AGORA: Open More and Trust Less in Binary Verification Service

Hongbo Chen, Quan Zhou, Sen Yang, Xing Han, Fan Zhang, Danfeng Zhang, Xiaofeng Wang

ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2025)

arXiv ACM DL

TL;DR by AI

AGORA enables open and trustworthy binary verification by delegating tasks and using TEEs with blockchain for auditability.

Abstract

Binary verification plays a pivotal role in software security, yet building a verification service that is both open and trustworthy poses a formidable challenge. In this paper, we introduce a novel binary verification service, AGORA, scrupulously designed to overcome the challenge. At the heart of this approach lies a strategic insight: certain tasks can be delegated to untrusted entities, while the corresponding validators are securely housed within the trusted computing base (TCB). AGORA can validate untrusted assertions generated for versatile policies. Through a novel blockchain-based bounty task manager, it also utilizes crowdsourcing to remove trust in theorem provers. These synergistic techniques successfully ameliorate the TCB size burden associated with two procedures: binary analysis and theorem proving. The design of AGORA allows untrusted parties to participate in these complex processes. Moreover, based on running the optimized TCB within trusted execution environments and recording the verification process on a blockchain, the public can audit the correctness of verification results. By implementing verification workflows for software-based fault isolation policy and side-channel mitigation, our evaluation demonstrates the efficacy of AGORA.

BibLaTeX

@article{10.1145/3763099,
    author = {Chen, Hongbo and Zhou, Quan and Yang, Sen and Dang, Sixuan and Han, Xing and Zhang, Danfeng and Zhang, Fan and Wang, XiaoFeng},
    title = {Agora: Trust Less and Open More in Verification for Confidential Computing},
    year = {2025},
    issue_date = {October 2025},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    volume = {9},
    number = {OOPSLA2},
    url = {https://doi-org.yale.idm.oclc.org/10.1145/3763099},
    doi = {10.1145/3763099},
    journal = {Proc. ACM Program. Lang.},
    month = oct,
    articleno = {321},
    numpages = {28},
    keywords = {Program verification, confidential computing, smart contract, static analysis, trusted computing base}
}