English

Reinforcing Secure Live Migration through Verifiable State Management

Cryptography and Security 2025-09-08 v1

Abstract

Live migration of applications is a fundamental capability for enabling resilient computing in modern distributed systems. However, extending this functionality to trusted applications (TA) -- executing within Trusted Execution Environments (TEEs) -- introduces unique challenges such as secure state preservation, integrity verification, replay and rollback prevention, and mitigation of unauthorized cloning of TAs. We present TALOS, a lightweight framework for verifiable state management and trustworthy application migration. While our implementation is prototyped and evaluated using Intel SGX with the Gramine LibOS and RISC-V Keystone (evidencing the framework's portability across diverse TEEs), its design is agnostic to the underlying TEE architecture. Such agility is a necessity in today's network service mesh (collaborative computing across the continuum) where application workloads must be managed across domain boundaries in a harmonized fashion. TALOS is built around the principle of minimizing trust assumptions: TAs are treated as untrusted until explicitly verified, and the migration process does not rely on a trusted third party. To ensure both the integrity and secure launch of the migrated application, TALOS integrates memory introspection and control-flow graph extraction, enabling robust verification of state continuity and execution flow. Thereby achieving strong security guarantees while maintaining efficiency, making it suitable for decentralized settings.

Keywords

Cite

@article{arxiv.2509.05150,
  title  = {Reinforcing Secure Live Migration through Verifiable State Management},
  author = {Stefanos Vasileaidis and Thanassis Giannetsos and Matthias Schunter and Bruno Crispo},
  journal= {arXiv preprint arXiv:2509.05150},
  year   = {2025}
}
R2 v1 2026-07-01T05:23:13.847Z