CFT replication protocol

Principles and practice of TEE replication (and beyond)

Prof.Rodrigo Rodrigues, Instituto Superior Tecnico (ULisboa)

Jan 23, 12:00 - 13:00

B9 L2 R2322 H1

TEE replication TEEMS CFT replication protocol

Trusted Execution Environments (TEEs) ensure the confidentiality and integrity of computations in hardware. Subject to the TEE's threat model, the hardware shields a computation from most externally induced fault behavior except crashes. As a result, a crash-fault tolerant (CFT) replication protocol should be sufficient when replicating trusted code inside TEEs. However, TEEs do not provide efficient and general means of ensuring the freshness of the external, persistent state. Therefore, CFT replication is insufficient for TEE computations with an external state, as this state could be rolled back to an earlier version when a TEE restarts. Furthermore, using BFT protocols in this setting is too conservative, because these protocols are designed to tolerate arbitrary behavior, not just rollback during a restart.