Mahiru: a federated, policy-driven data processing and exchange system
share
Secure, privacy-preserving sharing of scientific or business data is currently a popular topic for research and development, both in academia and outside of it. Systems have been proposed for sharing individual facts about individuals and sharing entire data sets, for sharing data through trusted third parties, for obfuscating sensitive data by anonymisation and homomorphic encryption, for distributed processing as in federated machine learning and secure multiparty computation, and for trading data access or ownership. However, these systems typically support only one of these solutions, while organisations often have a variety of data and use cases for which different solutions are appropriate. If a single system could be built that is flexible enough to support a variety of solutions, then administration would be greatly simplified and attack surfaces reduced. In this paper we present Mahiru, a design for a data exchange and processing system in which owners of data and software fully control their assets, users may submit a wide variety of processing requests including most of the above applications, and all parties collaborate to execute those requests in a distributed fashion, while ensuring that the policies are adhered to at all times. This is achieved through a federated, mostly decentralised architecture and a powerful policy mechanism designed to be easy to understand and simple to implement. We have created a proof-of-concept implementation of the system which is openly available and in continuous development, and which we aim to continue to extend with new functionality.
READ FULL TEXT