A Last-Level Defense for Application Integrity and Confidentiality
Publikation: Beitrag zu Konferenzen › Paper › Beigetragen › Begutachtung
Beitragende
Abstract
Our objective is to protect the integrity and confidentiality of ap-
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.
Details
| Originalsprache | Englisch |
|---|---|
| Seitenumfang | 10 |
| Publikationsstatus | Veröffentlicht - 2023 |
| Peer-Review-Status | Ja |
Konferenz
| Titel | 2023 IEEE/ACM 16th International Conference on Utility and Cloud Computing |
|---|---|
| Kurztitel | UCC 2023 |
| Veranstaltungsnummer | 16 |
| Dauer | 4 - 7 Dezember 2023 |
| Webseite | |
| Bekanntheitsgrad | Internationale Veranstaltung |
| Stadt | Taormina (Messina) |
| Land | Italien |
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis
Schlagwörter
- Computer systems organization, Cloud computing, Security and privacy, Distributed systems security, Intel SGX, Sybil Attack