Abstract
Remote attestation consists of generating evidence of a system’s integrity via measurements and reporting the evidence to a remote party for appraisal in a form that can be trusted. The parties that exchange information must agree on formats and protocols. We assert there is a large variety of patterns of interactions among appraisers and attesters of interest. Therefore, it is important to standardize on flexible mechanisms for remote attestation. We make our case by describing scenarios that require the exchange of evidence among multiple parties using a variety of message passing patterns. We show cases in which changes in the order of evidence collection result in important differences to what can be inferred by an appraiser. We argue that adding the ability to negotiate the appropriate kind of attestation allows for remote attestations that better adapt to a dynamically changing environment. Finally, we suggest a language-based solution to taming the complexity of specifying and negotiating attestation procedures.
- George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Brian O’Hanlon, John Ramsdell, Ariel Segall, Justin Sheehy, and Brian Sniffen. 2011. Principles of remote attestation. International Journal of Information Security 10, 2 (June 2011), 63–81.Google Scholar
Digital Library
- George S. Coker, Joshua D. Guttman, Peter A. Loscocco, Justin Sheehy, and Brian T. Sniffen. 2008. Attestation: Evidence and trust. In Information and Communications Security, Lecture Notes in Computer Science, Vol. 5308. Springer, 1–18.Google Scholar
- C. Fisher, D. Bukovick, R. Bourquin, and R. Dobry. 2012. SAMSON—Secure Authentication Modules. General Dynamics C4S. Retrieved August 9, 2021 from https://sourceforge.net/p/secureauthentic/wiki/Home/.Google Scholar
- Vivek Haldar, Deepak Chandra, and Michael Franz. 2004. Semantic remote attestation—A virtual machine directed approach to trusted computing. In Proceedings of the USENIX Virtual Machine Research and Technology Symposium.Google Scholar
- IBM. 2015. OpenAttestation (OAT) Project. Retrieved August 9, 2021 from https://wiki.openstack.org/wiki/ OpenAttestation.Google Scholar
- Gerwin Klein, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe, et al. 2010. seL4: Formal verification of an operating-system kernel. Communications of the ACM 53, 6 (2010), 107–115. DOI:https://doi.org/10.1145/1743546.1743574Google Scholar
Digital Library
- Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A verified implementation of ML. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’14). ACM, New York, NY, 179–191. DOI:https://doi.org/10.1145/2535838.2535841Google Scholar
Digital Library
- Peter A. Loscocco, Perry W. Wilson, J. Aaron Pendergrass, and C. Durward McDonell. 2007. Linux kernel integrity measurement using contextual inspection. In Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (STC’07). ACM, New York, NY, 21–29. DOI:https://doi.org/10.1145/1314354.1314362Google Scholar
Digital Library
- D. Maughan, M. Schertler, Schneider M., and J. Turner. 1998. Internet Security Association and Key Management Protocol RFC 2048 (ISAKMP). Technical Report. The Internet Engineering Task Force of the Internet Society.Google Scholar
- J. Aaron Pendergrass, Sarah Helble, John Clemens, and Peter Loscocco. 2018. A platform service for remote integrity measurement and attestation. In Proceedings of the 2018 IEEE Military Communications Conference (MILCOM’18). IEEE, Los Alamitos, CA.Google Scholar
Cross Ref
- J. A. Pendergrass, N. Hull, J. Clemens, S. C. Helble, M. Thober, K. McGill, M. Gregory, and P. Loscocco. 2019. Runtime detection of userspace implants. In Proceedings of the 2019 IEEE Military Communications Conference (MILCOM’19). IEEE, Los Alamitos, CA, 1–6.Google Scholar
- A. Petz and P. Alexander. 2019. A Copland attestation manager. In Proceedings of the 6th Annual Symposium on Hot Topics in Science of Security (HoTSoS’19). ACM, New York, NY.Google Scholar
- A. Petz and P. Alexander. 2021. An infrastructure for faithful execution of remote attestation protocols. In Proceedings of the NASA Formal Methods Symposium (NFM’21). 268–286.Google Scholar
- J. Ramsdell, P. D. Rowe, P. Alexander, S. Helble, P. Loscocco, J. A. Pendergrass, and A. Petz. 2019. Orchestrating layered attestations. In Principles of Security and Trust (POST’19). Lecture Notes in Computer Science, Vol. 7871. Springer, 197–221.Google Scholar
- Paul D. Rowe. 2016a. Bundling evidence for layered attestation. In Trust and Trustworthy Computing. Springer International Publishing, Cham, Switzerland, 119–139.Google Scholar
- P. D. Rowe. 2016b. Confining adversary actions via measurement. In Graphical Models for Security (CraMSec’16). Lecture Notes in Computer Science, Vol. 9987. Springer, 150–166.Google Scholar
- Omar Sefraoui, Mohammed Aissaoui, and Mohsine Eleuldj. 2012. OpenStack: Toward an open-source solution for cloud computing. International Journal of Computer Applications 55, 3 (2012), 38–42.Google Scholar
Cross Ref
- TCG. 2012. TNC Architecture for Interoperability version 1.5 (1.5 ed.). Trusted Computing Group.Google Scholar
Index Terms
Flexible Mechanisms for Remote Attestation
Recommendations
Analysis of existing remote attestation techniques
This paper has been written as a part of the research project that is working towards the implementation of dynamic behavioral attestation for mobile platforms. The motivation behind this paper was to analyze the existing remote attestation techniques ...
Establishing Secure Communication Channels Using Remote Attestation with TPM 2.0
Security and Trust ManagementAbstractRemote attestation allows a verifier to remotely check the integrity of a trusted computing platform. In recent years a number of attestation protocols based on Trusted Platform Modules (TPMs) have been proposed. These protocols cryptographically ...
Improving the scalability of platform attestation
STC '08: Proceedings of the 3rd ACM workshop on Scalable trusted computingIn the process of platform attestation, a Trusted Platform Module is a performance bottleneck, which causes enormous delays if multiple simultaneously attestation requests arrive in a short period of time. In this paper we show how the scalability of ...






Comments