Amanuensis: provenance, privacy, and permission in TEE-enabled blockchain data systems

Amanuensis, a TEE-enabled blockchain data-sharing system, allows data providers to set access-control lists for all data and ensures that data remains confidential in an ecosystem comprised of organizations that do not necessarily trust one another. Along with data confidentiality, Amanuensis provides information provenance – the ability to trace the origin of information that may have been derived from a series of aggregations and transformations on many input and intermediary data sets – for data created as the result of a computation. In this paper, we build on Amanuensis to ensure the freshness of access-control lists shared between the blockchain and the trusted execution environment (TEE), and to improve the privacy of users interacting within the system. We also detail how TEE-based remote attestation helps us to achieve information provenance – specifically, how to achieve information provenance in the context of the Intel SGX trusted execution environment. The paper makes three major contributions:

  • assured freshness of access-control lists stored on the blockchain,
  • expanded privacy for users interacting on blockchain, and
  • secured protocol for verifying the provenance of data produced by confidential TEE programs.

Taylor Hardin and David Kotz. Amanuensis: provenance, privacy, and permission in TEE-enabled blockchain data systems. Proceedings of the IEEE International Conference on Distributed Computing Systems, pages 144–156. IEEE, July 2022. doi:10.1109/ICDCS54860.2022.00023. ©Copyright IEEE.