Collaborative Proposal: SaTC: Frontiers: Center for Distributed Confidential Computing (CDCC)

协作提案：SaTC：前沿：分布式机密计算中心 (CDCC)

• 批准号: 2207214
• 负责人: Michael Reiter
• 金额: $ 150万
• 依托单位: Duke University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2027-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2207214&HistoricalAwards=false
• 关键词: Collaborative; Proposal; SaTC; Frontiers; Center

Advances in AI and big data analytics rely on data sharing, which can be impeded by privacy concerns. Most challenging in privacy protection is protection of data-in-use, since even encrypted data needs to be decrypted before it can be utilized, thereby exposing data content to unauthorized parties. A practical and scalable solution to the challenge will transform computing, enabling unprecedented capabilities such as confidential outsourcing, trusted computing services, and confidential or privacy-preserving collaboration. In quest of such a holy grail of data protection, this frontier project establishes multi-institution and multi-disciplinary Center for Distributed Confidential Computing (CDCC) to create a research, education, knowledge transfer and workforce development environment that enables scalable, practical, verifiable and usable data-in-use protection based upon Trusted Execution Environments (TEE) on cloud and edge systems. CDCC focuses on four building block thrusts fundamental to distributed confidential computing (DCC), regardless of specific TEE hardware, including assurance of TEE code, assurance of TEE nodes, assurance of a TEE workflow and assurance for the stakeholder. The first thrust leads to an open ecosystem for TEE code certification, not relying on any trusted party but on a trustworthy application store whose certification operations are public, accountable and verifiable. The second thrust aims to develop novel dynamic data-use policy models and enforcement mechanisms for scalable trust management and data control on the TEE nodes running certified code. The third thrust focuses on ensuring protection of the computational workflow built on TEE nodes and the last thrust studies the stakeholder's preference and expectations to guide the design of DCC technologies and ensure their usability. On top of these building blocks, the center explores various transformative applications (e.g., confidential distributed AI supports for healthcare) to be enabled. CDCC also has a number of efforts for outreach (development of a massive open online course, industry collaboration, etc.) and for broadening participation (security and privacy lab for attracting minority students, joint summer schools and others).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

AI和大数据分析的进步取决于数据共享，这可能会受到隐私问题的阻碍。在隐私保护方面，最具挑战性的是保护数据，因为即使使用加密数据才能被解密，然后才能使用它，从而将数据内容暴露于未经授权的各方。对挑战的实用和可扩展的解决方案将改变计算，从而实现前所未有的功能，例如机密外包，可信赖的计算服务以及保密或隐私的协作。为了寻求这种数据保护的圣杯，该边界项目建立了多机构和多学科的分布式机密计算中心（CDCC），以创建一个研究，教育，知识转移和劳动力开发环境，以基于受信任的执行环境（TEE）对云和边缘系统启用可扩展，实用，可证实和可用的数据使用。 CDCC专注于分布式机密计算（DCC）的四个构建阻力，无论特定的TEE硬件，包括保证TEE代码，TEE节点的保证，对利益相关者的TEE工作流程的保证和保证。第一个推力会导致开放的TEE代码认证生态系统，而不是依靠任何可信赖的方，而是在值得信赖的应用程序商店中，其认证操作是公开，负责和可验证的。第二个推力旨在开发新型的动态数据使用策略模型和执行机制，以进行可扩展的信任管理和运行经过认证代码的TEE节点的数据控制。第三个推力重点是确保保护基于TEE节点的计算工作流程，最后推力研究利益相关者的偏好和期望，以指导DCC技术的设计并确保其可用性。除了这些构建块之外，该中心还探讨了将启用各种变革性应用程序（例如，机密分布式AI支持医疗保健）。 CDCC还为宣传（开发大规模开放的在线课程，行业合作等）以及扩大参与（用于吸引少数民族学生，联合暑期学校和其他人的安全和隐私实验室）的许多努力。该奖项反映了NSF的法定任务，并被认为是通过该基金会的知识分子功能和广泛影响来评估CRITERIA的评估。

项目成果

Optimally hiding object sizes with constrained padding

通过约束填充最佳地隐藏对象大小

• 发表时间: 2023
• 期刊: IEEE Computer Security Foundations Symposium
• 作者: Reed, A. C.;Reiter, M. K.
• 通讯作者: Reiter, M. K.