VAMS: Verifiable Auditing of Access to Confidential Data
share
The sharing of personal data has the potential to bring substantial benefits both to individuals and society, but these can be achieved only if people have confidence their data will not be used inappropriately. As more sensitive data is considered for sharing (e.g., communication records and medical records), and as it is increasingly used for making important decisions, there is a growing need for effective ways to hold data processors accountable for their actions, while protecting the privacy of individuals and the integrity of their data. We propose a system, VAMS, that allows individuals to check accesses to their sensitive personal data, and enables auditors to detect violations of policy. Furthermore, our system protects the privacy of individuals and organizations, while allowing published statistics to be publicly verified. We build two prototype systems, one based on the Hyperledger Fabric distributed ledger and another based on the Trillian verifiable log-backed map, and evaluate their performance on simulated workloads based on real-world data sets. We find that while the one based on Hyperledger Fabric may have more favorable trust assumptions in certain settings, the one based on Trillian is more scalable, achieving up to 102 transactions per second, as opposed to Hyperledger's 40.
READ FULL TEXT
