Guardat: A foundation for policy-protected data

We present Guardat, an architecture that enforces rich data access policies at the storage layer. Users, application developers and system administrators can provide per-file policies to Guardat. Guardat enforces these policies and provides attestations about the state of stored files. With Guardat, the data integrity, confidentiality and access accounting rules for a collection of files can be stated as a single declarative policy. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies; it does not depend on correct software, configuration and operator actions in other parts of a system. Guardat allows developers, system administrators and third-party hosting platform providers to enforce concise, system-wide data protection policies based on a small trusted computing base (TCB), and to demonstrate their compliance to any party that trusts the Guardat layer. We present a design and prototype implementation of Guardat, show experimentally that the space and time overhead of making policy checks is low, and discuss applications and policies.