arxiv: 2602.13148 · v2 · submitted 2026-02-13 · 💻 cs.CR

Recognition: no theorem link

TrustMee: Self-Verifying Remote Attestation Evidence

Parsa Sadri Sinaki , Zainab Ahmad , Wentao Xie , Merlijn Sebrechts , Jimmy Kj\"allman , Lachlan J. Gunn

Authors on Pith no claims yet

Pith reviewed 2026-05-15 22:13 UTC · model grok-4.3

classification 💻 cs.CR

keywords remote attestationself-verifying evidenceWebAssemblyconfidential virtual machinesAMD SEV-SNPIntel TDXIntel SGXEntity Attestation Token

0 comments

The pith

Attestation evidence can include its own WebAssembly verifier so that verifiers need no platform-specific code.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces self-verifying remote attestation evidence in which each bundle carries a WebAssembly component that encodes the logic needed to check the evidence. A verifier downloads the component, measures it against a known reference value, and then runs it to validate the attestation claims. This turns verification into a platform-agnostic step that reuses the same measurement mechanisms already used for other software. The approach is shown to work for AMD SEV-SNP, Intel TDX, and Intel SGX attestations while producing standard Entity Attestation Token claims. As a result the verifier's trusted computing base and maintenance burden are reduced because hardware-specific cryptographic logic is no longer required.

Core claim

Each attestation bundle identifies its verification logic as a downloadable WebAssembly component; the verifier measures that component with existing mechanisms and then executes it to validate the evidence. This makes evidence verification a platform-agnostic function implemented once for all platforms, so that verifiers can check attestation claims for AMD SEV-SNP, Intel TDX, and Intel SGX without any hardware-specific code.

What carries the argument

A self-verifying attestation bundle containing a WebAssembly verification component that the verifier measures and executes to produce EAT claims.

Load-bearing premise

The downloaded WebAssembly verification component can itself be measured and run securely without adding new attack surfaces or requiring platform-specific trust in the Wasm runtime.

What would settle it

A concrete test that supplies a malicious WebAssembly component whose measurement matches the reference value yet produces an incorrect validation result for a known-valid attestation quote.

Figures

Figures reproduced from arXiv: 2602.13148 by Jimmy Kj\"allman, Lachlan J. Gunn, Merlijn Sebrechts, Parsa Sadri Sinaki, Wentao Xie, Zainab Ahmad.

**Figure 1.** Figure 1: TrustMee removes the need for platform-specific code in the verifier by bundling verification logic with the evidence. A generic verifier then uses the component to process the evidence, allowing new Trusted Execution Environments (TEEs) to be supported by the verifier by just applying a new appraisal policy without any code changes. so verifying attestations requires hardware-dependent logic for every TE… view at source ↗

**Figure 2.** Figure 2: The RATS architecture data flow (adapted from [11]). PR—Performance: When implemented in existing attestation frameworks, the design should add minimal end-to-end latency compared with existing drivers. Attestation is often on the critical path of connection establishment or workload admission (e.g., TLS handshakes, gateway decisions, orchestrator scheduling), therefore making low latency a key requireme… view at source ↗

**Figure 3.** Figure 3: TrustMee architecture for self-verifying remote attestation evidence. The platform-specific verification logic is bundled with the evidence. TrustMee executes it as a WebAssembly component inside a sandboxed WebAssembly runtime to map the platform-specific attestation evidence to claims that can be used by the platform-agnostic logic of the Verifier. 4.1 Verification Component The main tasks of the Verific… view at source ↗

**Figure 4.** Figure 4: The interface between the Verification Component [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗

**Figure 5.** Figure 5: End-to-end attestation verification latency without [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗

**Figure 6.** Figure 6: Effect of Verification Component caching in [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗

read the original abstract

Hardware-secured remote attestation is essential to establishing trust in the integrity of confidential virtual machines (cVMs), but is difficult to use in practice because verifying attestation evidence requires the use of hardware-specific cryptographic logic. This increases both maintenance costs and the verifiers' trusted computing base. We introduce the concept of self-verifying remote attestation evidence. Each attestation bundle identifies its verification logic in the form of a WebAssembly component that is downloaded by the verifier and executed. This approach transforms evidence verification into a platform-agnostic functionality that is implemented once for all platforms: the verifier measures the verification logic and then executes it to validate the evidence. As a result, verifiers can validate attestation evidence without any platform-specific code; the verification logic is just another measurement whose reference value can be checked with existing mechanisms. We implement this concept as TrustMee, a platform-agnostic verification driver for the Trustee framework. We demonstrate its functionality with self-verifying evidence for AMD SEV-SNP, Intel TDX, and Intel SGX attestations, producing attestation claims in the standard Entity Attestation Token (EAT) format.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

TrustMee bundles the verification logic as a measured Wasm component so verifiers skip platform-specific code, but the runtime TCB stays unexamined.

read the letter

The main point is that this paper shows how to move attestation verification logic into the evidence bundle itself as a WebAssembly component. The verifier measures that component against a known reference and then runs it on the rest of the evidence, which removes the need for hardware-specific code on the verifier side. They implemented it as TrustMee inside the Trustee framework and demonstrated it on AMD SEV-SNP, Intel TDX, and Intel SGX, all producing standard EAT claims. That is a concrete engineering step that reuses existing measurement mechanisms rather than inventing new ones. The demos across three platforms are the strongest part; they show the approach is feasible in practice and not just an abstract idea. The reduction in verifier maintenance burden is real if the Wasm part works as described. The soft spot is exactly where the stress-test note points: the security of the whole thing now depends on the Wasm runtime being measured, selected, and isolated without new attack surfaces. The abstract gives no details on how the runtime itself is attested or whether different runtimes could produce different measurements or execution results. If the downloaded component can affect memory layout or host functions, the claimed reduction in trusted computing base does not fully hold. The paper does not appear to include a formal threat model or security analysis, which leaves that part thin. This work is aimed at people who deploy or maintain confidential VMs in cloud settings and want simpler verifiers. A reader already familiar with attestation formats and TEEs will see the practical value quickly. It deserves a serious referee because the implementation is grounded and the core idea is new enough that review would tighten the runtime assumptions and clarify the TCB boundaries. I would send it out rather than desk reject.

Referee Report

2 major / 1 minor

Summary. The paper introduces the concept of self-verifying remote attestation evidence, in which each attestation bundle includes a WebAssembly component that encodes the verification logic. Verifiers download this component, measure it using existing mechanisms, and execute it to validate the evidence, eliminating the need for platform-specific cryptographic code. The approach is implemented as TrustMee, a platform-agnostic driver for the Trustee framework, and demonstrated on AMD SEV-SNP, Intel TDX, and Intel SGX attestations that produce claims in EAT format.

Significance. If the security assumptions regarding the Wasm runtime hold, the work could meaningfully reduce verifier TCB and maintenance costs for remote attestation by converting hardware-specific logic into a measurable, downloadable artifact. It reuses rather than replaces existing measurement primitives and targets a practical pain point in confidential computing deployments.

major comments (2)

[Abstract] Abstract: The central claim that 'verifiers can validate attestation evidence without any platform-specific code' and that 'the verification logic is just another measurement' is load-bearing for the contribution, yet the manuscript provides no description of how the Wasm component is measured before execution, how the runtime itself is selected or attested, or how import resolution and host functions are constrained to prevent the component from influencing its own measurement.
[Demonstrations] Demonstrations (AMD SEV-SNP, Intel TDX, Intel SGX): The three-platform evaluation reports successful production of EAT claims but contains no security analysis, threat model, or error-handling details. This omission prevents independent assessment of whether different Wasm runtimes produce consistent measurements or execution semantics, directly undermining the platform-agnostic guarantee.

minor comments (1)

The abstract would be clearer if it briefly stated the assumed trust boundary for the Wasm runtime and any restrictions placed on host functions.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed review of our manuscript. We address each major comment point by point below, indicating revisions where appropriate to strengthen the paper.

read point-by-point responses

Referee: [Abstract] The central claim that 'verifiers can validate attestation evidence without any platform-specific code' and that 'the verification logic is just another measurement' is load-bearing for the contribution, yet the manuscript provides no description of how the Wasm component is measured before execution, how the runtime itself is selected or attested, or how import resolution and host functions are constrained to prevent the component from influencing its own measurement.

Authors: We agree that these implementation details are necessary to fully support the central claim. In the revised manuscript we will add a dedicated subsection in the design section that explains: (1) how the Wasm component is measured using existing platform primitives prior to execution, (2) the mechanism for selecting and attesting the Wasm runtime itself, and (3) the constraints placed on import resolution and host functions to ensure the component cannot affect its own measurement. These additions will make the security argument explicit without altering the core approach. revision: yes
Referee: [Demonstrations] The three-platform evaluation reports successful production of EAT claims but contains no security analysis, threat model, or error-handling details. This omission prevents independent assessment of whether different Wasm runtimes produce consistent measurements or execution semantics, directly undermining the platform-agnostic guarantee.

Authors: We accept that the current demonstrations section is insufficient for independent assessment. We will expand it to include an explicit threat model, a security analysis that discusses potential variations in Wasm runtime measurement and execution semantics across platforms, and details on error handling. These additions will directly address consistency concerns and reinforce the platform-agnostic properties. revision: yes

Circularity Check

0 steps flagged

No significant circularity; verification reuses existing measurement mechanisms

full rationale

The paper's derivation chain defines self-verifying evidence as an attestation bundle that identifies a WebAssembly verification component; the verifier downloads it, measures it with existing mechanisms, and executes it to produce EAT claims. This reuses standard remote attestation primitives (measurement and reference-value comparison) without redefining success in terms of its own outputs, fitted parameters, or self-citations. No equations appear that equate a derived quantity to its input by construction, no uniqueness theorem is imported from prior author work, and no ansatz is smuggled via citation. The central claim remains independent of the present paper's fitted values and is externally falsifiable against existing attestation protocols for SEV-SNP, TDX, and SGX. The unexamined Wasm runtime TCB is an assumption about the verifier's environment, not a circular reduction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim rests on the assumption that WebAssembly provides a safe, deterministic execution environment for verification logic and that reference measurements of that logic can be established and trusted independently.

axioms (1)

domain assumption WebAssembly execution is deterministic and free of side-channel leakage that would compromise attestation verification
Invoked implicitly when the verifier is expected to run the bundled logic safely.

invented entities (1)

self-verifying attestation evidence no independent evidence
purpose: To decouple verification logic from the verifier's platform-specific code
New concept introduced to solve the hardware-specific maintenance problem.

pith-pipeline@v0.9.0 · 5516 in / 1213 out tokens · 42611 ms · 2026-05-15T22:13:41.751147+00:00 · methodology

discussion (0)

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

EBCC: Enclave-Backed Confidential Containers via OCI-Compatible Runtime Integration
cs.CR 2026-05 unverdicted novelty 7.0

EBCC provides an OCI-compatible runtime architecture that unifies REE and TEE stages for confidential containers while preserving standard lifecycle operations behind a backend adapter.

Reference graph

Works this paper leans on

68 extracted references · 68 canonical work pages · cited by 1 Pith paper · 1 internal anchor

[1]

Multi-platform attestation verification

Zainab Ahmad. Multi-platform attestation verification. Master’s thesis, Aalto University, 2024

work page 2024
[2]

S-FaaS: Trustworthy and accountable Function-as-a-Service using Intel SGX

Fritz Alder, N Asokan, Arseny Kurnikov, Andrew Paverd, and Michael Steiner. S-FaaS: Trustworthy and accountable Function-as-a-Service using Intel SGX. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop, pages 185–199, 2019

work page 2019
[3]

Aws nitro enclaves

Amazon Web Services. Aws nitro enclaves. [Online]. Available: https://aws.amazon.com/ec2/ nitro/nitro-enclaves, 2024

work page 2024
[4]

Collective remote attestation at the Internet of Things scale: State- of-the-art and future challenges.IEEE Communications Surveys & Tutorials, 22(4):2447–2461, 2020

Moreno Ambrosin, Mauro Conti, Riccardo Lazzeretti, Md Masoom Rabbani, and Silvio Ranise. Collective remote attestation at the Internet of Things scale: State- of-the-art and future challenges.IEEE Communications Surveys & Tutorials, 22(4):2447–2461, 2020

work page 2020
[5]

Versioned chip endorsement key (vcek) certifi- cate and kds interface specification

AMD. Versioned chip endorsement key (vcek) certifi- cate and kds interface specification. [Online]. Available: https://docs.amd.com/api/khub/documents/ dWGhwYpo1Wv51rJN4d~47g/content, January 2025

work page 2025
[6]

Arm Confidential Compute Archi- tecture

Arm. Arm Confidential Compute Archi- tecture. [Online]. Available: https://www. arm.com/architecture/security-features/ arm-confidential-compute-architecture, 2024

work page 2024
[7]

Enola: Efficient control-flow attestation for embedded systems.arXiv preprint arXiv:2501.11207, 2025

Md Armanuzzaman, Engin Kirda, and Ziming Zhao. Enola: Efficient control-flow attestation for embedded systems.arXiv preprint arXiv:2501.11207, 2025

work page arXiv 2025
[8]

Systematic parsing of X.509: eradicating se- curity issues with a parse tree.Journal of Computer Security, 26(6):817–849, 2018

Alessandro Barenghi, Nicholas Mainardi, and Gerardo Pelosi. Systematic parsing of X.509: eradicating se- curity issues with a parse tree.Journal of Computer Security, 26(6):817–849, 2018

work page 2018
[9]

Trusted geolocation in the cloud: Proof of concept implementation

Michael Bartock, Murugiah Souppaya, Raghuram Yeluri, Uttam Shetty, James Greene, Steve Orrin, Hemma Prafullchandra, John McLeese, Jason Mills, Daniel Carayiannis, et al. Trusted geolocation in the cloud: Proof of concept implementation. NIST Interagency Report 7904, National Institute of Standards and Technology, December 2015. URL: https://csrc.nist.gov/...

work page doi:10.6028/nist.ir.7904 2015
[10]

RATS Concep- tual Messages Wrapper (CMW)

Henk Birkholz, Ned Smith, Thomas Fossati, Hannes Tschofenig, and Dionna Glaze. RATS Concep- tual Messages Wrapper (CMW). Internet-Draft draft-ietf-rats-msg-wrap-23, Internet Engineering Task Force, December 2025. Work in Progress. URL: https://datatracker.ietf.org/doc/ draft-ietf-rats-msg-wrap/23/

work page 2025
[11]

Remote ATtestation proce- dureS (RATS) Architecture

Henk Birkholz, Dave Thaler, Michael Richardson, Ned Smith, and Wei Pan. Remote ATtestation proce- dureS (RATS) Architecture. RFC 9334, January

work page
[12]

URL: https://www.rfc-editor.org/info/ rfc9334,doi:10.17487/RFC9334

work page doi:10.17487/rfc9334
[13]

Mulligan, Nick Spinale, Eric van Hensbergen, Hugo J

Mathias Brossard, Guilhem Bryant, Basma El Gaabouri, Xinxin Fan, Alexandre Ferreira, Edmund Grimley- Evans, Christopher Haster, Evan Johnson, Derek Miller, Fan Mo, Dominic P. Mulligan, Nick Spinale, Eric van Hensbergen, Hugo J. M. Vincent, and Shale Xiong. Private delegated computations using strong isolation. Technical report, Systems Research Group, Arm...

work page doi:10.48550/arxiv.2205.03322 2022
[14]

A next-generation smart contract and decentralized application platform

Vitalik Buterin. A next-generation smart contract and decentralized application platform. Whitepaper, Ethereum.org, 2014. URL: https://ethereum.org/ content/whitepaper/whitepaper-pdf/Ethereum_ Whitepaper_-_Buterin_2014.pdf

work page 2014
[15]

Wasmtime

Bytecode Alliance. Wasmtime. [Online]. Avail- able: https://github.com/bytecodealliance/ wasmtime, 2022

work page 2022
[16]

Introduction - the WebAssembly component model

Bytecode Alliance. Introduction - the WebAssembly component model. [Online]. Available: https:// component-model.bytecodealliance.org/, 2024

work page 2024
[17]

wasmtime crate documentation,

Bytecode Alliance. wasmtime crate documentation,

work page
[18]

URL: https://docs.rs/ wasmtime/41.0.3/wasmtime/

Version 41.0.3. URL: https://docs.rs/ wasmtime/41.0.3/wasmtime/

work page
[19]

Wit reference - the web- assembly component model

Bytecode Alliance. Wit reference - the web- assembly component model. [Online]. Available: https://component-model.bytecodealliance. org/design/wit.html, 2026

work page 2026
[20]

On the verification of control flow attestation evidence.arXiv preprint arXiv:2411.10855, 2024

Adam Caulfield, Norrathep Rattanavipanon, and Ivan De Oliveira Nunes. On the verification of control flow attestation evidence.arXiv preprint arXiv:2411.10855, 2024

work page arXiv 2024
[21]

Attestation ca- pabilities of trusted execution environments in the wild

Eber Christer and Filip Rezabek. Attestation ca- pabilities of trusted execution environments in the wild. InProceedings of the Seminar Innovative Internet Technologies and Mobile Communications (IITM), Summer Semester 2024, number NET- 2024-09-1 in Network Architectures and Services, pages 55–59, Munich, Germany, 2024. Chair of Network Architectures and ...

work page doi:10.2313/net-2024-09-1_10 2024
[22]

Prin- ciples of remote attestation.International journal of information security, 10(2):63–81, 2011

George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Brian O’Hanlon, John Rams- dell, Ariel Segall, Justin Sheehy, and Brian Sniffen. Prin- ciples of remote attestation.International journal of information security, 10(2):63–81, 2011

work page 2011
[23]

Github - confidential- containers/trustee: Attestation and secret delivery com- ponents

confidential-containers. Github - confidential- containers/trustee: Attestation and secret delivery com- ponents. [Online]. Available: https://github.com/ confidential-containers/trustee, 2026. Ac- cessed 2026-02-03

work page 2026
[24]

Intel SGX ex- plained

Victor Costan and Srinivas Devadas. Intel SGX ex- plained. Cryptology ePrint Archive, Paper 2016/086,

work page 2016
[25]

URL:https://eprint.iacr.org/2016/086

work page 2016
[26]

Github - deislabs/wasi-experimental-http: Experimental outbound http support for webassembly and wasi

deislabs. Github - deislabs/wasi-experimental-http: Experimental outbound http support for webassembly and wasi. [Online]. Available: https://github.com/ deislabs/wasi-experimental-http, 2024

work page 2024
[27]

ebpf documentation

eBPF. ebpf documentation. [Online]. Available: https: //ebpf.io/what-is-ebpf/

work page
[28]

Introduction – enarx technical overview

Enarx Project. Introduction – enarx technical overview. [Online]. Available: https://enarx.dev/ docs/technical/introduction, 2023

work page 2023
[29]

EAT Attestation Results

Thomas Fossati, Eric V oit, Sergei Trofimov, and Henk Birkholz. EAT Attestation Results. Internet-Draft draft- ietf-rats-ear-03, Internet Engineering Task Force, March

work page
[30]

URL:https://datatracker

Work in Progress. URL:https://datatracker. ietf.org/doc/draft-ietf-rats-ear/03/

work page
[31]

Google cloud confidential com- puting: Encryption in use

Google Cloud. Google cloud confidential com- puting: Encryption in use. [Online]. Available: https://cloud.google.com/security/products/ confidential-computing, 2026

work page 2026
[32]

Unified enclave abstrac- tion and secure enclave migration on heterogeneous security architectures.Journal of Computer Science and Technology, 37(2):468–486, 2022

Jin-Yu Gu, Hao Li, Yu-Bin Xia, Hai-Bo Chen, Cheng- Gang Qin, and Zheng-Yu He. Unified enclave abstrac- tion and secure enclave migration on heterogeneous security architectures.Journal of Computer Science and Technology, 37(2):468–486, 2022

work page 2022
[33]

Bringing the web up to speed with WebAssembly

Andreas Haas, Andreas Rossberg, Derek L Schuff, Ben L Titzer, Michael Holman, Dan Gohman, Luke Wag- ner, Alon Zakai, and JF Bastien. Bringing the web up to speed with WebAssembly. InProceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 185–200, 2017

work page 2017
[34]

David Herrera, Hangfen Chen, Erick Lavoie, and Lau- rie Hendren. WebAssembly and JavaScript challenge: Numerical program performance using modern browser technologies and devices.University of McGill, Mon- treal: QC, Technical report SABLE-TR-2018-2, 2018

work page 2018
[35]

Github - intel/sgxdatacenterattestationprimitives

Intel. Github - intel/sgxdatacenterattestationprimitives. [Online]. Available: https://github.com/intel/ SGXDataCenterAttestationPrimitives. Accessed 2026-02-03

work page 2026
[36]

Intel Trust Domain Extensions

Intel. Intel Trust Domain Extensions. [Online]. Available: https://cdrdv2-public.intel.com/ 690419/TDX-Whitepaper-February2022.pdf, February 2022

work page 2022
[37]

Intel trust authority

Intel. Intel trust authority. [Online]. Available: https: //docs.trustauthority.intel.com/, 2023. Ac- cessed: 2026-02-05

work page 2023
[38]

Not so fast: Analyzing the performance of WebAssembly vs

Abhinav Jangda, Bobby Powers, Emery D Berger, and Arjun Guha. Not so fast: Analyzing the performance of WebAssembly vs. native code. In2019 USENIX Annual Technical Conference (USENIX ATC 19), pages 107–120, 2019

work page 2019
[39]

Intel software guard exten- sions: Epid provisioning and attestation services.White Paper, 1(1-10):119, 2016

Simon Johnson, Vinnie Scarlata, Carlos Rozas, Ernie Brickell, Frank Mckeen, et al. Intel software guard exten- sions: Epid provisioning and attestation services.White Paper, 1(1-10):119, 2016

work page 2016
[40]

Integrating Remote Attestation with Transport Layer Security

Thomas Knauth, Michael Steiner, Somnath Chakrabarti, Li Lei, Cedric Xing, and Mona Vij. Integrating remote attestation with Transport Layer Security.arXiv preprint arXiv:1801.05863, 2018

work page internal anchor Pith review Pith/arXiv arXiv 2018
[41]

Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense

Radhesh Krishnan Konoth, Emanuele Vineti, Veelasha Moonsamy, Martina Lindorfer, Christopher Kruegel, Herbert Bos, and Giovanni Vigna. Minesweeper: An in-depth look into drive-by cryptocurrency mining and its defense. InProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 1714–1730, 2018

work page 2018
[42]

Everything old is new again: Binary security of WebAssembly

Daniel Lehmann, Johannes Kinder, and Michael Pradel. Everything old is new again: Binary security of WebAssembly. In29th USENIX Se- curity Symposium (USENIX Security ’20), pages 217–234. USENIX Association, August 2020. URL: https://www.usenix.org/conference/ usenixsecurity20/presentation/lehmann

work page 2020
[43]

Open Portable Trusted Execution Environment (OP-TEE)

Linaro Limited. Open Portable Trusted Execution Environment (OP-TEE). [Online]. Available: https: //www.op-tee.org, 2026

work page 2026
[44]

The Entity Attes- tation Token (EAT)

Laurence Lundblade, Giridhar Mandyam, Jeremy O’Donoghue, and Carl Wallace. The Entity Attes- tation Token (EAT). RFC 9711, April 2025. URL: https://www.rfc-editor.org/info/rfc9711, doi:10.17487/RFC9711. 17

work page doi:10.17487/rfc9711 2025
[45]

Azure confidential computing

Microsoft. Azure confidential computing. [Online]. Available: https://azure.microsoft.com/en-us/ solutions/confidential-compute, 2023. Ac- cessed: 2026-02-05

work page 2023
[46]

Open enclave sdk

Microsoft. Open enclave sdk. [Online]. Available: https://openenclave.io/sdk/, 2026

work page 2026
[47]

Guarantee: Introducing control-flow attestation for trusted execution environments

Mathias Morbitzer, Benedikt Kopf, and Philipp Zieris. Guarantee: Introducing control-flow attestation for trusted execution environments. In2023 IEEE 16th In- ternational Conference on Cloud Computing (CLOUD), pages 547–553. IEEE, 2023

work page 2023
[48]

Trustzone explained: Ar- chitectural features and use cases

Bernard Ngabonziza, Daniel Martin, Anna Bailey, Hae- hyun Cho, and Sarah Martin. Trustzone explained: Ar- chitectural features and use cases. In2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), pages 445–451. IEEE, 2016

work page 2016
[49]

To- wards interoperable enclave attestation: Learnings from decades of academic work

Arto Niemi, Sampo Sovio, and Jan-Erik Ekberg. To- wards interoperable enclave attestation: Learnings from decades of academic work. In2022 31st Conference of Open Innovations Association (FRUCT), pages 189–200. IEEE, 2022

work page 2022
[50]

Github - openssl/openssl

openssl. Github - openssl/openssl. [Online]. Available: https://github.com/openssl/openssl, 2026

work page 2026
[51]

Vulnerabilities

OpenSSL Library. Vulnerabilities. https://openssl- library.org/news/vulnerabilities/. Accessed 2026-04-29

work page 2026
[52]

Universal remote attestation for cloud and edge platforms

Simon Ott, Monika Kamhuber, Joana Pecholt, and Sascha Wessel. Universal remote attestation for cloud and edge platforms. InProceedings of the 18th In- ternational Conference on Availability, Reliability and Security, pages 1–11, 2023

work page 2023
[53]

Github - phala-network/dcap- qvl

Phala-Network. Github - phala-network/dcap- qvl. [Online]. Available: https://github.com/ Phala-Network/dcap-qvl, 2026

work page 2026
[54]

J. Powell. Amd sev-snp attestation: Establish- ing trust in guests. [Online]. Available: https: //www.amd.com/content/dam/amd/en/documents/ developer/lss-snp-attestation.pdf, 2022

work page 2022
[55]

Project Veraison (Veraison)

Project Veraison. Project Veraison (Veraison). [On- line]. Available: https://github.com/veraison,

work page
[56]

Webassembly: high speed at low cost for everyone

Andreas Rossberg. Webassembly: high speed at low cost for everyone. InML16: Proceedings of the 2016 ACM SIGPLAN Workshop on ML, 2016

work page 2016
[57]

Architecture overview.Specification Revision, 1:1–24, 2007

TCG Specification. Architecture overview.Specification Revision, 1:1–24, 2007

work page 2007
[58]

Ex- ploring composable network stacks from isolated com- ponents with WebAssembly and QUIC

Benedikt Spies, Christian Obermaier, and Jörg Ott. Ex- ploring composable network stacks from isolated com- ponents with WebAssembly and QUIC. InNOMS 2025- 2025 IEEE Network Operations and Management Sym- posium, pages 1–7. IEEE, 2025

work page 2025
[59]

Parseval: Evalu- ation of parsing behavior using real-world out-in-the- wild X.509 certificates

Stefan Tatschner, Sebastian N Peters, Michael P Heinl, Tobias Specht, and Thomas Newe. Parseval: Evalu- ation of parsing behavior using real-world out-in-the- wild X.509 certificates. InProceedings of the 19th In- ternational Conference on Availability, Reliability and Security, pages 1–9, 2024

work page 2024
[60]

Shaw, and Thomas Fossati

Hannes Tschofenig, Simon Frost, Mathias Brossard, Adrian L. Shaw, and Thomas Fossati. Arm’s Platform Security Architecture (PSA) Attestation Token. RFC 9783, June 2025. URL: https://www.rfc-editor. org/info/rfc9783,doi:10.17487/RFC9783

work page doi:10.17487/rfc9783 2025
[61]

Github - wacker-dev/waki: Http client and server library for wasi

wacker-dev. Github - wacker-dev/waki: Http client and server library for wasi. [Online]. Available: https: //github.com/wacker-dev/waki, 2024

work page 2024
[62]

Github - wasm-signatures/wasmsign2: Implementation of the webassembly modules signa- tures

wasm-signatures. Github - wasm-signatures/wasmsign2: Implementation of the webassembly modules signa- tures. [Online]. Available: https://github.com/ wasm-signatures/wasmsign2, 2025

work page 2025
[63]

Github - webassembly/wasi: Web- assembly system interface

WebAssembly. Github - webassembly/wasi: Web- assembly system interface. [Online]. Available: https: //github.com/WebAssembly/WASI, 2025

work page 2025
[64]

Github - webassembly/wasi-crypto: Wasi cryptography api proposal

WebAssembly. Github - webassembly/wasi-crypto: Wasi cryptography api proposal. [Online]. Available: https://github.com/WebAssembly/wasi-crypto, 2026

work page 2026
[65]

Webassembly specification

WebAssembly. Webassembly specification. [Online]. Available: https://webassembly.github.io/spec/ core/, 2026

work page 2026
[66]

Wasi: Web- assembly system interface

WebAssembly System Interface Subgroup. Wasi: Web- assembly system interface. [Online]. Available: https: //wasi.dev/, 2024

work page 2024
[67]

Platform-agnostic remote attestation with webassembly components

Wentao Xie. Platform-agnostic remote attestation with webassembly components. Master’s thesis, Aalto Uni- versity, 2025

work page 2025
[68]

Research on Web- assembly runtimes: A survey.ACM Transactions on Software Engineering and Methodology, 34(8):1–47, 2025

Yixuan Zhang, Mugeng Liu, Haoyu Wang, Yun Ma, Gang Huang, and Xuanzhe Liu. Research on Web- assembly runtimes: A survey.ACM Transactions on Software Engineering and Methodology, 34(8):1–47, 2025. 18

work page 2025