Abstract: Techniques for detecting tampering in a data processing pipeline are provided. At a high level, these techniques involve instrumenting each transformer in the data processing pipeline to (1) compute a digest of the input data it actually receives for processing, and (2) generate an immutable log entry that records, among other things, the computed input digest and a digest of the resulting output data. With this approach, if an adversary attempts to tamper with the input data for a transformer, the tampering will be evident due to an “orphaned link scenario” in which the input digest for the log entry generated by that transformer fails to map to the output digest of any other log entry (or to the digest of input data from a known data source).

Abstract: Techniques for implementing an evidence data collector (EDC) service using content addressable storage are provided. At a high level, the EDC service can receive a request for data (referred to herein as an evidence query) regarding an activity, component, or artifact of the data processing pipeline, process the evidence query by collecting the data from one or more data sources associated with the pipeline, and return a response (referred to herein as an evidence claim) that includes a reference to the collected data. In certain embodiments, the EDC service can maintain the collected data for each evidence query (or a digest of that data) in a content addressable storage system, which enables observers/verifiers to detect and remediate man-in-the-middle attacks on the EDC service.

Abstract: The current document is directed to methods and systems that establish secure, verifiable chains of control for computational entities within a distributed computing system. When a computational entity is first instantiated or introduced into the distributed computing system, public and private identities are generated for the computational entity and secure control is established over the computational entity by an initial controlling entity. Subsequently, control of the computational entity may be transferred from the initial controlling entity to a different controlling entity using a secure, three-party transaction that records the transfer of control in a distributed public ledger. As control of the computational entity is subsequently transferred to different controlling entities by secure three-party transactions, a chain of control from one controlling entity to another is established and recorded in the distributed public ledger.

Abstract: The current document is directed to methods and systems that establish secure, verifiable chains of control for computational entities within a distributed computing system. When a computational entity is first instantiated or introduced into the distributed computing system, public and private identities are generated for the computational entity and secure control is established over the computational entity by an initial controlling entity. Subsequently, control of the computational entity may be transferred from the initial controlling entity to a different controlling entity using a secure, three-party transaction that records the transfer of control in a distributed public ledger. As control of the computational entity is subsequently transferred to different controlling entities by secure three-party transactions, a chain of control from one controlling entity to another is established and recorded in the distributed public ledger.