P esos : policy enhanced secure object store

Third-party storage services pose the risk of integrity and confidentiality violations as the current storage policy enforcement mechanisms are spread across many layers in the system stack. To mitigate these security vulnerabilities, we present the design and implementation of P esos , a Policy Enhanced Secure Object Store (P esos ) for untrusted third-party storage providers. P esos allows clients to specify per-object security policies, concisely and separately from the storage stack, and enforces these policies by securely mediating the I/O in the persistence layer through a single unified enforcement layer. More broadly, P esos exposes a rich set of storage policies ensuring the integrity, confidentiality, and access accounting for data storage through a declarative policy language. P esos enforces these policies on untrusted commodity platforms by leveraging a combination of two trusted computing technologies: Intel SGX for trusted execution environment (TEE) and Kinetic Open Storage for trusted storage. We have implemented P esos as a fully-functional storage system supporting many useful end-to-end storage features, and a range of effective performance optimizations. We evaluated P esos using a range of micro-benchmarks, and real-world use cases. Our evaluation shows that P esos incurs reasonable performance overheads for the enforcement of policies while keeping the trusted computing base (TCB) small.