IEEE Technology and Society Magazine - Fall 2014 - 52

VM provisioning and management: When a TCF is to be launched
a virtual machine (VM) must first
be provisioned that suits the desired
TCF. These include processes that
interact with the underlying layers
(e.g., hypervisor layer), processes
for memory management, processes related to security management, and others.
Framework bootstrapping: Inside
the TCF, there are several processes
that need to be started and managed
related to the support of the TCC.
These include shared databases, API
end-points, registries, and so on.
Some of these processes will be utilized by the applications that are run
by the TCC.
Policy and applications management: Since the TCF by design supports the importation and the running
of applications as part of the TCC
these applications must be instrumented and managed through the
TCF. It is envisioned that much of
the social network supporting applications will operate inside the TCC.
Security and self-protection: As
an infrastructure supporting TCCs,
the TCF must provide security and
resiliency against possible attacks
(e.g., DDOS attacks from external
sources, interference from adjacent
VMs in a multi-tenant environment, etc.).
At a minimum, an individual
person can represent himself or
herself as a solitary unit by creating a lone or private TCC cell
contained within a TCF. Using the
same cell paradigm, the person can
launch another distinct TCC that he
or she can then use to establish a
community-shared TCC.

Data Commons
and Digital Law
The OMS architecture and functionality is inspired not just by Reed's
analysis of how to reap value from
networks, but also by the extensive
scholarship of Elinor Ostrom, the
Nobel Laureate in economics in
2009. Ostrom's pioneering work
identified key principles by which
52

self-organized groups can manage
common-pool resources in fair and
sustainable ways [4]. If data were
to be regarded as a common-pool
resource, Ostrom's research suggests that it would be possible for
online groups to devise their own
data commons to manage their personal data in their own interests.
These insights open the possibility
for the data commons to be the basis
for self-organizing digital institutions
in which law would have a very different character from the kinds of law
we know today. The development of
"digital law" in self-organizing digital institutions would enable users to
devise new types of legal contracts
that are computationally expressible and executable. New forms of
law based on computable code could
provide powerful new platforms for
governance and new checks against
corruption and insider collusion [4].
Law could become more dynamic,
evolvable and outcome-oriented, and
the art of governance could be subject
to the iterative innovations of Moore's
Law. Designs could be experimentally
tested, evaluated by actual outcomes,
and made into better iterations.
The vision of a data-driven society [5]-[7] is not likely to progress,
however, unless we can develop credible systems of law and governance to
protect the security and private of personal data. Open Mustard Seed seeks
to provide just such a platform. The
remainder of this chapter is a semitechnical discussion of the design of
the OMS infrastructure. The basic
goal is to let people build their own
highly distributed social ecosystems for reliably governing shared
resources, including access to personal data. The OMS can be viewed
as a new kind of "social stack" of
protocols consisting of software and
legal trust frameworks for self-organized digital institutions.

Security and Privacy
Considerations
The OMS system is also designed to
be modular in that it can be installed
by individuals within their own

computer system, or be hosted and
operated by a third party (such as a
cloud provider). In each deployment
scenario, there are a number of security and privacy issues that emerge.
Regardless of the mode of deployment, there are a number of challenges
that are common across deployment
situations. These translate to security and privacy requirements for a
TCF/TCC design and implementation. These features protect the user's
personal data in the Personal Data
Store inside the TCC, and assure
that the TCF operates as a virtualized
resource container in the manner for
which it was designed, regardless of
the cloud provider platform on which
it is running. Some key security and
privacy requirements include unambiguous identification of each TCC
instance, unhindered operations of
a TCC instance and its enveloping TCF, and truthful attestations
reported by a TCC instance regarding
its internal status.
In the case of a hosted deployment of OMS, additional legal and
technical challenges also exist. In
a hosted multi-tenant environment
using virtualization stacks, there
is the need for non-interference
across system processes as well as
clear identification of components
and process belonging to each
OMS instance. Although a number
of these challenges still exist today,
the industry has begun providing
technological building blocks for
trustworthy computing [8]-[10] -
many of which can be used for the
TCC and TCF implementation.
For example, a hardware-based
"root of trust" could be used as the
basis for truthful attestations regarding not only the TCF (and the TCCs it
supports), but also for the entire virtualization stack. The wide availability
of hardware such as Trusted Platform
Module (TPM) [8] on both client
and server hardware can be used as
a starting point to address the security needs of the TCF and TCC. Features such as "trusted boot" of a TCF
could be deployed more widely if
this trustworthy computing hardware

IEEE TECHNOLOGY AND SOCIETY MAGAZINE

FALL 2014

Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - Fall 2014