Quantifying Trustworthiness in Decentralized Trusted Applications

Decentralized systems play an important role in many modern data processing applications. Due to the distributed nature of these applications, participating system components are often operated by different stakeholders with potentially conflicting interests. To prevent malicious participants from manipulating critical system components, trusted computing technologies such as Trusted Platform Modules (TPMs) or Intel’s Software Guard Extensions (SGX) can be employed. These technologies provide hardware-based access control to sensitive data and allow users to remotely verify the integrity of critical software stacks. However, not all trusted computing technologies are equally suitable for all use cases. As different technologies offer different benefits and drawbacks, it becomes quite challenging to determine if the decentralized system can be fully trusted in its current state. In this work we present a methodology for estimating the trustworthiness of decentralized systems that are being protected by trusted computing hardware. Our approach is based on a formal model describing the operational dependencies between distributed system components, as well as the required protection goals for a secure component operation. Based on this model we then show how stakeholders can calculate the trustworthiness of a specific system operation as a subjective probability (degree-of-belief). We then generalize this approach to obtain trust estimations for the entire decentralized system. Finally we demonstrate the application of our proposal using the real-world scenario of distributed usage control as an example.