TapCon: Practical Third-Party Attestation for the Cloud

One way to establish trust in a service is to know what code it is running. However, verified code identity is currently not possible for programs launched on a cloud by another party. We propose an approach to integrate support for code attestation--authenticated statements of code identity--into layered cloud platforms and services. To illustrate, this paper describes TapCon, an attesting container manager that provides source-based attestation and network-based authentication for containers on a trusted cloud platform incorporating new features for code attestation. TapCon allows a third party to verify that an attested container is running specific code bound securely to an identified source repository. We also show how to use attested code identity as a basis for access control. This structure enables new use cases such as joint data mining, in which two data owners agree on a safe analytics program that protects the privacy of their inputs, and then ensure that only the designated program can access their data.

[1]  Andrew C. Myers,et al.  A decentralized model for information flow control , 1997, SOSP.

[2]  Srinath T. V. Setty,et al.  IronFleet: proving practical distributed systems correct , 2015, SOSP.

[3]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[4]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[5]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[6]  Jeffrey S. Chase,et al.  Certificate Linking and Caching for Logical Trust , 2017, ArXiv.

[7]  Emin Gün Sirer,et al.  Logical attestation: an authorization architecture for trustworthy computing , 2011, SOSP.

[8]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[9]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[10]  Thomas Morris,et al.  Trusted Platform Module , 2011, Encyclopedia of Cryptography and Security.

[11]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[12]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[13]  David Zook,et al.  Declarative Reconfigurable Trust Management , 2009, CIDR.

[14]  Danfeng Zhang,et al.  Ironclad Apps: End-to-End Security via Automated Full-System Verification , 2014, OSDI.

[15]  Jeffrey S. Chase,et al.  CQSTR: Securing Cross-Tenant Applications with Cloud Containers , 2016, SoCC.

[16]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[17]  James R. Larus,et al.  Singularity: rethinking the software stack , 2007, OPSR.

[18]  Alfredo Pironti,et al.  Proving the TLS Handshake Secure (as it is) , 2014, IACR Cryptol. ePrint Arch..

[19]  Xin Liu,et al.  Bootstrapping Accountability in the Internet We Have , 2011, NSDI.