CICI: RSARC: Trustworthy Computing over Protected Datasets

CICI：RSARC：受保护数据集的可信计算

• 批准号: 1739000
• 负责人: Mayank Varia
• 金额: $ 99.5万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1739000&HistoricalAwards=false
• 关键词: CICI; RSARC; Trustworthy; Computing; over

Scientists are often stymied in their research due to the inaccessibility of relevant data. Additionally, many data owners silo data away from powerful, economical cloud computing resources due to privacy and confidentiality concerns. This project enables data scientists to compute statistics over protected datasets while simultaneously empowering the owners of the underlying datasets to maintain control over how their data is used in computations and viewed by other people. The work also brings a cryptographically secure computing engine to one of the largest collections of small to medium sized research data in the world, running on a federated datacenter operated by multiple non-trusting vendors. In doing so, this project enhances the flow of information sharing to promote transparency and accountability for data sharing and processing decisions while simultaneously reducing tenants' need to trust the cloud's behavior thanks to cryptographic protections that promote confidentiality and integrity. The project enables scientific research computing on workflows involving collaborative experiments or replication and extension of existing results when the underlying data are encumbered by privacy concerns.To accomplish this goal and enhance the economic potential of the cloud, the researchers and engineers on this project integrate and enhance three technologies they have previously developed. First, the Dataverse data management infrastructure houses, curates, and indexes social, physical, and life science data. Second, the Massachusetts Open Cloud (MOC) is a computing environment designed from the ground up to promote user control and flexibility over trust decisions. Third, Conclave compiles legacy code into a cryptographically secure multi-party computation program that can be executed on top of existing data processing frameworks like Hadoop and Spark. This project develops and open-sources the necessary cyberinfrastructure to integrate these technologies and provide a combined "secure computing element" into which data and analytics may be inserted and their resulting answers fed back. This secure computing element incorporates several designs: (i) policy-agnostic programming to ensure that legacy code may be accepted, (ii) the MOC's isolation mechanism to ensure that data owners may choose exactly which environment to entrust with their data, (iii) Conclave to hide the source data from everyone other the intended recipient (even the cloud itself), a policy engine to ensure that the data owner consents to the requested analytic, (iv) Dataverse's data classification engine to manage access control over source and derived data, and (v) a new auditing and billing mechanism to promote transparency, punish those who exceed their privileges, and provide a sustainable economic model for growth.

由于相关数据的无法访问，科学家通常会受到研究的困扰。此外，由于隐私和机密性问题，许多数据所有者的孤岛数据偏离了强大的，经济的云计算资源。该项目使数据科学家能够对受保护的数据集进行计算统计数据，同时赋予基础数据集的所有者，以保持对计算中其数据如何使用并由其他人查看的控制。这项工作还为世界上最大的中小型研究数据收藏之一带来了一个密码安全的计算引擎，该集合在由多个不信任的供应商经营的联合数据中心运行。在此过程中，该项目增强了信息共享的流动，以促进透明度和对数据共享和处理决策的问责制，同时减少租户的需求，这要归功于促进机密性和完整性的加密保护措施。该项目可以在涉及协作实验或复制和扩展现有结果的工作流程的科学研究计算时，当基础数据受到隐私问题的影响。实现这一目标并增强云的经济潜力，研究人员和工程师在该项目中综合并增强了他们先前已开发的三种技术。首先，数据管理数据管理基础架构房屋，策划和索引社会，身体和生命科学数据。其次，马萨诸塞州的开放云（MOC）是一个从头开始设计的计算环境，以促进用户控制，并且对信任决策的性能差不多。第三，candave将旧版代码汇编为一个具有密码安全的多方计算程序，该程序可以在现有数据处理框架（例如Hadoop和Spark）之上执行。该项目开发并开源了必要的网络基础结构，以整合这些技术，并提供一个组合的“安全计算元素”，其中可能会插入数据和分析，并将其结果答案提供给。此安全的计算元素包含了几种设计：（i）策略敏锐的编程，以确保可以接受遗产代码，（ii）MOC的隔离机制，以确保数据所有者可以准确选择要托付数据的环境，（iii）结论，以确保所有人的数据范围内的数据范围（甚至是数据）的策略所有者，以确保数据范围内的数据，以确保数据的策略范围（甚至是数据），以确保数据分析的策略范围，以确保数据分析的范围，以确保数据分析的范围，以确保数据分析的范围，以确保数据分析的范围，以确保数据分析的范围。管理对源和衍生数据的访问控制，以及（v）一种新的审计和计费机制，以促进透明度，惩罚那些超出其特权的人，并为增长提供可持续的经济模式。

项目成果

Brief Announcement: Federated Code Auditing and Delivery for MPC

简短公告：MPC 的联合代码审计和交付

• DOI: 10.1007/978-3-319-69084-1_20
• 发表时间: 2017
• 期刊: and Security of Distributed Systems
• 作者: Jansen, Frederick;Dak Albab, Kinan;Lapets, Andrei;Varia, Mayank
• 通讯作者: Varia, Mayank

From Usability to Secure Computing and Back Again

从可用性到安全计算并再回来

• 发表时间: 2019
• 期刊: Fifteenth Symposium on Usable Privacy and Security
• 作者: Qin, Lucy;Lapets, Andrei;Jansen, Frederick;Flockhart, Peter;Bab, Kinan;Globus-Harris, Ira;Roberts, Shannon;Varia, Mayank
• 通讯作者: Varia, Mayank

Hecate: Abuse Reporting in Secure Messengers with Sealed Sender

Hecate：使用密封发件人的安全信使中的滥用报告

• 发表时间: 2022
• 期刊: 31st USENIX Security Symposium
• 作者: Issa, Rawane;Alhaddad, Nicolas;Varia, Mayank
• 通讯作者: Varia, Mayank

Secret Sharing MPC on FPGAs in the Datacenter

数据中心 FPGA 上的秘密共享 MPC

• 发表时间: 2020
• 期刊: International Conference on Field Programmable Logic and Applications
• 作者: Wolfe, Pierre-Francois;Patel, Rushi;Munafo, Robert;Varia, Mayank;Herbordt, Martin
• 通讯作者: Herbordt, Martin

Arithmetic and Boolean Secret Sharing MPC on FPGAs in the Data Center

数据中心 FPGA 上的算术和布尔秘密共享 MPC

• 发表时间: 2020
• 期刊: IEEE Conference on High Performance Extreme Computing
• 作者: Patel, Rushi;Wolfe, Pierre-Francois;Munafo, Robert;Varia, Mayank;Herbordt, Martin
• 通讯作者: Herbordt, Martin