Berkeley Lab has developed a scientific computing environment that leverages trusted execution environments (TEEs) in combination with privacy-preserving technologies.
Berkeley Lab has developed a scientific computing environment that leverages trusted execution environments (TEEs) in combination with privacy-preserving technologies. TEEs protect data through hardware isolation from other processes on the system and encryption of the data in memory and during computation. The Berkeley Lab technology strategically combines hardware TEEs, multiparty computation techniques, and/or blockchain smart contracts. The technology is configured in a distributed manner that enables a more user-friendly approach for handling data storage and retrieval operations.
Within the architecture, sensitive data cannot be computed unless inside the TEE; and, similarly, sensitive data cannot leave the TEE except as permitted by output policies enforced by “data guards” within the TEE. This environment defends against threats ranging from traditional “outsider” attacks to “insiders” with privileged access to computer systems, such as system administrators. The code analyzing the sensitive data does not need to be trusted as it is sandboxed and passed through an output policy.
Applications and Industries
Data security and privacy for data containing sensitive information, such as data containing personally-identifying information, proprietary information, and/or other regulated or sensitive data sources:
- personal health information, such as health records
- financial information
- transportation data, smart meters, and more
- Secure data storage, e.g., cloud service providers, hospitals/health care service providers, banks/financial services providers
- Stronger security and privacy, including protection from insider attacks and negligence
- Improved usability
- Scales to HPC levels
- Generality for the programmer/researcher
- Performance comparable to computing in cleartex