This work addresses security challenges in real-time migration of trusted applications (TAs) within trusted execution environments (TEEs), including state integrity violations, replay/rollback attacks, and unauthorized cloning. We propose TALOS, a lightweight framework featuring a TEE-agnostic, verifiable state management mechanism that operates without trusted third parties. Leveraging memory introspection and control-flow graph extraction, TALOS enables continuous verification of both TA state and execution flow during migration. By minimizing trust assumptions, it ensures strong security guarantees in decentralized settings. Evaluated on Intel SGX and RISC-V Keystone platforms, TALOS demonstrates high efficiency and cross-architecture portability, achieving low runtime overhead (<8%) and minimal migration latency (<15 ms). It significantly enhances the security and practicality of TA migration for cross-domain collaborative computing while preserving functional correctness and confidentiality.

Live migration of applications is a fundamental capability for enabling resilient computing in modern distributed systems. However, extending this functionality to trusted applications (TA) -- executing within Trusted Execution Environments (TEEs) -- introduces unique challenges such as secure state preservation, integrity verification, replay and rollback prevention, and mitigation of unauthorized cloning of TAs. We present TALOS, a lightweight framework for verifiable state management and trustworthy application migration. While our implementation is prototyped and evaluated using Intel SGX with the Gramine LibOS and RISC-V Keystone (evidencing the framework's portability across diverse TEEs), its design is agnostic to the underlying TEE architecture. Such agility is a necessity in today's network service mesh (collaborative computing across the continuum) where application workloads must be managed across domain boundaries in a harmonized fashion. TALOS is built around the principle of minimizing trust assumptions: TAs are treated as untrusted until explicitly verified, and the migration process does not rely on a trusted third party. To ensure both the integrity and secure launch of the migrated application, TALOS integrates memory introspection and control-flow graph extraction, enabling robust verification of state continuity and execution flow. Thereby achieving strong security guarantees while maintaining efficiency, making it suitable for decentralized settings.