Third-party storage services pose the risk of integrity and con-
fidentiality violations as the current storage policy enforce-
ment mechanisms are spread across many layers in the system
stack. To mitigate these security vulnerabilities, we present
the design and implementation of Pesos, a Policy Enhanced
Secure Object Store (Pesos) for untrusted third-party storage
providers. Pesos allows clients to specify per-object security
policies, concisely and separately from the storage stack, and
enforces these policies by securely mediating the I/O in the
persistence layer through a single unified enforcement layer.
More broadly, Pesos exposes a rich set of storage policies
ensuring the integrity, confidentiality, and access accounting
for data storage through a declarative policy language.
Pesos enforces these policies on untrusted commodity plat-
forms by leveraging a combination of two trusted comput-
ing technologies: Intel SGX for trusted execution environ-
ment (TEE) and Kinetic Open Storage for trusted storage. We
have implemented Pesos as a fully-functional storage system
supporting many useful end-to-end storage features, and a
range of effective performance optimizations. We evaluated
Pesos using a range of micro-benchmarks, and real-world
use cases. Our evaluation shows that Pesos incurs reasonable
performance overheads for the enforcement of policies while
keeping the trusted computing base (TCB) small.