Strong confidentiality, integrity, user control, reliability and performance are critical requirements in privacy-sensitive applications. Such applications would benefit from a data storage and sharing infrastructure that provides these properties even in decentralized topologies with untrusted storage backends, but users today are forced to choose between systemic security properties and system reliability or performance. As an alternative to this status quo we present UPSS: the user-centric private sharing system, a cryptographic storage system that can be used as a conventional filesystem or as the foundation for security-sensitive applications such as redaction with integrity and private revision control. We demonstrate that both the security and performance properties of UPSS exceed that of existing cryptographic filesystems and that its performance is comparable to mature conventional filesystems - in some cases, even superior. Whether used directly via its Rust API or as a conventional filesystem, UPSS provides strong security and practical performance on untrusted storage.

翻译：强机密性、完整性、用户控制、可靠性和性能是隐私敏感应用中的关键需求。此类应用将受益于一种即便在具有不可信存储后端且去中心化的拓扑结构中也能提供这些特性的数据存储与共享基础设施，但当前用户被迫在系统性安全属性与系统可靠性或性能之间做出取舍。作为这一现状的替代方案，我们提出UPSS：以用户为中心的私有共享系统——一种加密存储系统，既可当作传统文件系统使用，也可作为安全敏感型应用（如具备完整性的内容修订及私有版本控制）的基础。我们证明，UPSS的安全与性能特性均优于现有加密文件系统，且其性能与成熟的传统文件系统相当——在某些情况下甚至更优。无论是通过其Rust API直接使用，还是作为传统文件系统使用，UPSS都能在不可信存储上提供强安全性与实用性能。