Users of online services such as messaging, code hosting and collab-
orative document editing expect the services to uphold the integrity
of their data. Despite providers’ best efforts, data corruption still
occurs, but at present service integrity violations are excluded from
SLAs. For providers to include such violations as part of SLAs, the
competing requirements of clients and providers must be satisfied.
Clients need the ability to independently identify and prove ser-
vice integrity violations to claim compensation. At the same time,
providers must be able to refute spurious claims.
We describe LibSEAL, a SEcure Audit Library for Internet ser-
vices that creates a non-repudiable audit log of service operations
and checks invariants to discover violations of service integrity.
LibSEAL is a drop-in replacement for TLS libraries used by services,
and thus observes and logs all service requests and responses. It runs
inside a trusted execution environment, such as Intel SGX, to protect
the integrity of the audit log. Logs are stored using an embedded
relational database, permitting service invariant violations to be
discovered using simple SQL queries. We evaluate LibSEAL with
three popular online services (Git, ownCloud and Dropbox) and
demonstrate that it is effective in discovering integrity violations,
while reducing throughput by at most 14%.