Could someone advise how SONM will deal with security concerns using its platform? How effective will self learning intelligent agents and a reputation system be?
About security and private data.
1. We (SONM dev) deliver a decentralised system, run on random PCs and cannot yet technically guarantee information security on workers. This is a basic fact and today reality based on the following facts:
(a) we deliver “general computing” (x86, Docker) so encrypted “magic” not being done as part of the platform,
(b) GPUs are supported (not only CPU), so things like SGX wont alone help us now,
(c) we consider performance, so again SGX is under question as a technology to “wrap up all code”.
2. There is no sulution in the industry for this kind of environment.
3. We work on a solution called TEE (Trusted Execution Environment), which will use a complex of hardware and software technologies to verify signature of an OS image and make sure, that a running worker is unmanaged and it’s owner is not allowed inside. This work is far from being done, and when it will be - it will be one of the first in industry solutions of this kind (for general untrusted PCs).
4. Until then we have a stack of workarounds:
4.1. some projects do not need data privacy: public projects, researches, etc;
4.2. some projects can anonymise data (manually or as automated procedures) - pools of data with personal info being cut;
4.3. some projects can do encryption on application side (on the customer side) and run execution in SONM on encrypted data (as a reference example think about protonmail);
4.4. some of SONM suppliers can be known and trusted counterparties - DCs excessive capacity, known cloud providers, known mining companies etc;
4.5. if points 4.1-4.4 do not work for you, then you have to wait TEE (point 1).