Personal data such as medical, tax, financial, employment or customer
records are routinely stored and processed in distributed systems
operated by (multiple) third parties. Ensuring compliance with data
retention and privacy laws and policies, and reliably accounting for
all data use is a challenging technical problem in these systems. In
this paper, we show how trusted storage, a recently proposed
technology that packages a trusted interpreter for a simple
declarative policy language with a storage enclosure, can be used to
enforce rich policies for data replication, dissemination, and
mandatory access logging. The guarantees provided by Thoth rely on a
small trusted computing base and do not constrain providers'
flexibility in replicating and migrating data as required for
availability and to meet other operational needs.