Accurately measuring time passing is critical for many applications. However, in Trusted Execution Environments (TEEs) such as Intel SGX, the time source is outside the Trusted Computing Base: a malicious host can manipulate the TEE's notion of time, jumping in time or affecting perceived time speed. Previous work (Triad) proposes protocols for TEEs to maintain a trustworthy time source by building a cluster of TEEs that collaborate with each other and with a remote Time Authority to maintain a continuous notion of passing time. However, such approaches still allow an attacker to control the operating system and arbitrarily manipulate their own TEE's perceived clock speed. An attacker can even propagate faster passage of time to honest machines participating in Triad's trusted time protocol, causing them to skip to timestamps arbitrarily far in the future. We propose TriHaRd, a TEE trusted time protocol achieving high resilience against clock speed and offset manipulations, notably through Byzantine-resilient clock updates and consistency checks. We empirically show that TriHaRd mitigates known attacks against Triad.

翻译：精确测量时间流逝对众多应用至关重要。然而，在诸如Intel SGX等可信执行环境（TEE）中，时间源位于可信计算基之外：恶意主机可操纵TEE的时间感知，实现时间跳变或影响感知时间流速。先前工作（Triad）提出了TEE维护可信时间源的协议，通过构建TEE集群，使TEE节点相互协作并与远程时间权威机构协同维持连续的时间流逝感知。但此类方案仍允许攻击者控制操作系统并任意操纵其自身TEE的感知时钟速率。攻击者甚至可将加速的时间流逝传播至参与Triad可信时间协议的诚实节点，导致其跳转至任意遥远的未来时间戳。本文提出TriHaRd协议，这是一种具备高弹性的TEE可信时间协议，通过拜占庭容错的时钟更新与一致性检查机制，显著抵御时钟速率与偏移量操纵攻击。实验表明，TriHaRd能有效缓解针对Triad的已知攻击。