Karim Eldefrawy

Cryptography, Cybersecurity, Privacy

Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine

Scientific curiosity

Scientific knowledge map · Paper #41

Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems Security

Xavier Carpent, Karim Eldefrawy, Norrathep Rattanavipanon, and Gene Tsudik

2018 · ACM Asia Conference on Computer and Communications Security (AsiaCCS)

  • Theory
  • Applied
  • protocol
  • scheme

What does the paper try to establish?

How can an interruptible integrity computation over mutable memory be made to describe a state that actually existed, without making a real-time embedded device unavailable for the entire computation?

What is the proposed answer?

The paper defines temporal consistency, gives an attestation security game that makes the timing obligation explicit, and develops locking, copying, and inconsistency-detection mechanisms that trade memory availability against the interval for which the result is consistent. Implementations on two embedded boards report under ten-percent overhead for selected mechanisms.

Six dimensions, kept separate

The chart summarizes documented evidence and process. It is not a correctness probability, confidence score, or ranking, and no composite score is calculated.

The visual spider chart requires JavaScript. The complete values and rationales follow in text.

LowMediumHighN/A = not assessed

A smaller value means less documented support for that dimension, not that the paper is false or unimportant.

Epistemic evidence High

The complete paper combines an explicit model and security game, mechanism analysis, two implementations, and detailed experiments; code and independent reproduction were not audited.

Temporal-consistency model, notation, and attestation timing Temporal-consistency security game and adversarial objective Primitive, mechanism, and inconsistency-detection measurements
Auditability High

The author copy is checked in with SHA-256, page count, precise anchors, and an official DOI; implementation and raw measurements are not version-pinned here.

Problem, inconsistency attack, contributions, and claimed scope Official peer-reviewed publication identity
Production provenance Medium

Named authors, venue, DOI, full text, platforms, and methods are documented, while contribution roles, revision history, exact source revision, and experiment lineage remain unaudited.

Official peer-reviewed publication identity seL4-based implementation and experimental setup
External scrutiny Medium

AsiaCCS publication establishes venue scrutiny, but review reports, an artifact evaluation, and independent reproduction were not found.

Official peer-reviewed publication identity
Reception High

OpenAlex reported 21 citations on 2026-07-11; under the author-defined rule, more than 10 located citations is High. Counts do not certify correctness.

Dated citation-count snapshot
Contribution significance High

The paper frames a previously implicit implementation obligation, supplies a reusable definition and mechanism design space, and has documented follow-on attention; priority was not exhaustively audited.

Problem, inconsistency attack, contributions, and claimed scope Dated citation-count snapshot

Assessment: Ai draft author review pending · 2026-07-11 · rubric 0.2. These dimensions describe documented support and process, not truth, correctness, or a universal ranking. No composite score is calculated.

Hierarchical knowledge map

Collapse a branch for a top-level reading, or follow its source links and child nodes to audit the evidence and boundaries underneath it.

paper

Temporal consistency for integrity computations

A definition, attack analysis, mechanism family, and two-platform evaluation for making long-running integrity computations over mutable embedded-system memory correspond to a real state.

Problem, inconsistency attack, contributions, and claimed scope
  1. definition

    Temporal consistency

    defined

    For a sequential function F over memory M, the output must equal F evaluated on all of M at some relevant time, rather than on a patchwork assembled from values observed before and after interrupts.

    Temporal-consistency model, notation, and attestation timing
  2. scope

    System and enforcement assumptions

    explicitly scoped

    The mechanisms assume enforceable page or region permissions, trustworthy measurement code and key handling, and a platform able to mediate writes; the implementation uses seL4 capabilities and page faults on two ARM boards.

    seL4-based implementation and experimental setup
  3. method Consistency mechanism family specified and implemented

    The paper maps different lock and copy schedules to different consistency points, availability costs, and memory overheads.

    All-Lock, decreasing-lock, increasing-lock, and extended variants Copy-lock, writeback, lazy-copy, and non-sequential variants
    1. scheme

      Locking variants

      specified and implemented

      All-Lock freezes all input; Dec-Lock releases blocks after reading and gives start-time consistency; Inc-Lock locks blocks as read and gives end-time consistency. Extended variants hold locks longer to widen the guaranteed interval.

      All-Lock, decreasing-lock, increasing-lock, and extended variants
  4. claim group Principal claims mixed

    The work makes definitional, security-game, mechanism-correctness, and measured-overhead claims whose support types differ.

    Temporal-consistency model, notation, and attestation timing Temporal-consistency security game and adversarial objective Primitive, mechanism, and inconsistency-detection measurements

Source index

Locators state the depth of the current audit. PDF page numbers, where present, are one-based file pages; metadata-, summary-, and abstract-bounded records explicitly identify their limitations.

  1. Problem, inconsistency attack, contributions, and claimed scope Abstract and Section 1, PDF pages 1-2
  2. Temporal-consistency model, notation, and attestation timing Section 3 and Figure 3, PDF page 4
  3. Temporal-consistency security game and adversarial objective Appendix A, PDF pages 13-14
  4. All-Lock, decreasing-lock, increasing-lock, and extended variants Sections 4.1-4.2, PDF page 5
  5. Copy-lock, writeback, lazy-copy, and non-sequential variants Sections 4.3-4.4, PDF pages 5-7
  6. Memory-access violations and inconsistency detection Sections 4.6-4.7, PDF page 7
  7. seL4-based implementation and experimental setup Sections 5.1-5.2, PDF pages 7-8
  8. Primitive, mechanism, and inconsistency-detection measurements Sections 5.3-5.6 and Figures 7-12, PDF pages 8-11
  9. Conclusions and guarantee/performance boundary Section 7, PDF page 12
  10. Official peer-reviewed publication identity AsiaCCS 2018, DOI 10.1145/3196494.3196526
  11. Dated citation-count snapshot OpenAlex reported 21 citing works on 2026-07-11