We aim to provide trusted time measurement mechanisms to applications and cloud infrastructure deployed in environments that could harbor potential adversaries, including the hardware infrastructure provider. Despite Trusted Execution Environments (TEEs) providing multiple security functionalities, timestamps from the Operating System are not covered. Nevertheless, some services require time for validating permissions or ordering events. To address that need, we introduce Triad, a trusted timestamp dispatcher of time readings. The solution provides trusted timestamps enforced by mutually supportive enclave-based clock servers that create a continuous trusted timeline. We leverage enclave properties such as forced exits and CPU-based counters to mitigate attacks on the server's timestamp counters. Triad produces trusted, confidential, monotonically-increasing timestamps with bounded error and desirable, non-trivial properties. Our implementation relies on Intel SGX and SCONE, allowing transparent usage. We evaluate Triad's error and behavior in multiple dimensions.

翻译：我们致力于为部署在可能存在潜在敌手（包括硬件基础设施提供商）的环境中的应用程序和云基础设施提供可信的时间测量机制。尽管可信执行环境（TEE）提供了多种安全功能，但操作系统生成的时间戳并未被涵盖。然而，某些服务需要时间戳来验证权限或对事件排序。为满足这一需求，我们提出Triad——一种可信的时间读数分发器。该方案通过相互支持的基于安全区（enclave）的时钟服务器生成持续可信时间线，从而提供强制的可信时间戳。我们利用安全区的强制退出机制及基于CPU的计数器等特性，抵御对服务器时间戳计数器的攻击。Triad可生成具有有界误差及理想非平凡属性的可信、机密且单调递增的时间戳。我们的实现基于Intel SGX与SCONE，支持透明使用，并从多个维度评估了Triad的误差与行为表现。