A Last-Level Defense for Application Integrity and Confidentiality

Publikation: Beitrag zu KonferenzenPaperBeigetragenBegutachtung

Beitragende

Abstract

Our objective is to protect the integrity and confidentiality of ap-
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.

Details

OriginalspracheEnglisch
Seitenumfang10
PublikationsstatusVeröffentlicht - 4 Dez. 2023
Peer-Review-StatusJa

Konferenz

Titel2023 IEEE/ACM 16th International Conference on Utility and Cloud Computing
KurztitelUCC 2023
Veranstaltungsnummer16
Dauer4 - 7 Dezember 2023
Webseite
BekanntheitsgradInternationale Veranstaltung
StadtTaormina (Messina)
LandItalien

Externe IDs

Scopus 85191660102

Schlagworte

Forschungsprofillinien der TU Dresden

DFG-Fachsystematik nach Fachkollegium

Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis

Schlagwörter

  • Cloud computing, Computer systems organization, Distributed systems security, Intel SGX, Security and privacy, Sybil Attack, sybil attack, cloud computing