SoK: Data Sovereignty

Jens Ernstberger*, Jan Lauinger, Fatima Elsheimy, Liyi Zhou, Sebastian Steinhorst, Ran Canetti, Andrew Miller, Arthur Gervais, Dawn Song

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Society appears to be on the verge of recognizing the need for control over sensitive data in modern web applications. Recently, many systems claim to give control to individuals, promising the preeminent goal of data sovereignty. However, despite recent attention, research and industry efforts are fragmented and lack a holistic system overview. In this paper, we provide the first transecting systematization of data sovereignty by drawing from a dispersed body of knowledge. We clarify the field by identifying its three main areas: (i) decentralized identity, (ii) decentralized access control and (iii) policy-compliant decentralized computation. We find that literature lacks a cohesive set of formal definitions. Each area is considered in isolation, and priorities in industry and academia are not aligned due to a lack of clarity regarding user control. To solve this issue, we propose formal definitions for each sub-area. By highlighting that data sovereignty transcends the domain of decentralized identity, we aim to guide future works to embrace a broader perspective on user control. In each section, we augment our definition with security and privacy properties, discuss the state of the art and proceed to identify open challenges. We conclude by highlighting synergies between areas, emphasizing the real-world benefit obtained by further developing data sovereign systems.

Original languageEnglish
Title of host publicationProceedings - 8th IEEE European Symposium on Security and Privacy, Euro S and P 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages122-143
Number of pages22
ISBN (Electronic)9781665465120
DOIs
StatePublished - 2023
Externally publishedYes
Event8th IEEE European Symposium on Security and Privacy, Euro S and P 2023 - Delft, Netherlands
Duration: 3 Jul 20237 Jul 2023

Publication series

NameProceedings - 8th IEEE European Symposium on Security and Privacy, Euro S and P 2023

Conference

Conference8th IEEE European Symposium on Security and Privacy, Euro S and P 2023
Country/TerritoryNetherlands
CityDelft
Period3/07/237/07/23

Fingerprint

Dive into the research topics of 'SoK: Data Sovereignty'. Together they form a unique fingerprint.

Cite this