Decision Support Systems are increasingly adopted to automate decision-making processes across industries, organizations and governments. However, decision support requires maintaining data privacy, integrity, and availability while ensuring customization, security, and verifiability of the decision process. Existing solutions fail to guarantee those properties altogether. Most commercial tools cater for data integrity and process customization but are centralized. This centralization potentially compromises data privacy and availability, as well as process security and verifiability. To overcome these limitations, we propose SPARTA, an approach based on Trusted Execution Environments (TEEs) that automates decision processes. To maintain data privacy, integrity, and availability, SPARTA employs efficient cryptographic techniques on notarized data with access mediated through user-defined access policies. Our solution also allows users to define decision rules, which are translated to certified software objects deployed within TEEs, thereby guaranteeing customization, verifiability, and security of the process. Based on experiments conducted on public benchmarks and synthetic data, we show that our approach is scalable and adds limited overhead compared to non-cryptographically secured solutions.

翻译：决策支持系统正日益广泛应用于工业、组织和政府部门的自动化决策流程中。然而，决策支持需要在确保决策过程可定制性、安全性和可验证性的同时，维护数据的隐私性、完整性和可用性。现有解决方案无法同时保证这些特性。大多数商业工具虽能满足数据完整性和流程定制需求，但采用中心化架构。这种中心化可能损害数据隐私与可用性，以及流程安全性与可验证性。为克服这些局限，我们提出SPARTA——一种基于可信执行环境（TEE）的自动化决策流程方法。为维护数据隐私性、完整性和可用性，SPARTA对经过公证的数据采用高效密码学技术，并通过用户定义的访问策略调控数据访问。该方案还允许用户定义决策规则，这些规则被转化为经认证的软件对象部署在TEE内，从而确保流程的可定制性、可验证性与安全性。基于公开基准测试和合成数据的实验表明，相较于非密码学保护的解决方案，我们的方法具有可扩展性且仅产生有限开销。