Curie: Policy-based Secure Data Exchange
It addresses the need for mechanisms to manage conflicting data-sharing relationships in domains like healthcare, though it appears incremental by building on existing secure computation and differential privacy frameworks.
The paper tackles the problem of secure data exchange among partners with complex relationships by introducing Curie, a policy-based approach that uses a policy language (CPL) to negotiate and implement sharing agreements via secure multi-party computation, validated in a healthcare application with exploration of policy and performance trade-offs.
Data sharing among partners---users, organizations, companies---is crucial for the advancement of data analytics in many domains. Sharing through secure computation and differential privacy allows these partners to perform private computations on their sensitive data in controlled ways. However, in reality, there exist complex relationships among members. Politics, regulations, interest, trust, data demands and needs are one of the many reasons. Thus, there is a need for a mechanism to meet these conflicting relationships on data sharing. This paper presents Curie, an approach to exchange data among members whose membership has complex relationships. The CPL policy language that allows members to define the specifications of data exchange requirements is introduced. Members (partners) assert who and what to exchange through their local policies and negotiate a global sharing agreement. The agreement is implemented in a multi-party computation that guarantees sharing among members will comply with the policy as negotiated. The use of Curie is validated through an example of a health care application built on recently introduced secure multi-party computation and differential privacy frameworks, and policy and performance trade-offs are explored.