Glimmers: Resolving the Privacy/Trust Quagmire
ACM Hot Topics in Operating Systems (HotOS), ACM SIGOPS, Whistler, British Columbia, Canada (2017)
David Lie, Petros Maniatis
Users today enjoy access to a wealth of services that rely on user-contributed data, such as recommendation services, prediction services, and services that help classify and interpret raw data. The quality of such services inescapably relies on trustworthy contributions from users. However, validating the trustworthiness of contributions can often rely on supporting contextual data, which may contain privacy-sensitive information, such as a user's location or usage habits, creating a conflict between privacy and trust: users benefit from a higher-quality service that identifies and removes illegitimate user contributions, but, at the same time, they may be reluctant to let the service access their private information to achieve this high quality. We argue that this conflict can be resolved with a pragmatic Glimmer of Trust, which allows services to validate user contributions in a trustworthy way without forfeiting user privacy. We describe how trustworthy hardware such as Intel's SGX can be used on the client-side---in contrast to much recent work exploring SGX in cloud services---to realize the Glimmer architecture, and demonstrate how this realization is able to resolve the tension between privacy and trust in a variety of cases.