Privacy Computing with Right to Be Forgotten in Trusted Execution Environment

Sharing private data is at risk of potential data breaches, including the violation of the "right to be forgotten" principle, undermining people's willingness to share their data. A common solution is to involve the Trusted Execution Environment (TEE), which allows the data provider to verify the computation process without trusting others. However, previous works have either encountered incomplete computations or lacked scalability. In this paper, we propose TEERASE, a secure data-sharing framework that addresses these issues. TEERASE protects every phase of the data lifecycle and enables individuals to share personal data with a predefined privacy budget. In particular, TEERASE applies comprehensive privacy budgeting mechanisms to efficiently manage privacy budgets and employs an asynchronized execution approach that decouples budget consumption from data computation. TEERASE records the predefined privacy budgets, verifies privacy consumption requests, updates the remaining budgets, and deletes data that have exhausted their budgets by preventing any attempts to access them. We implement a prototype of TEERASE and evaluate its effectiveness with a realistic case study on Genome-Wide Association Study.