Interview: Meet CoCEM – Confidential Computing Enclaves for the Masses

In a scenario where you need to share confidential data with someone else, how can you make sure this data won’t be used for other purposes, shared or even stolen? Nicolae Paladi from CoCEM project is here to tell you how!

Can you briefly introduce yourself?

My name is Nicolae Paladi, I am a computer security researcher based in Stockholm, Sweden. I am the co-founder of CanaryBit, a company that uses the latest advancements in Privacy Enhancing Technologies, cryptography, and confidential computing to build secure data analytics services. I am also a part-time researcher at Lund University. In my free time, I organize tech meet-ups and go for kayaking adventures wherever I find water and a kayak.

What is your motivation to work in the data portability field?

We are all increasingly aware of the immense importance and value of data – be it personal, business, production, or research data. The current technological and economic model helps a handful of giant technology companies aggregate and centralize data ownership. We provide an alternative, allowing data controllers to manage, process, and monetize their data without giving it away.

How did you hear about DAPSI and what drove you to apply?

A former colleague obtained an NGI (New Generation Internet) grant and advised me to apply to the NGI DAPSI program. The DAPSI call was very relevant to what we do so I applied to help realize this project idea.

In simple words, what challenges does your project address?

We are working on a solution that allows confidential data collaboration between data owners and business intelligence actors. Today, data owners that do not have the necessary data analysis capacity (for example software or expertise) often choose to transfer data to a third-party business intelligence actor for processing. This means giving data away in clear text, with no verifiable technical way to prevent it from being used for other purposes, transferred to other parties, or simply being stolen. In rare cases, business intelligence actors transfer their data processing setup to the data owners, at the risk of losing control over valuable intellectual property.

What solution are you developing?

We are developing a solution that helps entities maintain ownership over their digital assets (data, code, algorithms) whenever they are being used. The idea for this solution first came up from an anecdotal case in climate research: in her PhD work, my wife used high-resolution satellite imagery to map in detail several instances of coastal erosion in the Arctic. She was later looking for a way to collaborate with a foreign researcher who developed a machine learning model capable to extrapolate the mapping on a pan-Arctic scale. Unfortunately, the collaboration did not work out, since she was not allowed to share the imagery and her colleague was reluctant to share the model.

The solution we are developing within the DAPSI program will help this and many similar situations when two or more parties need to establish a trustworthy relation for confidential data analysis. This means that they can collaborate, process data sets, and obtain the results without having to give away either their digital assets: data sets, software applications, machine learning models, and algorithms. Fundamentally, our solution helps establish an automated, mutual, cryptographically verifiable trust relationship between entities that want to collaborate for data processing. What makes this solution unique is the combination of the latest Privacy Enhancing Technologies and Confidential Computing for verifiable security, along with the strong focus on usability (hence the cheeky title of our DAPSI project: Confidential Computing Enclaves for the Masses).

What will be the next steps?

Besides extreme usability, our long-term goal is massive scalability both in terms of the number of users and in terms of the data being analyzed. We will be working on all three of these for the remaining part of the DAPSI project.