ImPACT

In this paper we describe an architecture developed and prototyped in the course of the NSF-funded project called ImPACT—Infrastructure for Privacy-Assured CompuTations. This architecture addresses the common problems that arise from the need to securely store, control access to and process privacy-restricted data in a multi-institutional, multi-stakeholder setting. Specifically the architecture includes several components—a way to publicly advertise a limited set of data attributes without exposing the sensitive data itself; a set of mechanisms for a data owner to specify and automatically enforce complex data-access policies commonly expressed today as Data Use Agreements (DUAs); a way to securely collect digital attestations from multiple stakeholders to satisfy those policies; and a reproducible template to deploy secure processing enclaves in which groups of researchers can analyze the data in a way that complies with data owner policies using the tools of their choice. The paper describes the architecture and its instantiation in a prototype, providing a performance evaluation of several components. • Analysis of sensitive data in multi-institutional setting is challenging. • Common solutions today are heavily centralized, reducing autonomy of decisions for stakeholders. • ImPACT is a distributed architecture addressing pain points in this problem space. • ImPACT prototype heavily leverages CILogon federated identity management mechanisms.