Verona: A Platform for Developing and Deploying Secure Computation for Data Scientists

Analyzing user data while preserving user privacy can be difficult, if not impossible. Staying ahead of bad actors requires expert cryptographic skills, but not every company has the resources to hire a staff of crypto experts or invest in special hardware.

However, data analysis with privacy-preserving features is not a star-crossed proposition. Galois plans to address these issues with Verona – a software platform currently in development (and which uses Shakespeare’s Romeo and Juliet for its taxonomy).

Verona will be designed to deliver secure computation (SC) to data scientists and other programmers who are not experts in cryptography. Verona will also allow security engineers – separately or simultaneously – to create a library of reusable security profiles that configure Verona applications to meet security needs, without customizing applications to do it.

If the project is successful, Verona will be unique: a software development platform that makes it easy to use SC technology, and can employ multiple SC paradigms in different parts of the same application to optimize performance.

Here’s an overview of the Verona software platform’s goals:

• Allow programmers to write in Julia, with security-conscious datatypes, but without needing to carefully orchestrate applications to use privacy-preserving secure computation. We call Julia, along with the additional security-conscious data type system, JuliaSC.
• Develop a security domain specific language, ROMIO (Runtime Operational Model for Interoperability and Orchestration), to allow security officers to specify information security requirements, verifiable execution requirements, and network architectures for application execution.
• Ensure the ability to use of multiple SC backends, rather than just one, even within individual applications.
• Provide two evaluative modes: resource estimation or application execution.
• Execute applications in a DevOps environment that stands up a virtual network for the app, runs the app, returns computation results to specified parties, and then tears down the network.

A Tale of JuliaSC and ROMIO

Verona will be designed to take advantage of the meta-programming features in the mainstream Julia programming language, so that JuliaSC programs can be compiled by an unmodified Julia compiler. This capability removes the need for programmers to learn complex new programming languages to use SC, and instead  focus entirely on what they do best: write good programs.

JuliaSC modules in Verona provide new datatypes that indicate  what specific data is private, which parties can see results, and when (or if) data is no longer private. Programmers will select different security profiles, which would be developed separately (or simultaneously) by security engineers using Verona’s ROMIO security profile language.

Evaluation is Such Sweet Sorrow

After compilation, Verona allows either resource estimation or execution. Secure computation techniques are well known for their tendency to consume substantial system resources. Verona allows programmers to get accurate estimates of memory utilization, runtime, and network bandwidth consumption before committing to application runs that might take hours (or longer).

Once the programmer is ready to run the application,  Verona will stand up the necessary virtual network architecture, program each server in that architecture with the appropriate identity and executable code, and then orchestrate encryption of input data, its distribution to appropriate servers, and execution of the program on those servers.

Finally, Verona will deliver computation results to appropriate parties, decrypt those results, and convert the decrypted data into appropriate types for continuing computation. Note that an application may have several secure computation blocks, and each block will run this set of steps.

This Story Doesn’t End in Woe

Unlike Shakespeare’s star-crossed young lovers, ROMIO and JuliaSC reconcile the disputes of their different backgrounds, ably assisted by a helpful Friar. Their monologue, dialogue, and epilogue ends with a robust data analysis application that keeps user data private.

This research is based upon work supported in part by the Office of the Director of National Intelligence (ODNI), Intelligence Advanced Research Projects Activity (IARPA) via Contract No. 2019-1902070006. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies, either express or implied, of ODNI, IARPA, or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for governmental purposes notwithstanding any copyright annotation therein.