Principles of remote attestation

Remote attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to be derived from several claims; and (v) the underlying attestation mechanism must be trustworthy. We illustrate how to acquire evidence from a running system, and how to transport it via protocols to remote appraisers. We propose an architecture for attestation guided by these principles. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.

[1]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[2]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[3]  Joshua D. Guttman,et al.  Analysis of a Measured Launch , 2007 .

[4]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[5]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[6]  Joshua D. Guttman Authentication tests and disjoint encryption: A design method for security protocols , 2004, J. Comput. Secur..

[7]  J. Aaron Pendergrass,et al.  Linux kernel integrity measurement using contextual inspection , 2007, STC '07.

[8]  Michiharu Kudo,et al.  Layering negotiations for flexible attestation , 2006, STC '06.

[9]  Kenneth L. McMillan,et al.  The SMV System , 1993 .

[10]  Joshua D. Guttman,et al.  Trust Management in Strand Spaces: A Rely-Guarantee Method , 2004, ESOP.

[11]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[12]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[13]  Michael Franz,et al.  Awarded Best Paper! Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing , 2004, Virtual Machine Research and Technology Symposium.

[14]  Ulrich Kühn,et al.  Realizing property-based attestation and sealing with commonly available hard- and software , 2007, STC '07.

[15]  Intel ® Trusted Execution Technology ( Intel ® TXT ) , .

[16]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[17]  Ahmad-Reza Sadeghi,et al.  Property-Based TPM Virtualization , 2008, ISC.

[18]  Natarajan Shankar,et al.  The SAL Language Manual , 2003 .

[19]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[20]  Joshua D. Guttman,et al.  Call by Contract for Cryptographic Protocols , 2006 .

[21]  Vijay Varadharajan,et al.  Trust management for trusted computing platforms in web services , 2007, STC '07.

[22]  Joshua D. Guttman,et al.  Programming Cryptographic Protocols , 2005, TGC.

[23]  Srinivas Devadas,et al.  Offline untrusted storage with immediate detection of forking and replay attacks , 2007, STC '07.

[24]  Ahmad-Reza Sadeghi,et al.  A protocol for property-based attestation , 2006, STC '06.

[25]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[26]  Joshua D. Guttman,et al.  Searching for Shapes in Cryptographic Protocols , 2007, TACAS.

[27]  Jonathan A. Poritz,et al.  Trust[ed | in] computing, signed code and the heat death of the internet , 2006 .

[28]  Robert H. Deng,et al.  Remote attestation on program execution , 2008, STC '08.

[29]  Frederik Armknecht,et al.  An efficient implementation of trusted channels based on openssl , 2008, STC '08.

[30]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[31]  Bart Preneel,et al.  Remote attestation on legacy operating systems with trusted platform modules , 2008, Sci. Comput. Program..

[32]  Emin Gün Sirer,et al.  Nexus: a new operating system for trustworthy computing , 2005, SOSP '05.

[33]  J. Aaron Pendergrass,et al.  Improving coherency of runtime integrity measurement , 2008, STC '08.

[34]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .