MeToo use case where sexual
harassment complaints are reported but only revealed when another complaint is
filed against the same perpetrator. Such a service places tremendous trust on
service operators which our work aims to relieve.
To this end we introduce a new autonomous data management concept which
transfers responsibility for the sensitive data from administrators to secure
and verifiable hardware. The main idea is to manage all data access via a
cluster of autonomous computation agents running inside Intel SGX enclaves.
These EConfidante agents share a secret data key which is unknown to any
external entity, including the data service administrators, thus eliminating
many opportunities for data exposure. In this paper we describe a detailed
design of the EConfidante system, its flow and how it is managed and
implemented. Our #MeToo design also uses an immutable distributed ledger which
is built using components from a Blockchain framework. We implemented a proof
of concept of our system for the #MeToo use case and analyze its security
properties and implementation details.
In text/plain
format
Archived Files and Locations
application/pdf 1.3 MB
file_frla6vycxnga5fv6ljtlc2k6zu
|
arxiv.org (repository) web.archive.org (webarchive) |
1808.02708v1
access all versions, variants, and formats of this works (eg, pre-prints)