research-article

Open access

Flexible Mechanisms for Remote Attestation

Authors:

Sarah C. Helble,

Peter A. Loscocco,

John D. Ramsdell,

Paul D. Rowe, and

Perry AlexanderAuthors Info & Claims

ACM Transactions on Privacy and Security (TOPS), Volume 24, Issue 4

Article No.: 29, Pages 1 - 23

https://doi.org/10.1145/3470535

Published: 30 September 2021 Publication History

All formats PDF

Abstract

Remote attestation consists of generating evidence of a system’s integrity via measurements and reporting the evidence to a remote party for appraisal in a form that can be trusted. The parties that exchange information must agree on formats and protocols. We assert there is a large variety of patterns of interactions among appraisers and attesters of interest. Therefore, it is important to standardize on flexible mechanisms for remote attestation. We make our case by describing scenarios that require the exchange of evidence among multiple parties using a variety of message passing patterns. We show cases in which changes in the order of evidence collection result in important differences to what can be inferred by an appraiser. We argue that adding the ability to negotiate the appropriate kind of attestation allows for remote attestations that better adapt to a dynamically changing environment. Finally, we suggest a language-based solution to taming the complexity of specifying and negotiating attestation procedures.

References

[1]

George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Brian O’Hanlon, John Ramsdell, Ariel Segall, Justin Sheehy, and Brian Sniffen. 2011. Principles of remote attestation. International Journal of Information Security 10, 2 (June 2011), 63–81.

Digital Library

[2]

George S. Coker, Joshua D. Guttman, Peter A. Loscocco, Justin Sheehy, and Brian T. Sniffen. 2008. Attestation: Evidence and trust. In Information and Communications Security, Lecture Notes in Computer Science, Vol. 5308. Springer, 1–18.

[3]

C. Fisher, D. Bukovick, R. Bourquin, and R. Dobry. 2012. SAMSON—Secure Authentication Modules. General Dynamics C4S. Retrieved August 9, 2021 from https://sourceforge.net/p/secureauthentic/wiki/Home/.

[4]

Vivek Haldar, Deepak Chandra, and Michael Franz. 2004. Semantic remote attestation—A virtual machine directed approach to trusted computing. In Proceedings of the USENIX Virtual Machine Research and Technology Symposium.

[5]

IBM. 2015. OpenAttestation (OAT) Project. Retrieved August 9, 2021 from https://wiki.openstack.org/wiki/ OpenAttestation.

[6]

Gerwin Klein, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe, et al. 2010. seL4: Formal verification of an operating-system kernel. Communications of the ACM 53, 6 (2010), 107–115.

Digital Library

[7]

Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A verified implementation of ML. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’14). ACM, New York, NY, 179–191.

Digital Library

[8]

Peter A. Loscocco, Perry W. Wilson, J. Aaron Pendergrass, and C. Durward McDonell. 2007. Linux kernel integrity measurement using contextual inspection. In Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (STC’07). ACM, New York, NY, 21–29.

Digital Library

[9]

D. Maughan, M. Schertler, Schneider M., and J. Turner. 1998. Internet Security Association and Key Management Protocol RFC 2048 (ISAKMP). Technical Report. The Internet Engineering Task Force of the Internet Society.

[10]

J. Aaron Pendergrass, Sarah Helble, John Clemens, and Peter Loscocco. 2018. A platform service for remote integrity measurement and attestation. In Proceedings of the 2018 IEEE Military Communications Conference (MILCOM’18). IEEE, Los Alamitos, CA.

[11]

J. A. Pendergrass, N. Hull, J. Clemens, S. C. Helble, M. Thober, K. McGill, M. Gregory, and P. Loscocco. 2019. Runtime detection of userspace implants. In Proceedings of the 2019 IEEE Military Communications Conference (MILCOM’19). IEEE, Los Alamitos, CA, 1–6.

[12]

A. Petz and P. Alexander. 2019. A Copland attestation manager. In Proceedings of the 6th Annual Symposium on Hot Topics in Science of Security (HoTSoS’19). ACM, New York, NY.

[13]

A. Petz and P. Alexander. 2021. An infrastructure for faithful execution of remote attestation protocols. In Proceedings of the NASA Formal Methods Symposium (NFM’21). 268–286.

[14]

J. Ramsdell, P. D. Rowe, P. Alexander, S. Helble, P. Loscocco, J. A. Pendergrass, and A. Petz. 2019. Orchestrating layered attestations. In Principles of Security and Trust (POST’19). Lecture Notes in Computer Science, Vol. 7871. Springer, 197–221.

[15]

Paul D. Rowe. 2016a. Bundling evidence for layered attestation. In Trust and Trustworthy Computing. Springer International Publishing, Cham, Switzerland, 119–139.

[16]

P. D. Rowe. 2016b. Confining adversary actions via measurement. In Graphical Models for Security (CraMSec’16). Lecture Notes in Computer Science, Vol. 9987. Springer, 150–166.

[17]

Omar Sefraoui, Mohammed Aissaoui, and Mohsine Eleuldj. 2012. OpenStack: Toward an open-source solution for cloud computing. International Journal of Computer Applications 55, 3 (2012), 38–42.

[18]

TCG. 2012. TNC Architecture for Interoperability version 1.5 (1.5 ed.). Trusted Computing Group.

Cited By

Ott SKamhuber MPecholt JWessel S(2023)Universal Remote Attestation for Cloud and Edge PlatformsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600171(1-11)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600171
Galanou ABindlish KPreibsch LPignolet YFetzer CKapitza R(2023)Trustworthy confidential virtual machines for the massesProceedings of the 24th International Middleware Conference10.1145/3590140.3629124(316-328)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629124
Khurshid ARaza S(2023)AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assuranceComputers & Security10.1016/j.cose.2022.102952124(102952)Online publication date: Jan-2023
https://doi.org/10.1016/j.cose.2022.102952
Show More Cited By

Index Terms

Flexible Mechanisms for Remote Attestation
1. Security and privacy
  1. Systems security
    1. Distributed systems security
    2. Operating systems security
      1. Trusted computing

Recommendations

Improving the scalability of platform attestation
STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computing

In the process of platform attestation, a Trusted Platform Module is a performance bottleneck, which causes enormous delays if multiple simultaneously attestation requests arrive in a short period of time. In this paper we show how the scalability of ...
Read More
Analysis of existing remote attestation techniques

This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Read More
Establishing Secure Communication Channels Using Remote Attestation with TPM 2.0
Security and Trust Management
Abstract
Remote attestation allows a verifier to remotely check the integrity of a trusted computing platform. In recent years a number of attestation protocols based on Trusted Platform Modules (TPMs) have been proposed. These protocols cryptographically ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Privacy and Security

ACM Transactions on Privacy and Security Volume 24, Issue 4

November 2021

295 pages

ISSN:2471-2566

EISSN:2471-2574

DOI:10.1145/3476876

Editor:
Ninghui Li
Purdue University, USA

Issue’s Table of Contents

Copyright © 2021 ACM.

© 2021 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 September 2021

Accepted: 01 June 2021

Revised: 01 April 2021

Received: 01 October 2020

Published in TOPS Volume 24, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

NSA Science of Security Initiative
DARPA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
1,106
Total Downloads

Downloads (Last 12 months)355
Downloads (Last 6 weeks)31

Other Metrics

View Author Metrics

Citations

Cited By

Ott SKamhuber MPecholt JWessel S(2023)Universal Remote Attestation for Cloud and Edge PlatformsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600171(1-11)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600171
Galanou ABindlish KPreibsch LPignolet YFetzer CKapitza R(2023)Trustworthy confidential virtual machines for the massesProceedings of the 24th International Middleware Conference10.1145/3590140.3629124(316-328)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629124
Khurshid ARaza S(2023)AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assuranceComputers & Security10.1016/j.cose.2022.102952124(102952)Online publication date: Jan-2023
https://doi.org/10.1016/j.cose.2022.102952
Petz AAlexander P(2023)Formally verified bundling and appraisal of evidence for layered attestationsInnovations in Systems and Software Engineering10.1007/s11334-022-00475-119:4(411-426)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s11334-022-00475-1
Fritz AAlexander P(2023)A Framework for Policy Based NegotiationNASA Formal Methods10.1007/978-3-031-33170-1_13(207-223)Online publication date: 16-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-33170-1_13
King GWang H(2023)HTTPA/2: A Trusted End-to-End Protocol for Web ServicesAdvances in Information and Communication10.1007/978-3-031-28073-3_55(824-848)Online publication date: 2-Mar-2023
https://doi.org/10.1007/978-3-031-28073-3_55
Niemi ASovio SEkberg J(2022)Towards Interoperable Enclave Attestation: Learnings from Decades of Academic Work2022 31st Conference of Open Innovations Association (FRUCT)10.23919/FRUCT54823.2022.9770907(189-200)Online publication date: 27-Apr-2022
https://doi.org/10.23919/FRUCT54823.2022.9770907
Sultana NShands DYegneswaran V(2022)A case for remote attestation in programmable dataplanesProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564100(122-129)Online publication date: 14-Nov-2022
https://dl.acm.org/doi/10.1145/3563766.3564100
Guanciale RPaladi NVahidi A(2022)SoK: Confidential Quartet - Comparison of Platforms for Virtualization-Based Confidential Computing2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00017(109-120)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00017
Rowe P(2021)On Orderings in Security ModelsProtocols, Strands, and Logic10.1007/978-3-030-91631-2_21(370-393)Online publication date: 19-Nov-2021
https://doi.org/10.1007/978-3-030-91631-2_21

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents