ImPACT: A networked service architecture for safe sharing of restricted data

Journal Article (Journal Article)

In this paper we describe an architecture developed and prototyped in the course of the NSF-funded project called ImPACT—Infrastructure for Privacy-Assured CompuTations. This architecture addresses the common problems that arise from the need to securely store, control access to and process privacy-restricted data in a multi-institutional, multi-stakeholder setting. Specifically the architecture includes several components—a way to publicly advertise a limited set of data attributes without exposing the sensitive data itself; a set of mechanisms for a data owner to specify and automatically enforce complex data-access policies commonly expressed today as Data Use Agreements (DUAs); a way to securely collect digital attestations from multiple stakeholders to satisfy those policies; and a reproducible template to deploy secure processing enclaves in which groups of researchers can analyze the data in a way that complies with data owner policies using the tools of their choice. The paper describes the architecture and its instantiation in a prototype, providing a performance evaluation of several components.

Full Text

Duke Authors

Cited Authors

  • Baldin, I; Chase, J; Crabtree, J; Nechyba, T; Christopherson, L; Stealey, M; Kneifel, C; Orlikowski, V; Carter, R; Scott, E; Sone, A; Sizemore, D

Published Date

  • April 1, 2022

Published In

Volume / Issue

  • 129 /

Start / End Page

  • 269 - 285

International Standard Serial Number (ISSN)

  • 0167-739X

Digital Object Identifier (DOI)

  • 10.1016/j.future.2021.11.026

Citation Source

  • Scopus