Some emerging applications, such as Digital Rights Management (DRM), require programs to maintain sensitive state on untrusted hosts. In this talk I will present the architecture and implementation of a trusted database system, TDB, which leverages a small amount of trusted storage to protect a scalable amount of untrusted storage. The database is encrypted and validated against a collision-resistant hash, so untrusted programs cannot read the database or modify it undetectably. TDB integrates encryption and hashing with a low-level data model, which protects data and metadata uniformly, unlike systems built on top of a conventional database system. The implementation exploits synergies between hashing and log-structured storage. Performance results show that, despite providing additional functionality, TDB outperforms BerkeleyDB, a widely used, freely available embedded database system.