Binary verification faces a fundamental trade-off between openness and trustworthiness. Method: This paper proposes an open-source, auditable trusted binary verification service. It introduces a blockchain-driven crowdsourced task management mechanism that decouples task delegation from trust verification. Verifiers are confined to a minimal trusted computing base (TCB), executed within a trusted execution environment (TEE) to ensure integrity, and combine formal verification with static binary analysis to achieve trustless theorem proving. Contribution/Results: The work achieves the first end-to-end on-chain provenance tracking and publicly verifiable auditability of the entire verification pipeline; reduces the TCB size significantly; and empirically validates the effectiveness of fault isolation and side-channel mitigation strategies. This establishes a novel paradigm for high-assurance binary security analysis under open, collaborative settings.

Binary verification plays a pivotal role in software security, yet building a verification service that is both open and trustworthy poses a formidable challenge. In this paper, we introduce a novel binary verification service, AGORA, scrupulously designed to overcome the challenge. At the heart of this approach lies a strategic insight: certain tasks can be delegated to untrusted entities, while the corresponding validators are securely housed within the trusted computing base (TCB). AGORA can validate untrusted assertions generated for versatile policies. Through a novel blockchain-based bounty task manager, it also utilizes crowdsourcing to remove trust in theorem provers. These synergistic techniques successfully ameliorate the TCB size burden associated with two procedures: binary analysis and theorem proving. The design of AGORA allows untrusted parties to participate in these complex processes. Moreover, based on running the optimized TCB within trusted execution environments and recording the verification process on a blockchain, the public can audit the correctness of verification results. By implementing verification workflows for software-based fault isolation policy and side-channel mitigation, our evaluation demonstrates the efficacy of AGORA.