SoK: Data Sovereignty

Jens Ernstberger; Jan Lauinger; Fatima Elsheimy; Liyi Zhou; Sebastian Steinhorst; Ran Canetti; Andrew Miller; Arthur Gervais; Dawn Song

Paper 2023/967

SoK: Data Sovereignty

Jens Ernstberger, Technical University of Munich

Jan Lauinger, Technical University of Munich

Fatima Elsheimy, Yale University

Liyi Zhou, Imperial College London

Sebastian Steinhorst, Technical University of Munich

Ran Canetti, Boston University

Andrew Miller, University of Illinois Urbana-Champaign

Arthur Gervais, University College London

Dawn Song, University of California, Berkeley

Abstract

Society appears to be on the verge of recognizing the need for control over sensitive data in modern web applications. Recently, many systems claim to give control to individuals, promising the preeminent goal of data sovereignty. However, despite recent attention, research and industry efforts are fragmented and lack a holistic system overview. In this paper, we provide the first transecting systematization of data sovereignty by drawing from a dispersed body of knowledge. We clarify the field by identifying its three main areas: (i) decentralized identity, (ii) decentralized access control and (iii) policy-compliant decentralized computation. We find that literature lacks a cohesive set of formal definitions. Each area is considered in isolation, and priorities in industry and academia are not aligned due to a lack of clarity regarding user control. To solve this issue, we propose formal definitions for each sub-area. By highlighting that data sovereignty transcends the domain of decentralized identity, we aim to guide future works to embrace a broader perspective on user control. In each section, we augment our definition with security and privacy properties, discuss the state of the art and proceed to identify open challenges. We conclude by highlighting synergies between areas, emphasizing the real-world benefit obtained by further developing data sovereign systems.

Metadata

Available format(s): PDF
Category: Applications
Publication info: Preprint.
Contact author(s): jens ernstberger @ tum de
jan lauinger @ tum de
fatima elsheimy @ yale edu
liyi zhou @ imperial ac uk
sebastian steinhorst @ tum de
canetti @ bu edu
socrates1024 @ gmail com
arthur @ gervais cc
dawnsong @ gmail com
History: 2023-06-20: approved; 2023-06-20: received; See all versions
Short URL: https://ia.cr/2023/967
License: CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2023/967,
      author = {Jens Ernstberger and Jan Lauinger and Fatima Elsheimy and Liyi Zhou and Sebastian Steinhorst and Ran Canetti and Andrew Miller and Arthur Gervais and Dawn Song},
      title = {{SoK}: Data Sovereignty},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/967},
      year = {2023},
      url = {https://eprint.iacr.org/2023/967}
}