A Last-Level Defense for Application Integrity and Confidentiality
Research output: Contribution to conferences › Paper › Contributed › peer-review
Contributors
Abstract
Our objective is to protect the integrity and confidentiality of ap-
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.
plications operating in untrusted environments. Trusted Execution
Environments (TEEs) are not a panacea. Hardware TEEs fail to
protect applications against Sybil, Fork and Rollback Attacks and,
consequently, fail to preserve the consistency and integrity of ap-
plications. We introduce a novel system, LLD, that enforces the
integrity and consistency of applications in a transparent and scal-
able fashion. Our solution augments TEEs with instantiation control
and rollback protection. Instantiation control, enforced with TEE-
supported leases, mitigates Sybil/Fork Attacks without incurring
the high costs of solving crypto-puzzles. Our rollback detection
mechanism does not need excessive replication, nor does it sacrifice
durability. We show that implementing these functionalities in the
LLD runtime automatically protects applications and services such
as a popular DBMS.
Details
| Original language | English |
|---|---|
| Number of pages | 10 |
| Publication status | Published - 4 Dec 2023 |
| Peer-reviewed | Yes |
Conference
| Title | 2023 IEEE/ACM 16th International Conference on Utility and Cloud Computing |
|---|---|
| Abbreviated title | UCC 2023 |
| Conference number | 16 |
| Duration | 4 - 7 December 2023 |
| Website | |
| Degree of recognition | International event |
| City | Taormina (Messina) |
| Country | Italy |
External IDs
| Scopus | 85191660102 |
|---|
Keywords
Research priority areas of TU Dresden
DFG Classification of Subject Areas according to Review Boards
Subject groups, research areas, subject areas according to Destatis
ASJC Scopus subject areas
Keywords
- Cloud computing, Computer systems organization, Distributed systems security, Intel SGX, Security and privacy, Sybil Attack, sybil attack, cloud computing