Challenges of Using Trusted Computing for Collaborative Data Processing

In recent years many business processes have become more interconnected than ever before. Driven by the advance of the Internet of Things, companies rely on complex data processing chains that span over many collaborating corporations and across different countries. As a result of this development, automated data acquisition and collaborative data usage is now a foundation of many innovative and successful business models. However, despite having a clear interest in sharing valuable data with other stakeholders, data owners simultaneously need to protect their assets against illegitimate use. In order to accommodate this requirement, existing data sharing solutions contain usage control systems capable of enforcing policies on data even after they have been shared. The integrity of these policy enforcement components is often monitored by a trusted platform module (TPM) on the data receiver's side. In this work we evaluate the adequacy of TPM-based remote attestation for protecting shared data on foreign systems. In order to do so we develop an attacker model that includes privileged system users and expose attack vectors on TPM-protected data sharing applications. We show that TPMs do not provide sufficient protection against malicious administrators from competing stakeholders. Finally, we describe the advantages of using Intel's Software Guard Extensions (SGX) to protect shared data in hostile environments and propose an enhanced system architecture that includes both SGX enclaves as well as a classical TPM.