Enabling secure data-driven applications: an approach to personal data management using trusted execution environments

In a rapidly evolving landscape, Personal Data Management Systems (PDMSs) provide individuals with the necessary tools to collect, manage and share their personal data. At the same time, the emergence of Trusted Execution Environments (TEEs) offers a way to address the critical challenge of securing user data while fostering a thriving ecosystem of data-driven applications. In this paper, we employ a PDMS architecture leveraging TEEs as a fundamental security foundation. Unlike conventional approaches, our architecture enables extensible data processing by integrating user-defined functions (UDFs), even from untrusted sources. Our focus is on UDFs involving potentially large sets of personal database objects, with a novel proposal to mitigate the potential risk of data leakage. We introduce security building blocks to impose an upper bound on data leakage and investigate the efficiency of several execution strategies considering different scenarios relevant to personal data management. We validate the proposed solutions through an implementation using Intel SGX on real datasets, demonstrating its effectiveness in achieving secure and efficient computations in diverse environments.