A Last-Level Defense for Application Integrity and Confidentiality
Publikation: Beitrag zu Konferenzen › Paper › Beigetragen › Begutachtung
Beitragende
Abstract
Our objective is to protect the integrity and confidentiality of ap-
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.
Details
Originalsprache | Englisch |
---|---|
Seitenumfang | 10 |
Publikationsstatus | Veröffentlicht - 4 Dez. 2023 |
Peer-Review-Status | Ja |
Konferenz
Titel | 2023 IEEE/ACM 16th International Conference on Utility and Cloud Computing |
---|---|
Kurztitel | UCC 2023 |
Veranstaltungsnummer | 16 |
Dauer | 4 - 7 Dezember 2023 |
Webseite | |
Bekanntheitsgrad | Internationale Veranstaltung |
Stadt | Taormina (Messina) |
Land | Italien |
Externe IDs
Scopus | 85191660102 |
---|
Schlagworte
Forschungsprofillinien der TU Dresden
DFG-Fachsystematik nach Fachkollegium
Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis
ASJC Scopus Sachgebiete
Schlagwörter
- Cloud computing, Computer systems organization, Distributed systems security, Intel SGX, Security and privacy, Sybil Attack, sybil attack, cloud computing