Agora: Trust Less and Open More in Verification for Confidential Computing

TL;DR

AGORA is a novel binary verification service that leverages untrusted entities, blockchain, and trusted execution environments to enhance trustworthiness, transparency, and scalability in software security verification.

Contribution

It introduces a blockchain-based bounty system and a TCB size reduction technique, enabling open, trustworthy, and scalable binary verification with crowdsourcing and secure enclaves.

Findings

Effective validation of untrusted assertions for diverse policies.

Reduced TCB size for binary analysis and theorem proving.

Successful implementation for fault isolation and side-channel mitigation.

Abstract

Binary verification plays a pivotal role in software security, yet building a verification service that is both open and trustworthy poses a formidable challenge. In this paper, we introduce a novel binary verification service, AGORA, scrupulously designed to overcome the challenge. At the heart of this approach lies a strategic insight: certain tasks can be delegated to untrusted entities, while the corresponding validators are securely housed within the trusted computing base (TCB). AGORA can validate untrusted assertions generated for versatile policies. Through a novel blockchain-based bounty task manager, it also utilizes crowdsourcing to remove trust in theorem provers. These synergistic techniques successfully ameliorate the TCB size burden associated with two procedures: binary analysis and theorem proving. The design of AGORA allows untrusted parties to participate in these complex processes. Moreover, based on running the optimized TCB within trusted execution environments and recording the verification process on a blockchain, the public can audit the correctness of verification results. By implementing verification workflows for software-based fault isolation policy and side-channel mitigation, our evaluation demonstrates the efficacy of AGORA.