Local Personal Data Processing with Third Party Code and Bounded Leakage

Robin Carpentier; Robin Carpentier; Iulian Sandu Popa; Iulian Sandu Popa; Nicolas Anciaux; Nicolas Anciaux

doi:10.5220/0011321900003269

Local Personal Data Processing with Third Party Code and Bounded Leakage

Robin Carpentier, Robin Carpentier, Iulian Sandu Popa, Iulian Sandu Popa, Nicolas Anciaux, Nicolas Anciaux

2022

Abstract

Personal Data Management Systems (PDMSs) provide individuals with appropriate tools to collect, manage and share their personal data under control. A founding principle of PDMSs is to move the computation code to the user’s data, not the other way around. This opens up new uses for personal data, wherein the entire personal database of the individuals is operated within their local environment and never exposed outside, but only aggregated computed results are externalized. Yet, whenever arbitrary aggregation function code, provided by a third-party service or application, is evaluated on large datasets, as envisioned for typical PDMS use-cases, can the potential leakage of the user’s personal information, through the legitimate results of that function, be bounded and kept small? This paper aims at providing a positive answer to this question, which is essential to demonstrate the rationale of the PDMS paradigm. We resort to an architecture for PDMSs based on Trusted Execution Environments to evaluate any classical user-defined aggregate PDMS function. We show that an upper bound on leakage exists and we sketch remaining research issues.

Download

Paper Citation

in Harvard Style

Carpentier R., Sandu Popa I. and Anciaux N. (2022). Local Personal Data Processing with Third Party Code and Bounded Leakage. In Proceedings of the 11th International Conference on Data Science, Technology and Applications - Volume 1: DATA, ISBN 978-989-758-583-8, pages 520-527. DOI: 10.5220/0011321900003269

in Bibtex Style

@conference{data22,
author={Robin Carpentier and Iulian Sandu Popa and Nicolas Anciaux},
title={Local Personal Data Processing with Third Party Code and Bounded Leakage},
booktitle={Proceedings of the 11th International Conference on Data Science, Technology and Applications - Volume 1: DATA,},
year={2022},
pages={520-527},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011321900003269},
isbn={978-989-758-583-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Data Science, Technology and Applications - Volume 1: DATA,
TI - Local Personal Data Processing with Third Party Code and Bounded Leakage
SN - 978-989-758-583-8
AU - Carpentier R.
AU - Sandu Popa I.
AU - Anciaux N.
PY - 2022
SP - 520
EP - 527
DO - 10.5220/0011321900003269