RR: A Fault Model for Efficient TEE Replication

—Trusted Execution Environments (TEEs) ensure the confidentiality and integrity of computations in hardware. Subject to the TEE’s threat model, the hardware shields a computation from most externally induced fault behavior except crashes. As a result, a crash-fault tolerant (CFT) replication protocol should be sufficient when replicating trusted code inside TEEs. However, TEEs do not provide efficient and general means of ensuring the freshness of external, persistent state. Therefore, CFT replication is insufficient for TEE computations with external state, as this state could be rolled back to an earlier version when a TEE restarts. Furthermore, using BFT protocols in this setting is too conservative, because these protocols are designed to tolerate arbitrary behavior, not just rollback during a restart. In this paper, we propose the restart-rollback (RR) fault model for replicating TEEs, which precisely captures the possible fault behaviors of TEEs with external state. Then, we show that existing replication protocols can be easily adapted to this fault model with few changes, while retaining their original performance. We adapted two widely used crash fault tolerant protocols — the ABD [6] read/write register protocol and the Paxos [34] consensus protocol — to the RR model. Furthermore, we leverage these protocols to build a replicated metadata service called TEEMS , and then show that it can be used to add TEE-grade confidentiality, integrity, and freshness to untrusted cloud storage services. Our evaluation shows that our protocols perform significantly better than their BFT counterparts (between 1 . 25 and 55 × better throughput), while performing identically to the CFT versions, which do not protect against rollback attacks.

• Publication year

  2023

• Venue

  Network and Distributed System Security Symposium

• Publication date

  Unknown publication date

• Fields of study

  Computer Science

• Identifiers
  DOI 10.14722/ndss.2023.24001
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Avocado: A Secure In-Memory Distributed Storage System

  2021cited by this paper
• Gryff: Unifying Consensus and Shared Registers

  2020cited by this paper
• Robust P2P Primitives Using SGX Enclaves

  2020cited by this paper
• Asymmetric distributed trust

  2019cited by this paper
• Transforming Byzantine Faults using a Trusted Execution Environment

  2019cited by this paper
• Rollback and Forking Detection for Trusted Execution Environments Using Lightweight Collective Memory

  2017cited by this paper
• ROTE: Rollback Protection for Trusted Execution

  2017influential reference
• Teechain: a secure payment network with asynchronous blockchain access

  2017influential reference
• Ariadne: A Minimal Approach to State Continuity

  2016influential reference
• Intel SGX Explained

  2016cited by this paper
• Flexible Paxos: Quorum Intersection Revisited

  2016cited by this paper
• Paxos Made Moderately Complex

  2015cited by this paper
• Mobile secure data protection using eMMC RPMB partition

  2015cited by this paper
• Don't trust the cloud, verify: integrity and consistency for cloud object stores

  2015cited by this paper
• Separating the WHEAT from the Chaff: An Empirical Design for Geo-Replicated State Machines

  2015cited by this paper
• Shielding Applications from an Untrusted Cloud with Haven

  2014cited by this paper
• ICE: a passive, high-speed, state-continuity scheme

  2014cited by this paper
• Verifying the Consistency of Remote Untrusted Services with Commutative Operations

  2013cited by this paper
• SPORC: Group Collaboration using Untrusted Cloud Resources

  2010cited by this paper
• Venus: verification for untrusted cloud storage

  2010cited by this paper
• Benchmarking cloud serving systems with YCSB

  2010cited by this paper
• Upright cluster services

  2009cited by this paper
• Fail-Aware Untrusted Storage

  2009cited by this paper
• TrInc: Small Trusted Hardware for Large Distributed Systems

  2009cited by this paper
• Paxos for System Builders: an overview

  2008influential reference
• Attested append-only memory: making adversaries stick to their word

  2007cited by this paper
• Refined quorum systems

  2007cited by this paper
• Paxos made live: an engineering perspective

  2007cited by this paper
• A framework for dynamic Byzantine storage

  2004cited by this paper
• Reliable broadcast in a computational hybrid model with Byzantine faults, crashes, and recoveries

  2003cited by this paper
• Efficient Byzantine-resilient reliable multicast on a hybrid failure model

  2002cited by this paper
• Building secure file systems out of byzantine storage

  2002cited by this paper
• Paxos Made Simple

  2001cited by this paper
• Practical Byzantine fault tolerance

  1999cited by this paper
• The part-time parliament

  1998cited by this paper
• Byzantine quorum systems

  1997cited by this paper
• Distributed Algorithms

  1992influential reference
• Consensus With Dual Failure Modes

  1991cited by this paper
• The grid protocol: a high performance scheme for maintaining replicated data

  1990cited by this paper
• Linearizability: a correctness condition for concurrent objects

  1990cited by this paper
• Sharing memory robustly in message-passing systems

  1990cited by this paper
• Weighted voting for replicated data

  1979cited by this paper
• 2011 IEEE Symposium on Security and Privacy Memoir: Practical State Continuity for Protected Modules

  year unknowncited by this paper
• Network Emulation with NetEm

  year unknowncited by this paper

• Proteus: Append-Only Ledgers for (Mostly) Trusted Execution Environments

  2026cites this paper
• Rollbaccine : Herd Immunity against Storage Rollback Attacks in TEEs [Technical Report]

  2025cites this paper
• TEE is not a Healer: Rollback-Resistant Reliable Storage

  2025cites this paper
• Confidential VMs Explained: An Empirical Analysis of AMD SEV-SNP and Intel TDX

  2025cites this paper
• TEE-Assisted Recovery and Upgrades for Long-Running BFT Services

  2025cites this paper
• Towards seL4 for Enhanced System Isolation and Security on Embedded Devices

  2025cites this paper
• TriHaRd: Higher Resilience for TEE Trusted Time

  2025cites this paper
• AGATE: Augmented Global Attested Trusted Execution in the Universal Composability Framework

  2025cites this paper
• Formally Verifying a Rollback-Prevention Protocol for TEEs

  2024cites this paper
• Secret Key Recovery in a Global-Scale End-to-End Encryption System

  2024cites this paper
• SoK: Opportunities for Accelerating Multi - Party Computation via Trusted Hardware

  2024cites this paper
• Nimble: Rollback Protection for Confidential Cloud Services (extended version)

  2023influential citation
• This paper is included in the Proceedings of the 17th USENIX Symposium on Operating Systems Design and Implementation.

  year unknowncites this paper