APPLICATIONS OF TECHNOLOGY:
- Data security and privacy for data containing sensitive information, such as data containing personally-identifying information, personal health information, proprietary information, and/or other regulated or sensitive data sources, such as health records, transportation data, smart meters, and more
- Data storage, e.g., cloud providers
- Stronger security and privacy, including protection from insider attacks and negligence
- Improved usability
- Scales to HPC levels
- Generality for the programmer/researcher
- Performance comparable to computing in cleartext
Berkeley Lab researchers led by Sean Peisert have developed a scientific computing environment that leverages trusted execution environments (TEEs) to provide significantly greater confidence to sensitive data set owners that the data will not be exposed or altered. The Berkeley Lab TEEs, which operate without significant negative impacts to usability or performance, also reduce the liability exposure of the data center from negligence or insider attacks by creating an environment without internal access to raw data.
TEEs protect data through hardware isolation from other processes on the system and encryption of the data in memory and during computation. The Berkeley Lab technology strategically combines hardware TEEs, multiparty computation techniques, and/or blockchain smart contracts. The technology is configured in a distributed manner that enables a more user-friendly approach for handling data storage and retrieval operations.
Within the architecture, sensitive data cannot be computed upon unless inside the TEE; and, similarly, sensitive data cannot leave the TEE except as permitted by output policies enforced by “data guards” within the TEE. This environment defends against threats ranging from traditional “outsider” attacks to “insiders” with privileged access to computer systems, such as system administrators.
Until now, systems have been limited in their ability to provide secure data storage environments due to significant usability issues caused by high security data protection mitigations. Traditionally, there is a required aspect of trust in system administrators and anyone with either network or physical access to the machine or the sensitive data. Ultimately, the Berkeley Lab solution maintains or even increases security while also maintaining performance and usability.
DEVELOPMENT STAGE: Proven principle
STATUS: Patent pending. Available for licensing or collaborative research.
SEE THESE OTHER BERKELEY LAB TECHNOLOGIES IN THIS FIELD: