Persisting Mutable Storage Inside The "T"EE

The exploration of Trusted Execution Environments (TEEs) reveals a critical vulnerability in their design, particularly concerning persistent mutable storage. It underscores the illusion of security and trustworthiness that hardware manufacturers and cloud service providers promote, highlighting the susceptibility of TEEs to rollback attacks where an adversary can restore old states, posing serious threats especially to Bitcoin applications. The crux of this issue lies in the absence of internal persistent mutable storage within TEEs, necessitating reliance on external storage solutions which must be safeguarded against such attacks.

Addressing this, a novel approach is proposed to synthesize auditable, persistent mutable storage using multiple TEEs, thereby circumventing the limitations of traditional persistent storage methods. This method capitalizes on the ephemeral nature of TEE RAM, transforming it into a resilient array through strategic distribution and erasure coding, ensuring data recovery despite potential failures. Notably, this strategy employs the inherent encryption capabilities of TEEs to secure data both at rest and in transit, thereby leveraging existing TEE functionalities to reinforce data integrity and confidentiality.

The discussion advances into the technicalities of implementing such a storage solution, delving into terminologies and operational specifics. It redefines conventional storage device terminology, adapting it to fit the context of cryptocurrency applications and networked TEEs. The intricacies of sector sizes and the challenges of aligning them with Transmission Control Protocol (TCP) standards are examined, suggesting an optimal sector size that balances efficiency with cryptographic requirements.

Furthermore, the proposal introduces a refined disk interface to mitigate the RAID5 write hole phenomenon. Through provisional write commands and a rigorous commit/rollback protocol, it ensures consistency and integrity across the array, even in the event of partial updates or system crashes. This solution not only addresses the atomicity of write operations but also enhances the reliability of the storage array under adverse conditions.

An innovative adoption of XOR-based erasure coding presents a performance-optimized solution for parity calculation and erasure recovery, extending support beyond traditional two-parity schemes. By leveraging an unpatented approach grounded in Reed Solomon codes and Galois Field mathematics, it achieves notable efficiency gains. This aspect is crucial for the robustness of the storage solution, enabling it to withstand multiple simultaneous TEE failures without data loss.

The auditability of such a storage configuration is underscored as a key advantage. The simplicity of the storage TEE programs facilitates thorough scrutiny, ensuring that they adhere strictly to operational protocols without unauthorized rollbacks. This audit process is integral to verifying the integrity and proper functioning of the entire storage array, bolstering confidence in its capability to securely manage and store sensitive information.

In conclusion, by innovatively repurposing TEEs for persistent storage and addressing the inherent vulnerabilities with a multi-faceted strategy, this proposal sets forth a compelling solution to enhance data security and resilience in TEE-based systems. Through meticulous design and adherence to stringent operational protocols, it offers a viable pathway to mitigating rollback attacks and fortifying the trustworthiness of TEE applications, particularly within the realm of cryptocurrency transactions.