EXIA: Trusted Transitions for Enclaves via External-Input Attestation
Zhen Huang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Systems Security
This talk presents **EXIA (External-Input Attestation)**, a lightweight framework that extends trusted execution environment (TEE) security guarantees from launch-time to runtime by measuring all external inputs to an enclave. Rather than attempting to track complex internal control flows or data flows -- which requires massive pre-computed evidence databases -- EXIA focuses exclusively on **monitoring all writes to the enclave from external sources**. By cryptographically chaining every input measurement, the system converts runtime integrity attacks (memory corruption, control-flow hijacking, data-only attacks) from silent exploitation into **detectable verification failures**.
AI review
A well-designed framework that extends TEE attestation from launch-time to runtime by measuring all external inputs instead of tracking internal control flows. The insight that monitoring enclave inputs is sufficient for runtime integrity is sound, and the 2.4% overhead is practical. However, this is defensive infrastructure work -- no new attacks, no exploitation techniques -- and the proxy presentation limits technical depth. The RISC-V implementation lacking interrupt support is a notable limitation.