Our objective is to protect the integrity and confidentiality of applications operating in untrusted environments. Trusted Execution Environments (TEEs) are not a panacea. Hardware TEEs fail to protect applications against Sybil, Fork and Rollback Attacks and, consequently, fail to preserve the consistency and integrity of applications. We introduce a novel system, LLD, that enforces the integrity and consistency of applications in a transparent and scalable fashion. Our solution augments TEEs with instantiation control and rollback protection. Instantiation control, enforced with TEE-supported leases, mitigates Sybil/Fork Attacks without incurring the high costs of solving crypto-puzzles. Our rollback detection mechanism does not need excessive replication, nor does it sacrifice durability. We show that implementing these functionalities in the LLD runtime automatically protects applications and services such as a popular DBMS.

翻译：我们的目标是保护在不可信环境中运行的应用程序的完整性与机密性。可信执行环境（TEEs）并非万能良药。硬件TEE无法保护应用程序免受女巫攻击、分支攻击和回滚攻击，因此无法维护应用程序的一致性与完整性。我们提出了一种新型系统LLD，能够以透明且可扩展的方式强制执行应用程序的完整性与一致性。该方案通过实例化控制与回滚保护增强了TEE的功能。基于TEE支持的租赁机制实现的实例化控制，可在不承担解决密码谜题高昂成本的情况下缓解女巫攻击/分支攻击。我们的回滚检测机制既无需过度复制，也不牺牲持久性。实验表明，在LLD运行时中实现这些功能，能够自动保护包括流行数据库管理系统在内的应用程序与服务。