Recent advances in secure hardware technologies, such as Intel SGX or ARM TrustZone, offer an opportunity to substantially reduce the costs of Byzantine fault-tolerance by placing the program code and state within a secure enclave known as a Trusted Execution Environment (TEE). However, the protection offered by a TEE only applies during program execution. Once power is switched off, the non-volatile portion of the program state becomes vulnerable to rollback attacks wherein it is undetectably reverted to an older version. In this paper we consider the problem of implementing reliable read/write registers out of failure-prone replicas subject to state rollbacks. To this end, we introduce a new unified model that captures multiple failure types that can affect a TEE-based system and establish tight bounds on the fault-tolerance of register constructions in this model. We consider both the static case, where failure thresholds hold throughout the entire execution, and the dynamic case, where any number of replicas can roll back, provided these failures do not occur too often. Our dynamic register emulation algorithm, TEE-Rex, provides the first correct implementation of a distributed state recovery procedure that requires neither durable storage nor specialized hardware, such as trusted monotonic counters.

翻译：近年来，诸如英特尔SGX或ARM TrustZone等安全硬件技术的进步，通过将程序代码与状态置于名为可信执行环境的安全飞地中，为显著降低拜占庭容错的成本提供了契机。然而，TEE提供的保护仅适用于程序执行期间。一旦断电，程序状态中非易失部分将易受回滚攻击，即被不可察觉地恢复到旧版本。本文探讨在易发生状态回滚的故障副本上实现可靠读写寄存器的问题。为此，我们引入一种新型统一模型，该模型刻画了可能影响基于TEE系统的多种故障类型，并建立了该模型下寄存器构造的容错性紧界。我们同时考虑静态情形（故障阈值在整个执行期间保持恒定）与动态情形（任意数量的副本可回滚，前提是此类故障发生频率不频繁）。我们的动态寄存器模拟算法TEE-Rex首次实现了分布式状态恢复过程的正确方案，该方案既不需要持久化存储，也不依赖可信单调计数器等专用硬件。