Web3 applications require execution platforms that maintain confidentiality and integrity without relying on centralized trust authorities. While Trusted Execution Environments (TEEs) offer promising capabilities for confidential computing, current implementations face significant limitations when applied to Web3 contexts, particularly in security reliability, censorship resistance, and vendor independence. This paper presents dstack, a comprehensive framework that transforms raw TEE technology into a true Zero Trust platform. We introduce three key innovations: (1) Portable Confidential Containers that enable seamless workload migration across heterogeneous TEE environments while maintaining security guarantees, (2) Decentralized Code Management that leverages smart contracts for transparent governance of TEE applications, and (3) Verifiable Domain Management that ensures secure and verifiable application identity without centralized authorities. These innovations are implemented through three core components: dstack-OS, dstack-KMS, and dstack-Gateway. Together, they demonstrate how to achieve both the performance advantages of VM-level TEE solutions and the trustless guarantees required by Web3 applications. Our evaluation shows that dstack provides comprehensive security guarantees while maintaining practical usability for real-world applications.

翻译：Web3应用需要能够在无需依赖中心化信任机构的情况下，维持机密性与完整性的执行平台。虽然可信执行环境（TEE）为机密计算提供了有前景的能力，但当前的实现在应用于Web3场景时面临显著限制，尤其是在安全可靠性、抗审查性和供应商独立性方面。本文提出了dstack，一个将原始TEE技术转化为真正零信任平台的综合框架。我们引入了三项关键创新：(1) 可移植机密容器，能够在异构TEE环境中实现无缝的工作负载迁移，同时保持安全保证；(2) 去中心化代码管理，利用智能合约实现对TEE应用的透明治理；(3) 可验证域管理，确保无需中心化机构即可实现安全且可验证的应用身份。这些创新通过三个核心组件实现：dstack-OS、dstack-KMS和dstack-Gateway。它们共同展示了如何同时实现虚拟机级TEE解决方案的性能优势和Web3应用所需的无信任保证。我们的评估表明，dstack在保持实际应用可用性的同时，提供了全面的安全保证。