This paper presents the design, implementation, and

evaluation of Pasture, a secure messaging and logging

library that enables secure offline data access on untrusted

user devices by leveraging commodity trusted

hardware. Pasture does not trust the application, OS, or

hypervisor and even admits hardware snooping attacks,

while providing two important safety properties: accessundeniability

(a user cannot deny any offline data access

obtained by his device without failing an audit) and

verifiable-revocation (a user who generates a verifiable

proof of revocation of unaccessed data can never access

that data in the future).

For practical viability, Pasture moves costly trusted

hardware operations from common data access actions

to uncommon recovery and checkpoint actions. We used

Pasture to augment three applications with secure data

offline access to provide high availability, rich functionality,

and improved consistency. Our evaluation suggests

that Pasture overheads are acceptable for these applications.

In  To Appear in the 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI '12)

Publisher  USENIX

Details