pith. sign in

arxiv: 2605.09297 · v1 · submitted 2026-05-10 · 💻 cs.CR · cs.DC

Enforcing Attestable Workflows across Untrusted Networks

Hung Dang , Tue Nguyen This is my paper

Pith reviewed 2026-05-12 04:49 UTC · model grok-4.3

classification 💻 cs.CR cs.DC
keywords confidential computingtrusted execution environmentsattestable workflowskernel eBPFmutually attested key exchangeencrypted routingsplit trusted computing basefederated domains
0
0 comments X

The pith

Anchoring cryptographic key release to hardware measurements in a split trusted computing base enables native-speed encrypted routing across untrusted networks.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper proposes Codename to support confidential workloads across federated domains without relying on high-overhead user-space systems or single-host assumptions. It introduces a split trusted computing base that isolates a control plane for mutually attested key exchange in hardware while placing enforcement in a measured guest kernel using eBPF. This combination ties key release directly to hardware attestations and performs routing checks at kernel level. The approach yields low costs in practice, with enforcement at 6 microseconds per packet and just 6.1 percent overhead on distributed pipelines compared with much higher penalties from user-space alternatives. A sympathetic reader would see value in enabling secure, multi-domain orchestration for long-running pipelines without sacrificing performance.

Core claim

Codename federates trusted execution environments through a split trusted computing base that couples a hardware-isolated control plane executing mutually attested key exchange with a measured guest-resident eBPF data plane. By anchoring cryptographic key release to hardware measurements and executing enforcement inside the kernel, the system achieves native-speed encrypted routing. Evaluation shows a steady-state enforcement cost of 6 microseconds per packet, an absolute latency overhead of 13 to 15 microseconds, and a 6.1 percent execution penalty on distributed pipelines versus plaintext baselines, while initializing a 100-node cluster in under 1.5 seconds.

What carries the argument

The split trusted computing base that pairs a hardware-isolated control plane for mutually attested key exchange with a kernel-resident eBPF data plane for measured enforcement.

Load-bearing premise

The trusted execution environments remain uncompromised and the combination of split trusted computing base plus kernel eBPF enforcement cannot be bypassed by a malicious host or network adversary.

What would settle it

An experiment in which a TEE is successfully compromised to release keys without valid hardware measurements, or in which kernel eBPF enforcement is bypassed to allow unencrypted routing, would falsify the security and performance claims.

read the original abstract

Confidential high-performance computing orchestrates workloads across federated domains, yet existing frameworks rely on high-overhead user-space library operating systems or assume single-host execution. We propose \codename, an architecture federating Trusted Execution Environments via a split Trusted Computing Base (TCB) design. It couples a hardware-isolated Control Plane executing Mutually Attested Key Exchange (\make) with a measured guest-resident extended Berkeley Packet Filter (eBPF) Data Plane. By anchoring cryptographic key release to hardware measurements and executing enforcement in the kernel, \codename\ achieves native-speed encrypted routing. Empirical evaluation demonstrates a steady-state enforcement cost of $6\,\mu$s per packet, imposing a $13$--$15\,\mu$s absolute latency overhead. On distributed pipelines, \codename\ incurs just a $6.1\%$ execution penalty over plaintext baselines, bypassing the $62\%$ penalty of user-space counterparts. The system initializes a 100-node cluster in under 1.5 seconds, providing an efficient confidential interconnect for long-running workflows.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes Codename, an architecture for federating Trusted Execution Environments across untrusted networks in confidential HPC. It employs a split TCB with a hardware-isolated control plane performing Mutually Attested Key Exchange (MAKE) and a measured guest-resident eBPF data plane for encrypted routing enforcement. The central claims are native-speed performance (steady-state enforcement cost of 6 μs per packet, 13–15 μs absolute latency overhead) and low overhead on distributed pipelines (6.1% execution penalty vs. 62% for user-space baselines), plus sub-1.5-second initialization for a 100-node cluster.

Significance. If the security model holds, the result is significant for enabling practical confidential interconnects in federated domains without the prohibitive costs of user-space library OS approaches. The reported performance numbers, if reproducible, would represent a substantial advance over existing frameworks by achieving near-native speeds while preserving attestation-based key release.

major comments (2)
  1. [§3.2] §3.2 (Data Plane Enforcement): The claim that kernel-resident eBPF provides continuous, bypass-resistant enforcement against a malicious host/hypervisor is load-bearing for both the security guarantees and the reported native-speed performance (which assumes enforcement is always active). The design anchors key release to initial hardware measurements in the control plane, but the manuscript does not address post-attestation runtime integrity (e.g., direct packet injection, alternate kernel routes, or eBPF program replacement). This requires explicit justification or additional mechanisms.
  2. [§5] §5 (Empirical Evaluation): The central performance claims (6 μs/packet enforcement, 6.1% overhead, 13–15 μs latency) are presented without details on experimental methodology, workload descriptions, hardware setup, error bars, number of runs, or statistical significance. This directly limits verification of the overhead comparisons to plaintext and user-space baselines.
minor comments (2)
  1. [Abstract and §1] The abstract and §1 use both 'Codename' and the macro form inconsistently; standardize notation.
  2. [Figure 3] Figure 3 (cluster initialization) lacks axis labels for the time scale and error indicators; improve clarity for the 100-node result.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive review. The comments highlight important areas for clarification on security guarantees and experimental reproducibility. We address each major comment below and commit to revisions that strengthen the manuscript without altering its core contributions.

read point-by-point responses

  1. Referee: [§3.2] §3.2 (Data Plane Enforcement): The claim that kernel-resident eBPF provides continuous, bypass-resistant enforcement against a malicious host/hypervisor is load-bearing for both the security guarantees and the reported native-speed performance (which assumes enforcement is always active). The design anchors key release to initial hardware measurements in the control plane, but the manuscript does not address post-attestation runtime integrity (e.g., direct packet injection, alternate kernel routes, or eBPF program replacement). This requires explicit justification or additional mechanisms.

    Authors: We appreciate the referee identifying this load-bearing aspect of the threat model. The split-TCB architecture isolates the control plane (performing MAKE and key release) in hardware, with the guest kernel and its eBPF data plane measured as part of the attested guest image. Enforcement occurs in the kernel-resident eBPF, which the guest kernel verifier protects from user-space bypass and which is pinned to specific flows. Against a malicious hypervisor, we rely on TEE memory isolation preventing direct host access to guest packet buffers or kernel structures; any network traffic must traverse the attested guest stack. We acknowledge that the manuscript would benefit from an explicit subsection on post-attestation runtime integrity. We will add this to §3.2, including discussion of why direct packet injection or eBPF replacement would require violating TEE isolation or triggering re-attestation (which the control plane does not permit). This constitutes a partial revision focused on exposition rather than new mechanisms. revision: partial

  2. Referee: [§5] §5 (Empirical Evaluation): The central performance claims (6 μs/packet enforcement, 6.1% overhead, 13–15 μs latency) are presented without details on experimental methodology, workload descriptions, hardware setup, error bars, number of runs, or statistical significance. This directly limits verification of the overhead comparisons to plaintext and user-space baselines.

    Authors: We fully agree that additional methodological details are required for reproducibility and to allow independent verification of the performance claims. In the revised manuscript we will expand §5 with: complete hardware specifications (CPU, TEE technology, NIC, and cluster configuration), precise descriptions of the distributed pipeline workloads and their communication patterns, the number of runs performed (20 independent trials), error bars (standard deviation), and a brief note on statistical significance testing. The 6 μs steady-state enforcement figure was obtained via kernel-level tracing on saturated traffic; these additions will directly support the comparisons to plaintext and user-space baselines. revision: yes

Circularity Check

0 steps flagged

No circularity: performance claims are direct empirical measurements

full rationale

The paper's central claims rest on empirical evaluation of a proposed split-TCB architecture (hardware-isolated control plane with MAKE and guest-resident eBPF data plane). Reported quantities—6 μs steady-state enforcement cost, 13–15 μs latency overhead, 6.1% execution penalty versus plaintext, and 100-node cluster initialization under 1.5 s—are presented as measured outcomes on distributed pipelines, not as outputs of any equations, fitted parameters, or self-referential derivations. No load-bearing self-citations, uniqueness theorems, ansatzes, or renamings of known results appear in the architecture description or results. The design is justified by the proposal itself (anchoring key release to hardware measurements and kernel enforcement), which does not reduce to its own inputs by construction. This is the most common honest non-finding for systems papers whose contributions are architectural and experimentally validated.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim rests on standard domain assumptions about TEE isolation and attestation rather than new free parameters or invented entities beyond the proposed system itself.

axioms (1)
  • domain assumption Trusted Execution Environments provide reliable hardware isolation, attestation, and measurement capabilities that cannot be forged by a compromised host.
    Invoked to justify anchoring key release to hardware measurements in the control plane.
invented entities (1)
  • Codename architecture (split TCB with MAKE control plane and eBPF data plane) no independent evidence
    purpose: To enforce attestable encrypted routing across untrusted networks at native speed.
    The system is introduced and evaluated in this paper; no independent evidence outside the work is provided.

pith-pipeline@v0.9.0 · 5472 in / 1371 out tokens · 46167 ms · 2026-05-12T04:49:58.210363+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

35 extracted references · 35 canonical work pages

  1. [1]

    Technical report, Intel Corporation (2025)

    Intel Corporation: Intel trust domain extensions (Intel TDX) module architecture specification. Technical report, Intel Corporation (2025). https://www.intel.com/content/www/us/en/content-details/853294/ intel-trust-domain-extensions-intel-tdx-module-base-architecture-specification. html

    work page 2025

  2. [2]

    Technical report, ARM Limited (2025)

    ARM Limited: Arm confidential compute architecture: Realm management monitor (RMM) specification (DEN0137). Technical report, ARM Limited (2025)

    work page 2025

  3. [3]

    In: 2023 USENIX Annual Technical Conference (USENIX ATC 23), pp

    Li, D., Mi, Z., Ji, C., Tan, Y., Zang, B., Guan, H., Chen, H.: Bifrost: Analysis and optimization of network I/O tax in confidential virtual machines. In: 2023 USENIX Annual Technical Conference (USENIX ATC 23), pp. 1–15 (2023)

    work page 2023

  4. [4]

    Knauth, T., Steiner, M., Chakrabarti, S., Lei, L., Xing, C., Vij, M.: Integrating Remote Attestation with Transport Layer Security (2018) 30

    work page 2018

  5. [5]

    Technical report, Intel Corporation (2023)

    Intel Corporation: Intel software guard extensions (Intel SGX) developer refer- ence. Technical report, Intel Corporation (2023)

    work page 2023

  6. [6]

    IET Communications18(9), 535–556 (2024)

    Feng, D., Qin, Y., Feng, W., Li, W., Shang, K., Ma, H.: Survey of research on confidential computing. IET Communications18(9), 535–556 (2024)

    work page 2024

  7. [7]

    Technical report, IETF (2023)

    Birkholz, H., Thaler, D., Richardson, M., Smith, N., Pan, W.: RFC 9334: Remote ATtestation procedures (RATS) architecture. Technical report, IETF (2023)

    work page 2023

  8. [8]

    IEEE Access12, 361–381 (2024)

    Sardar, M.U., Fossati, T., Frost, S., Xiong, S.: Formal specification and verifi- cation of architecturally-defined attestation mechanisms in Arm CCA and Intel TDX. IEEE Access12, 361–381 (2024)

    work page 2024

  9. [9]

    Computers & Security148, 104136 (2025)

    Bai, F., Wang, Z., Zeng, K., Zhang, C., Shen, T., Zhang, X., Gong, B.: ZKSA: Secure mutual attestation against TOCTOU zero-knowledge proof based for IoT devices. Computers & Security148, 104136 (2025)

    work page 2025

  10. [10]

    Journal of Information Security and Applications75(2023)

    Dushku, E., Rabbani, M.M., Vliegen, J., Braeken, A., Mentens, N.: PROVE: Provable remote attestation for public verifiability. Journal of Information Security and Applications75(2023)

    work page 2023

  11. [11]

    In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIA CCS), pp

    Debes, H.B., Dushku, E., Giannetsos, T., Marandi, A.: ZEKRA: Zero-knowledge control-flow attestation. In: Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ASIA CCS), pp. 357–371 (2023)

    work page 2023

  12. [12]

    In: Proceedings of the 22nd International Conference on Security and Cryptography (SECRYPT) (2025)

    El Kassem, N., Hellemans, W., Siachos, I., Dushku, E., Vasileiadis, S., Karas, D.S., Chen, L., Patsakis, C., Giannetsos, T.: PRIV ´E: Towards privacy-preserving swarm attestation. In: Proceedings of the 22nd International Conference on Security and Cryptography (SECRYPT) (2025)

    work page 2025

  13. [13]

    Computers & Security148(2025)

    Alves, R.C.A., Freitas, O.F., Albertini, B.C., Jr., M.A.S.: Testing the limits of SPDM: Authentication of intermittently connected devices. Computers & Security148(2025)

    work page 2025

  14. [14]

    https://github.com/microsoft/openvmm

    OpenHCL. https://github.com/microsoft/openvmm

    work page

  15. [15]

    In: Proceedings of the 13th Symposium on Operating System Design and Implementation (OSDI), pp

    Volos, S., Vaswani, K., Bruno, R.: Graviton: Trusted execution environments on GPUs. In: Proceedings of the 13th Symposium on Operating System Design and Implementation (OSDI), pp. 681–696 (2018)

    work page 2018

  16. [16]

    ACM Transactions on Privacy and Security, 1–46 (2023)

    Scopelliti, G., Pouyanrad, S., Noorman, J., Alder, F., Baumann, C., Piessens, F., M¨ uhlberg, J.T.: End-to-end security for distributed event-driven enclave appli- cations on heterogeneous tees. ACM Transactions on Privacy and Security, 1–46 (2023)

    work page 2023

  17. [17]

    In: Proceedings of the 20th European Conference on Computer Systems (EuroSys), pp

    Zhang, C., Priolkar, R., Jiang, Y., Xiao, Y., Vij, M., Liang, Z., Ahmad, A.: Erebor: A drop-in sandbox solution for private data processing in untrusted confidential 31 virtual machines. In: Proceedings of the 20th European Conference on Computer Systems (EuroSys), pp. 1210–1228 (2025)

    work page 2025

  18. [18]

    In: Proceedings of the 28th Inter- national Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), vol

    Ahmad, A., Ou, B., Liu, C., Zhang, X., Fonseca, P.: Veil: A protected services framework for confidential virtual machines. In: Proceedings of the 28th Inter- national Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), vol. 4, pp. 378–393 (2023)

    work page 2023

  19. [19]

    In: Proceedings of the 28th International Symposium on High-Performance Parallel and Distributed Computing, pp

    Babuji, Y., Woodard, A., Li, Z., Katz, D.S., Clifford, B., Kumar, R., Lacinski, L., Chard, R., Wozniak, J.M., Foster, I., Wilde, M., Chard, K.: Parsl: Pervasive paral- lel programming in python. In: Proceedings of the 28th International Symposium on High-Performance Parallel and Distributed Computing, pp. 25–36 (2019)

    work page 2019

  20. [20]

    Concurrency and computation: practice and experience17(2- 4), 323–356 (2005)

    Thain, D., Tannenbaum, T., Livny, M.: Distributed computing in practice: the condor experience. Concurrency and computation: practice and experience17(2- 4), 323–356 (2005)

    work page 2005

  21. [21]

    arXiv preprint arXiv:2603.03403 (2026)

    Al Sadi, A., Abdollahi, S., Ghosn, A., Haddadi, H., Kogias, M.: Sharing is caring: Attestable and trusted workflows out of distrustful components. arXiv preprint arXiv:2603.03403 (2026). Preprint

    work page arXiv 2026

  22. [22]

    In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2022)

    Lee, D., Cheang, K., Thomas, A., Lu, C., Gaddamadugu, P., Vahldiek- Oberwagner, A., Vij, M., Song, D., Seshia, S.A., Asanovic, K.: Cerberus: A formal approach to secure and efficient enclave memory sharing. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS) (2022)

    work page 2022

  23. [23]

    In: Proceedings of the 31st USENIX Security Symposium, pp

    Yu, J.Z., Shinde, S., Carlson, T.E., Saxena, P.: Elasticlave: An efficient memory model for enclaves. In: Proceedings of the 31st USENIX Security Symposium, pp. 4111–4128 (2022)

    work page 2022

  24. [24]

    In: Proceedings of the 18th Inter- national Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp

    Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: InkTag: Secure applications on an untrusted operating system. In: Proceedings of the 18th Inter- national Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), pp. 265–278 (2013)

    work page 2013

  25. [25]

    In: Proceedings of the 18th Symposium on Operating System Design and Implementation (OSDI), pp

    Zhou, Z., Anjali, Chen, W., Gong, S., Hawblitzel, C., Cui, W.: VeriSMo: A verified security module for confidential VMs. In: Proceedings of the 18th Symposium on Operating System Design and Implementation (OSDI), pp. 599–614 (2024)

    work page 2024

  26. [26]

    In: Proceedings of the 12th USENIX Symposium on Operating System Design and Implementation (OSDI), pp

    Hunt, T., Zhu, Z., Xu, Y., Peter, S., Witchel, E.: Ryoan: A distributed sandbox for untrusted computation on secret data. In: Proceedings of the 12th USENIX Symposium on Operating System Design and Implementation (OSDI), pp. 533– 549 (2016)

    work page 2016

  27. [27]

    In: Proceedings of the 32nd USENIX Security Symposium, 32 pp

    Sirone Jegan, D., Wang, L., Bhagat, S., Swift, M.M.: Guarding serverless appli- cations with Kalium. In: Proceedings of the 32nd USENIX Security Symposium, 32 pp. 4087–4104 (2023)

    work page 2023

  28. [28]

    Expert Systems with Applications239(2024)

    Cao, Y., Zhang, J., Zhao, Y., Su, P., Huang, H.: SRFL: A secure & robust fed- erated learning framework for IoT with trusted execution environments. Expert Systems with Applications239(2024)

    work page 2024

  29. [29]

    In: 2022 USENIX Annual Technical Conference (USENIX ATC 22), pp

    Jia, Y., Liu, S., Wang, W., Chen, Y., Zhai, Z., Yan, S., He, Z.: HyperEnclave: An open and cross-platform trusted execution environment. In: 2022 USENIX Annual Technical Conference (USENIX ATC 22), pp. 437–454 (2022)

    work page 2022

  30. [30]

    In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pp

    Arnautov, S., Trach, B., Gregor, F., Knauth, T., Martin, A., Priebe, C., Lind, J., Muthukumaran, D., O’Keeffe, D., Stillwell, M.L., Goltzsche, D., Eyers, D., Kapitza, R., Pietzuch, P., Fetzer, C.: SCONE: Secure linux containers with Intel SGX. In: 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16), pp. 689–703. USENIX Associati...

    work page 2016

  31. [31]

    IEEE Transactions on Emerging Topics in Computing (2024)

    Brossard, M., Bryant, G., Gaabouri, B.E., Fan, X., Ferreira, A., Evans, E.G., Haster, C., Johnson, E., Miller, D., Mo, F., Mulligan, D.P., Spinale, N., Hensber- gen, E., Vincent, H.J.M., Xiong, S.: Private delegated computations using strong isolation. IEEE Transactions on Emerging Topics in Computing (2024)

    work page 2024

  32. [32]

    In: Advances in Cryptology — CRYPTO 2003, pp

    Krawczyk, H.: Sigma: The ‘sign-and-mac’ approach to authenticated diffie- hellman and its use in the ike protocols. In: Advances in Cryptology — CRYPTO 2003, pp. 400–425. Springer, ??? (2003)

    work page 2003

  33. [33]

    Proceedings on Privacy Enhancing Technologies2026, 411–425 (2026)

    Jarkas, O., Ko, R., Dong, N., Mahmud, M.: Seed: A minimal-footprint tee frame- work for verifiable, confidential microservice deployment. Proceedings on Privacy Enhancing Technologies2026, 411–425 (2026)

    work page 2026

  34. [34]

    Future Generation Computer Systems46, 17–35 (2015)

    Deelman, E., Vahi, K., Juve, G., Rynge, M., Callaghan, S., Maechling, P.J., Mayani, R., Chen, W., Ferreira da Silva, R., Livny, M., Wenger, K.: Pega- sus, a workflow management system for science automation. Future Generation Computer Systems46, 17–35 (2015)

    work page 2015

  35. [35]

    Future Generation Computer Systems128, 16–27 (2022) 33

    Coleman, T., Casanova, H., Pottier, L., Kaushik, M., Deelman, E., Ferreira da Silva, R.: Wfcommons: A framework for enabling scientific workflow research and development. Future Generation Computer Systems128, 16–27 (2022) 33

    work page 2022