查看文章

We present Guardat, an architecture that enforces rich data access policies at the storage layer. Users, application developers and system administrators can provide per-object policies to Guardat. Guardat enforces these policies and provides attestations about the state of stored objects. With Guardat, the data integrity, confidentiality and access accounting rules for a collection of objects can be stated as a single declarative policy. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies; it does not depend on correct software, configuration and operator actions in other parts of a system. Guardat allows developers, system administrators and third-party hosting platform providers to enforce concise, system-wide data protection policies based on a small trusted computing base, and to demonstrate their compliance to any party that trusts the Guardat layer. We present a design and prototype implementation of Guardat, show experimentally that the overhead of making policy checks and storing additional metadata are low, and discuss applications and policies.