pith. sign in

arxiv: 2603.00178 · v3 · pith:XV7CDBY5new · submitted 2026-02-26 · 💻 cs.CR · cs.AR· cs.OS

A TEE-Based Architecture for Confidential and Dependable Process Attestation in Authorship Verification

David Condrey This is my paper

Pith reviewed 2026-05-15 18:28 UTC · model grok-4.3

classification 💻 cs.CR cs.ARcs.OS
keywords trusted execution environmentprocess attestationauthorship verificationtamper resistancedependability modelevidence chainIntel SGX
0
0 comments X

The pith

A TEE architecture collects continuous process attestation evidence with hardware tamper resistance against adversarial platform owners.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes an architecture for collecting evidence that a continuous physical process such as authorship actually occurred, using Trusted Execution Environments to ensure the collection remains reliable even if the attesting party controls the platform. It introduces graduated assurance levels for input data and a Markov-chain model to measure the dependability of the evidence chain in terms of availability and recovery times. This approach addresses the challenge of maintaining tamper resistance in scenarios where standard software checks could be compromised by the user themselves.

Core claim

We present the first architecture for continuous process attestation evidence collection inside TEEs, providing hardware-backed tamper resistance against trust-inverted adversaries with graduated input assurance from software-channel integrity (Tier 1) through hardware-bound input (Tier 3). A resilient evidence chain protocol maintains chain integrity across TEE crashes, network partitions, and enclave migration. A Markov-chain dependability model quantifies Evidence Chain Availability, Mean Time Between Evidence Gaps, and Recovery Time Objectives, with evaluation showing low overhead and high availability on Intel SGX.

What carries the argument

The resilient evidence chain protocol, which maintains integrity across crashes and migrations while providing graduated input assurance tiers.

If this is right

  • Evidence Chain Availability exceeds 99.5 percent under Poisson failure models in Monte Carlo simulations.
  • Per-checkpoint CPU overhead remains under 25 percent, equating to less than 0.3 percent over 30-second intervals.
  • Recovery from sealed state occurs in under 200 milliseconds.
  • Formal security bounds apply under combined threat models of trust inversion and TEE side channels.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • This method could support verification in distributed systems where participants may not fully trust the local hardware.
  • Extensions to other continuous monitoring tasks, such as sensor streams, become feasible with similar isolation.
  • Empirical validation of side-channel bounds would strengthen the practical deployment of such systems.

Load-bearing premise

The security guarantees depend on a conjectural bound on side-channel leakage that requires empirical validation.

What would settle it

Observing side-channel leakage in a deployed TEE that exceeds the conjectural bound esc would invalidate the formal security analysis.

Figures

Figures reproduced from arXiv: 2603.00178 by David Condrey.

Figure 1
Figure 1. Figure 1: TEE-based process attestation architecture. The evidence collection pipeline (SWF engine, CDCE generator) runs inside the TEE enclave. The author and writing application are adversary-controlled. Sealed storage enables crash recovery. Evidence flows to the Verifier via RA-TLS [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: CTMC for evidence collection availability. Evidence is produced only in SA; SD buffers locally during partitions [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Evidence Chain Availability vs. crash rate for sealed recovery and cold-restart￾only configurations. Simulation over 10,000 hours with network partition rate λp = 10−2 /h. Sealed recovery maintains ECA ¿99.5% for crash rates up to 10−2 /h. Results. Simulated ECA: 99.95% with sealed recovery (λc = 10−3/h), matching Theorem 2 to within 0.01%; 99.72% without (cold restart only) [PITH_FULL_IMAGE:figures/full_… view at source ↗
read the original abstract

Process attestation systems verify that a continuous physical process, such as human authorship, actually occurred, rather than merely checking system state. These systems face a fundamental dependability challenge: the evidence collection infrastructure must remain available and tamper-resistant even when the attesting party controls the platform. Trusted Execution Environments (TEEs) provide hardware-enforced isolation that can address this challenge, but their integration with continuous process attestation introduces novel resilience requirements not addressed by existing frameworks. We present the first architecture for continuous process attestation evidence collection inside TEEs, providing hardware-backed tamper resistance against trust-inverted adversaries with graduated input assurance from software-channel integrity (Tier 1) through hardware-bound input (Tier 3). We develop a Markov-chain dependability model quantifying Evidence Chain Availability (ECA), Mean Time Between Evidence Gaps (MTBEG), and Recovery Time Objectives (RTO). We introduce a resilient evidence chain protocol maintaining chain integrity across TEE crashes, network partitions, and enclave migration. Our security analysis derives formal bounds under combined threat models including trust inversion and TEE side channels, parameterized by a conjectural side-channel leakage bound esc that requires empirical validation. Evaluation on Intel SGX demonstrates under 25% per-checkpoint CPU overhead (<0.3% of the 30 s checkpoint interval), >99.5% Evidence Chain Availability (ECA) (the fraction of session time with active evidence collection) in Monte Carlo simulation under Poisson failure models, and sealed-state recovery under 200 ms.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper proposes the first TEE-based architecture for continuous process attestation evidence collection in authorship verification. It provides hardware-backed tamper resistance against trust-inverted adversaries via graduated input assurance tiers (software-channel to hardware-bound). A Markov-chain dependability model quantifies Evidence Chain Availability (ECA), Mean Time Between Evidence Gaps (MTBEG), and Recovery Time Objectives (RTO). A resilient evidence chain protocol handles TEE crashes, partitions, and migration. Security analysis derives formal bounds under combined threat models (trust inversion + TEE side channels) parameterized by conjectural leakage esc. SGX evaluation reports <25% CPU overhead per checkpoint, >99.5% ECA in Monte Carlo simulation under Poisson failures, and <200 ms recovery.

Significance. If the central claims hold after addressing the esc parameterization, the work would advance confidential computing by integrating TEE isolation with continuous attestation for dependability against strong adversaries. The Markov model and protocol offer quantifiable metrics and resilience properties not addressed in prior TEE frameworks. Simulation results under standard failure models provide practical evidence of low overhead and high availability, strengthening applicability to authorship verification scenarios.

major comments (2)
  1. [Security analysis] Security analysis (abstract and § on formal bounds): The tamper-resistance claims rest on formal bounds under trust inversion and side-channel threats that are explicitly parameterized by the conjectural esc leakage quantity. No empirical upper bound, measurement, or sensitivity analysis of esc is provided in the evaluation, which reports only CPU overhead, ECA, and recovery latency. This leaves the security statements conditional rather than unconditional.
  2. [Evaluation] Evaluation and dependability model: The Monte Carlo results claim >99.5% ECA and <200 ms RTO under Poisson models, but the manuscript provides no detailed derivations, parameter fitting, or full data for the Markov chain. Without these, it is not possible to verify how the model parameters were obtained or whether they support the cross-scenario claims.
minor comments (2)
  1. [Abstract] The abstract asserts this is the 'first architecture' for continuous process attestation inside TEEs; a short related-work paragraph contrasting with existing TEE attestation schemes would clarify the precise novelty.
  2. [Security analysis] Notation for esc is introduced without an explicit definition or range in the provided text; adding a table or equation defining its units and assumed bounds would improve clarity.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback and for recognizing the novelty of the TEE-based continuous attestation architecture. We address each major comment below and will revise the manuscript to strengthen the security analysis and evaluation transparency.

read point-by-point responses

  1. Referee: [Security analysis] Security analysis (abstract and § on formal bounds): The tamper-resistance claims rest on formal bounds under trust inversion and side-channel threats that are explicitly parameterized by the conjectural esc leakage quantity. No empirical upper bound, measurement, or sensitivity analysis of esc is provided in the evaluation, which reports only CPU overhead, ECA, and recovery latency. This leaves the security statements conditional rather than unconditional.

    Authors: We agree that the security claims are conditional on the conjectural parameter esc, as already noted in the manuscript. In the revised version we will add a dedicated sensitivity analysis subsection that varies esc over a plausible range (0 to 0.05) and reports the resulting changes to the formal bounds on evidence integrity. This will quantify how the tamper-resistance guarantees degrade with increasing leakage and will make the conditional nature of the claims explicit with supporting figures. revision: yes

  2. Referee: [Evaluation] Evaluation and dependability model: The Monte Carlo results claim >99.5% ECA and <200 ms RTO under Poisson models, but the manuscript provides no detailed derivations, parameter fitting, or full data for the Markov chain. Without these, it is not possible to verify how the model parameters were obtained or whether they support the cross-scenario claims.

    Authors: We will expand the evaluation section and add an appendix containing the full Markov-chain transition matrix, the derivation of state probabilities from the Poisson failure rates, the exact parameter values used in the Monte Carlo runs, and the simulation configuration. These additions will allow independent verification of the ECA, MTBEG, and RTO results across the reported scenarios. revision: yes

Circularity Check

0 steps flagged

Derivation chain is self-contained with no circular reductions

full rationale

The paper derives its Markov-chain dependability model for ECA, MTBEG, and RTO from standard dependability techniques applied to TEE isolation and crash-recovery properties, without defining any quantity in terms of its own outputs. The resilient evidence chain protocol is constructed from TEE primitives (sealing, migration) and does not reduce to fitted parameters or self-referential definitions. Security bounds are explicitly parameterized by the external conjectural esc (requiring separate empirical validation) rather than derived from the paper's measurements. Evaluation metrics (CPU overhead, ECA under Poisson models, recovery latency) are reported as independent observations and do not close any loop back into the model equations or protocol definitions. No self-citation load-bearing steps or ansatz smuggling appear in the load-bearing claims.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 0 invented entities

The architecture rests on standard TEE isolation properties as a domain assumption and introduces a conjectural leakage parameter esc without independent empirical support or falsifiable handle outside the paper.

free parameters (1)
  • esc
    Conjectural side-channel leakage bound used to parameterize formal security bounds in the analysis.
axioms (1)
  • domain assumption Trusted Execution Environments provide hardware-enforced isolation that remains available and tamper-resistant against trust-inverted adversaries
    Invoked as the foundation for tamper resistance and evidence collection in the architecture description.

pith-pipeline@v0.9.0 · 5566 in / 1370 out tokens · 46390 ms · 2026-05-15T18:28:04.380216+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.