Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A TEE-based Approach for Security and Privacy in Decision Support

Edoardo Marangone, Eugenio Nerio Nemmi, Daniele Friolo, Giuseppe Ateniese, Ingo Weber, Claudio Di Ciccio

TL;DR

SPARTA proposes a TEE-based framework for secure, private, and verifiable decision support in multi-party settings. It combines TEEs (e.g., Intel SGX) for executing custom decision logic, IPFS/IPNS for tamper-evident data storage, and a public blockchain for notarization, with DMN/FEEL/ALFA to express decision rules and access policies. The paper provides formal security analysis and a Go-based implementation, demonstrating scalability with modest overhead and memory efficiency gains from data aggregation. It also discusses limitations, including single-enclave deployment and memory constraints, and outlines avenues for future work and real-world validation.

Abstract

Decision Support Systems are increasingly adopted to automate decision-making processes across industries, organizations and governments. However, decision support requires maintaining data privacy, integrity, and availability while ensuring customization, security, and verifiability of the decision process. Existing solutions fail to guarantee those properties altogether. Most commercial tools cater for data integrity and process customization but are centralized. This centralization potentially compromises data privacy and availability, as well as process security and verifiability. To overcome these limitations, we propose SPARTA, an approach based on Trusted Execution Environments (TEEs) that automates decision processes. To maintain data privacy, integrity, and availability, SPARTA employs efficient cryptographic techniques on notarized data with access mediated through user-defined access policies. Our solution also allows users to define decision rules, which are translated to certified software objects deployed within TEEs, thereby guaranteeing customization, verifiability, and security of the process. Based on experiments conducted on public benchmarks and synthetic data, we show that our approach is scalable and adds limited overhead compared to non-cryptographically secured solutions.

A TEE-based Approach for Security and Privacy in Decision Support

TL;DR

SPARTA proposes a TEE-based framework for secure, private, and verifiable decision support in multi-party settings. It combines TEEs (e.g., Intel SGX) for executing custom decision logic, IPFS/IPNS for tamper-evident data storage, and a public blockchain for notarization, with DMN/FEEL/ALFA to express decision rules and access policies. The paper provides formal security analysis and a Go-based implementation, demonstrating scalability with modest overhead and memory efficiency gains from data aggregation. It also discusses limitations, including single-enclave deployment and memory constraints, and outlines avenues for future work and real-world validation.

Abstract

Decision Support Systems are increasingly adopted to automate decision-making processes across industries, organizations and governments. However, decision support requires maintaining data privacy, integrity, and availability while ensuring customization, security, and verifiability of the decision process. Existing solutions fail to guarantee those properties altogether. Most commercial tools cater for data integrity and process customization but are centralized. This centralization potentially compromises data privacy and availability, as well as process security and verifiability. To overcome these limitations, we propose SPARTA, an approach based on Trusted Execution Environments (TEEs) that automates decision processes. To maintain data privacy, integrity, and availability, SPARTA employs efficient cryptographic techniques on notarized data with access mediated through user-defined access policies. Our solution also allows users to define decision rules, which are translated to certified software objects deployed within TEEs, thereby guaranteeing customization, verifiability, and security of the process. Based on experiments conducted on public benchmarks and synthetic data, we show that our approach is scalable and adds limited overhead compared to non-cryptographically secured solutions.

Paper Structure

This paper contains 19 sections, 1 theorem, 10 figures, 14 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Problem illustration, running example, and requirements
  4. Approach
  5. Actors and basic components
  6. Workflow
  7. System initialization
  8. Execution
  9. Formal Analysis
  10. Useful Tools
  11. Formal Analysis
  12. Desired Properties
  13. Threat Model
  14. The Protocol
  15. Implementation and evaluation
  16. ...and 4 more sections

Key Result

Theorem 1

Assuming that $(\mathsf{Gen},\mathsf{Enc},\mathsf{Dec})$ is an Authenticated Encryption scheme and $H$ is modeled as a Random Oracle, the protocol described above satisfies Correctness, Data Privacy, Data Integrity, and Forward/Backward Secrecy and Integrity.

Figures (10)

  • Figure 1: An overview of the approach with the software components, user roles, and main information flow
  • Figure 2: Example of X.509 certificate issued by the
  • Figure 3: Memory savings for each decision
  • Figure 4: Decision execution time
  • Figure 5: Execution time with increasing number of rules
  • ...and 5 more figures

Theorems & Definitions (2)

  • Theorem 1
  • proof