Trusted Privacy Domains -- Challenges for Trusted Computing in Privacy-Protecting Information Sharing

This is a paper I wrote together with Hans Löhr, Ahmad-Reza Sadeghi, and Claire Vishik. It was presented at ISPEC 2009 in Xi'an, China, two weeks ago. It is mainly a position paper about privacy challenges that could be solved with concepts based on trusted computing, especially so called Trusted Virtual Domains (TVD). Our main idea is to transform the TVD concept into an enforcement architecture for privacy policies. But in addition to discussing challenges and describing the idea, we also detail out some fundamental building blocks of TVD infrastructure, which has not been done before as to our knowledge. Namely, we describe the details of how to establish a member node of a TVD on a local platform, and how trusted computing functionality, such as provided by a TPM, is used in the protocols for TVD establishment.

From the abstract:

In this paper, we propose a conceptual framework for user-controlled formal privacy policies and examine elements of its design and implementation. In our vision, a Trusted Personal Information Wallet manages private data according to a user-defined privacy policies. We build on Trusted Virtual Domains (TVDs), leveraging trusted computing and virtualization to construct privacy domains for enforcing the user's policy. We present protocols for establishing these domains, and describe the implementation of the building blocks of our framework. Additionally, a simple privacy policy for trusted privacy domains functioning between different organizations and entities across networks is described as an example. Finally, we identify future research challenges in this area.

We propose to support the enforcement of privacy policies by establishing trusted domains. These policies enables individual users or organizations to specify fine-grained instructions for the use of private information. To enforce policies, we propose a "guardian agent" for the user: a Trusted Personal Information Wallet that is transferable between platforms and performs "verification" of the trustworthiness of a remote IT system, i.e., compliance to a specified policy. The verification helps guarantee the enforcement of the user's privacy policy when sensitive information is transmitted.