Sealed computation: a mechanism to support privacy-aware trustworthy cloud service

The purpose of this study is to propose an approach to avoid having to trust a single entity in cloud-based applications. In cloud computing, data processing is delegated to a remote party for efficiency and flexibility reasons. A practical user requirement usually is data privacy; hence, the confidentiality and integrity of data processing needs to be protected. In the common scenarios of cloud computing today, this can only be achieved by assuming that the remote party does not in any form act maliciously.

An approach that avoids having to trust a single entity is proposed. This approach is based on two concepts: the technical abstraction of sealed computation, i.e. a technical mechanism to confine a privacy-aware processing of data within a tamper-proof hardware container, and the role of an auditing party that itself cannot add functionality to the system but is able to check whether the system (including the mechanism for sealed computation) works as expected.

Discussion and analysis of the abstract, technical and procedural requirements of these concepts and how they can be applied in practice are explained.

A preliminary version of this paper was published in the proceedings of the second International Workshop on SECurity and Privacy Requirements Engineering (SECPRE, 2018).