The recent Covid-19 pandemic has shown that individuals’ whereabouts and social contact data can be very effective in understanding a new infectious disease in a timely manner. However, due to the privacy-sensitive nature of such data, liberal societies have hesitated to even collect such data. Part of the problem is the lack of technology for securely storing and querying such data in the presence of extremely strong adversaries (e.g., state-sponsored adversaries).
This talk will present the design of CoVault, a work-in-progress system for securely storing and querying data under a very strong threat model that doesn’t place trust in any one entity or authority, and includes the complete compromise of all CPUs of a specific manufacturer, as well as many common side channel attacks. This threat model transcends prior work on database security. Technically, CoVault relies on state-of-the-art trusted execution environments, secret sharing and secure multi-party computation. While this combination is expensive in terms of computational power, we believe that this design point is worth exploring for applications like epidemic studies where security is non-negotiable, but the returns for society are extremely high.
Deepak Garg is a tenured faculty member at the Max Planck Institute for Software Systems in Kaiserslautern and Saarbruecken, Germany. His research focuses on the design of secure software systems, language-based security and programming languages. Deepak has a PhD from Carnegie Mellon University.