Abstract
Federated data ecosystems continue to emerge to connect previously isolated data silos across organizational boundaries over the Internet. These platforms aim to facilitate data sharing while maintaining data sovereignty, which is supposed to empower data owners to retain control over their data. However, the employed organizational security measures, such as policyenforcing middleware besides software certification, processes, and employees are insufficient to provide reliable guarantees against malicious insiders. This paper thus proposes a corresponding technical solution for federated platforms that builds on communication between Trusted Execution Environments (TEEs) and demonstrates the feasibility of technically enforceable data protection. Specifically, we provide dependable guarantees for data owners formulated via rich policies while maintaining usability as a general-purpose data exchange platform. Further, by evaluating a real-world use case that concerns sharing sensitive genomic data, we demonstrate its real-world suitability. Our findings emphasize the potential of TEEs in establishing trust and increasing data security for federated data scenarios far beyond a single use case
Citation and Download
@inproceedings{lohmoeller24,
author = {Lohmöller, Johannes and Matzutt, Roman and Loos, Joscha and Vlad, Eduard and Pennekamp, Jan and Wehrle, Klaus},
booktitle = {Proceedings of the 1st Conference on Building a Secure and Empowered Cyberspace (BuildSEC '24)},
month = {12},
title = {Complementing Organizational Security in Data Ecosystems with Technical Guarantees},
year = {2024}
}