This work addresses the challenge of jointly training AI models across mutually untrusting parties while simultaneously protecting sensitive data and enforcing heterogeneous policy requirements. To this end, the authors propose a middleware framework leveraging Trusted Execution Environments (TEEs), which uniquely integrates sticky policies with TEEs to enable dynamic, fine-grained mandatory access control throughout the entire data lifecycle—including usage, derivation, and transfer. The framework achieves this through policy-driven runtime sandboxing, secure data processing pipelines, and hardware-enforced isolation. Experimental results demonstrate that the system supports efficient collaborative training with strong privacy guarantees, incurs manageable performance overhead on a single node, and scales effectively in distributed settings.

Protecting sensitive information in data-driven collaborations, such as AI training, while meeting the diverse requirements of multiple mutually distrusted stakeholders, is both crucial and challenging. This paper presents Styx, a novel framework to address this challenge by integrating sticky policies with Trusted Execution Environments (TEEs). At a high level, Styx employs a hardware-TEE-protected middleware with a programming language runtime to form a sandboxed environment for both the data processing and policy enforcement. We carefully designed a data processing workflow and pipelines to enable a strong yet flexible data-specific policy enforcement throughout the entire data lifecycle and data derivation to achieve data-in-use protection, data lifecycle protection and dynamic collaboration. We implemented Styx and demonstrated its ability to make collaborative computing, such as joint AI training, more secure, privacy-preserving, and policy-compliant. Our evaluation shows the performance overheads imposed by Styx are reasonable on single-node computation with the capability to scale to a large distributed multi-node deployment.