ROT: Retention and Operation Limitation Using TEE

Service users seek guarantees that their private data shared with service providers is handled securely and used only for intended purposes. Additionally, they may want assurances that their data will not be shared with other parties and deleted after a time. However, they have no control over the remote environments where the service provider stores and processes their data. While related privacy legislation exists, service providers do not always comply with such policies. Therefore, copies of private data can be retained and used later for malicious purposes or shared unethically. To solve these problems, a framework is proposed leveraging the trusted execution environment, which is protected against rollback and other attacks without involving additional parties, trust assumptions, or resources. Some freely available blockchain byproducts are used in a simple yet novel way to achieve that. Performance metrics of the framework's implementation show its suitability for dealing with real-life scenarios.