Replica trusted execution environment: enabling seamless replication of trusted execution environment (tee)-based enclaves in the cloud

What is claimed is: 1 . A method for executing a trusted execution environment (TEE) based application in a cloud computing system, the method comprising: executing a proxied attestation procedure with a client to enable the client to attest that an enclave management layer (EML) application provided by the cloud computing system is correct and runs on a TEE-enabled platform; receiving, by the cloud computing system, application code corresponding to the TEE-based application; receiving, by the EML application, application parameters corresponding to the TEE-based application; writing, by the EML application to a secure storage layer, the application parameters corresponding to the TEE-based application; creating, by the cloud computing system, an enclave configured to execute the TEE-based application; attesting and provisioning, by the EML application, the enclave configured to execute the TEE-based application based on the application parameters; and executing, by the enclave configured to execute the TEE-based application, the TEE-based application. 2 . The method according to claim 1 , wherein the application parameters corresponding to the TEE-based application include an application secret key, an expected measurement value of the TEE-based application, and an application deployment policy. 3 . The method according to claim 2 , wherein the application secret key is secret from the cloud provider. 4 . The method according to claim 2 , wherein the expected measurement value is an integrity measurement value of an application binary of the TEE-based application. 5 . The method according to claim 2 , wherein the application deployment policy includes an upper bound for a number of enclaves configured to run the TEE-based application. 6 . The method according to claim 1 , the method further comprising assigning, by the EML application to the enclave configured to execute the TEE-based application, an enclave identifier. 7 . The method according to claim 6 , the method further comprising writing to the secure storage layer, enclave management parameters corresponding to the enclave configured to execute the TEE-based application. 8 . The method according to claim 7 , wherein the enclave management parameters include the enclave identifier, a shared secret key, and a current end-of-lease timestamp. 9 . The method according to claim 8 , wherein the shared secret key is established during the attesting, by the EML application, the enclave configured to execute the TEE-based application. 10 . The method according to claim 7 , the method further comprising managing, by the EML application, the enclave configured to execute the TEE-based application. 11 . The method according to claim 10 , wherein the managing the enclave configured to execute the TEE-based application comprises at least one of terminating, suspending, or resuming the enclave configured to execute the TEE-based application according to the enclave management parameters written to the secure storage layer. 12 . The method according to claim 5 , the method further comprising creating, by the cloud computing system, a second enclave configured to execute the TEE-based application. 13 . The method according to claim 12 , wherein the creating, by the cloud computing system, a second enclave configured to execute the TEE-based application comprises; fetching, by the EML from the secure storage layer, the application parameters corresponding to the TEE-based application; determining, by the EML by using the application parameters corresponding to the TEE-based application, that a number of running enclaves configured to execute the TEE-based application is below the upper bound for the number of enclaves configured to run the TEE-based application; and securely transferring, by the EML, the application secret key to the second enclave by way of a shared secret key. 14 . A non-transitory computer readable medium having stored thereon instructions for carrying out a method for executing a trusted execution environment (TEE) based application in a cloud computing system, the method comprising: executing a proxied attestation procedure with a client to enable the client to attest that an enclave management layer (EML) application provided by the cloud computing system runs on a TEE-enabled platform; receiving, by the cloud computing system, application code corresponding to the TEE-based application; receiving, by the EML application, application parameters corresponding to the TEE-based application; writing, by the EML application to a secure storage layer, the application parameters corresponding to the TEE-based application; creating, by the cloud computing system, an enclave configured to execute the TEE-based application; attesting, by the EML application, the enclave configured to execute the TEE-based application; and executing, by the enclave configured to execute the TEE-based application, the TEE-based application. 15 . A system for executing a trusted execution environment (TEE) based application in a cloud computing system, the system being configured to carry out the method of claim 1 and comprising: a processor readable memory including a secure storage layer; and one or more processors configured to: execute a proxied attestation procedure with a client to enable the client to attest that an enclave management layer (EML) application provided by the cloud computing system runs on a TEE-enabled platform; receive application code corresponding to the TEE-based application; receiving application parameters corresponding to the TEE-based application; writing, to the secure storage layer, the application parameters corresponding to the TEE-based application; create an enclave configured to execute the TEE-based application; attest the enclave configured to execute the TEE-based application; and execute the TEE-based application.