About Time: On the Challenges of Temporal Guarantees in Untrusted Environments

Abstract

Measuring the passage of time and taking actions based on such measurements is a common security-critical operation that developers often take for granted. When working with confidential computing, however, temporal guarantees become more challenging due to trusted execution environments residing in effectively untrusted environments, which can oftentimes influence expectations on time and progress. In this work, we identify and categorize five different levels of tracking the passage of time that an enclave may be able to mesure or receive from its environment. Focusing first on the popular Intel SGX architecture, we analyze what level of time is possible and how this is utilized in both academia and industry projects. We then broaden the scope to other popular trusted computing solutions and list common applications for each level of time, concluding that not every use case requires an accurate access to real-world time.