Replay and rollback attacks threaten cloud application integrity by reintroducing authentic yet stale data through an untrusted storage interface to compromise application decision-making. Prior security frameworks mitigate these attacks by enforcing forward-only state transitions (state continuity) with hardware-backed mechanisms, but they categorically treat all rollback as malicious and thus preclude legitimate rollbacks used for operational recovery from corruption or misconfiguration. We present Rebound, a general-purpose security framework that preserves rollback protection while enabling policy-authorized legitimate rollbacks of application binaries, configuration, and data. Key to Rebound is a reference monitor that mediates state transitions, enforces authorization policy, guarantees atomicity of state updates and rollbacks, and emits a tamper-evident log that provides transparency to applications and auditors. We formally prove Rebound's security properties and show through an application case study -- with software deployment workflows in GitLab CI -- that it enables robust control over binary, configuration, and raw data versioning with low end-to-end overhead.

翻译：重放与回滚攻击通过不可信的存储接口重新引入真实但过时的数据，从而威胁云应用完整性，破坏应用决策。先前的安全框架通过硬件支持的机制强制仅允许向前状态转换（状态连续性）来缓解此类攻击，但它们将所有回滚一概视为恶意行为，从而排除了用于从损坏或错误配置中进行操作恢复的合法回滚。我们提出了Rebound，一个通用安全框架，它在保持回滚防护的同时，支持策略授权的对应用程序二进制文件、配置和数据的合法回滚。Rebound的核心是一个引用监视器，它仲裁状态转换，执行授权策略，保证状态更新与回滚的原子性，并生成防篡改日志，为应用和审计者提供透明度。我们形式化证明了Rebound的安全属性，并通过一个应用案例研究——使用GitLab CI中的软件部署工作流——表明它能够以较低的端到端开销实现对二进制文件、配置和原始数据版本控制的鲁棒管理。