In cloud computing, untrusted storage interfaces are vulnerable to rollback and replay attacks, compromising the integrity of confidential application decisions. Existing hardware-enforced state continuity mechanisms treat all rollbacks as malicious, thus precluding legitimate rollbacks required for fault recovery. This paper introduces Rebound, the first framework enabling fine-grained differentiation between malicious and legitimate rollbacks in confidential cloud environments. Rebound features a policy-authorized reference monitor—hardware-protected via trusted execution—supporting atomic state updates, controlled rollback, and tamper-evident audit logging. Leveraging formal verification, policy-driven access control, and end-to-end logging, we evaluate Rebound in GitLab CI, demonstrating efficient and secure version management for binaries, configurations, and data. The system incurs low overhead while providing strong security guarantees against unauthorized or inconsistent state transitions.

Replay and rollback attacks threaten cloud application integrity by reintroducing authentic yet stale data through an untrusted storage interface to compromise application decision-making. Prior security frameworks mitigate these attacks by enforcing forward-only state transitions (state continuity) with hardware-backed mechanisms, but they categorically treat all rollback as malicious and thus preclude legitimate rollbacks used for operational recovery from corruption or misconfiguration. We present Rebound, a general-purpose security framework that preserves rollback protection while enabling policy-authorized legitimate rollbacks of application binaries, configuration, and data. Key to Rebound is a reference monitor that mediates state transitions, enforces authorization policy, guarantees atomicity of state updates and rollbacks, and emits a tamper-evident log that provides transparency to applications and auditors. We formally prove Rebound's security properties and show through an application case study -- with software deployment workflows in GitLab CI -- that it enables robust control over binary, configuration, and raw data versioning with low end-to-end overhead.