skip to main content
research-article
Open Access

Flexible Mechanisms for Remote Attestation

Published:30 September 2021Publication History
Skip Abstract Section

Abstract

Remote attestation consists of generating evidence of a system’s integrity via measurements and reporting the evidence to a remote party for appraisal in a form that can be trusted. The parties that exchange information must agree on formats and protocols. We assert there is a large variety of patterns of interactions among appraisers and attesters of interest. Therefore, it is important to standardize on flexible mechanisms for remote attestation. We make our case by describing scenarios that require the exchange of evidence among multiple parties using a variety of message passing patterns. We show cases in which changes in the order of evidence collection result in important differences to what can be inferred by an appraiser. We argue that adding the ability to negotiate the appropriate kind of attestation allows for remote attestations that better adapt to a dynamically changing environment. Finally, we suggest a language-based solution to taming the complexity of specifying and negotiating attestation procedures.

References

  1. George Coker, Joshua Guttman, Peter Loscocco, Amy Herzog, Jonathan Millen, Brian O’Hanlon, John Ramsdell, Ariel Segall, Justin Sheehy, and Brian Sniffen. 2011. Principles of remote attestation. International Journal of Information Security 10, 2 (June 2011), 63–81.Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. George S. Coker, Joshua D. Guttman, Peter A. Loscocco, Justin Sheehy, and Brian T. Sniffen. 2008. Attestation: Evidence and trust. In Information and Communications Security, Lecture Notes in Computer Science, Vol. 5308. Springer, 1–18.Google ScholarGoogle Scholar
  3. C. Fisher, D. Bukovick, R. Bourquin, and R. Dobry. 2012. SAMSON—Secure Authentication Modules. General Dynamics C4S. Retrieved August 9, 2021 from https://sourceforge.net/p/secureauthentic/wiki/Home/.Google ScholarGoogle Scholar
  4. Vivek Haldar, Deepak Chandra, and Michael Franz. 2004. Semantic remote attestation—A virtual machine directed approach to trusted computing. In Proceedings of the USENIX Virtual Machine Research and Technology Symposium.Google ScholarGoogle Scholar
  5. IBM. 2015. OpenAttestation (OAT) Project. Retrieved August 9, 2021 from https://wiki.openstack.org/wiki/ OpenAttestation.Google ScholarGoogle Scholar
  6. Gerwin Klein, June Andronick, Kevin Elphinstone, Gernot Heiser, David Cock, Philip Derrin, Dhammika Elkaduwe, et al. 2010. seL4: Formal verification of an operating-system kernel. Communications of the ACM 53, 6 (2010), 107–115. DOI:https://doi.org/10.1145/1743546.1743574Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Ramana Kumar, Magnus O. Myreen, Michael Norrish, and Scott Owens. 2014. CakeML: A verified implementation of ML. In Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’14). ACM, New York, NY, 179–191. DOI:https://doi.org/10.1145/2535838.2535841Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Peter A. Loscocco, Perry W. Wilson, J. Aaron Pendergrass, and C. Durward McDonell. 2007. Linux kernel integrity measurement using contextual inspection. In Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (STC’07). ACM, New York, NY, 21–29. DOI:https://doi.org/10.1145/1314354.1314362Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Maughan, M. Schertler, Schneider M., and J. Turner. 1998. Internet Security Association and Key Management Protocol RFC 2048 (ISAKMP). Technical Report. The Internet Engineering Task Force of the Internet Society.Google ScholarGoogle Scholar
  10. J. Aaron Pendergrass, Sarah Helble, John Clemens, and Peter Loscocco. 2018. A platform service for remote integrity measurement and attestation. In Proceedings of the 2018 IEEE Military Communications Conference (MILCOM’18). IEEE, Los Alamitos, CA.Google ScholarGoogle ScholarCross RefCross Ref
  11. J. A. Pendergrass, N. Hull, J. Clemens, S. C. Helble, M. Thober, K. McGill, M. Gregory, and P. Loscocco. 2019. Runtime detection of userspace implants. In Proceedings of the 2019 IEEE Military Communications Conference (MILCOM’19). IEEE, Los Alamitos, CA, 1–6.Google ScholarGoogle Scholar
  12. A. Petz and P. Alexander. 2019. A Copland attestation manager. In Proceedings of the 6th Annual Symposium on Hot Topics in Science of Security (HoTSoS’19). ACM, New York, NY.Google ScholarGoogle Scholar
  13. A. Petz and P. Alexander. 2021. An infrastructure for faithful execution of remote attestation protocols. In Proceedings of the NASA Formal Methods Symposium (NFM’21). 268–286.Google ScholarGoogle Scholar
  14. J. Ramsdell, P. D. Rowe, P. Alexander, S. Helble, P. Loscocco, J. A. Pendergrass, and A. Petz. 2019. Orchestrating layered attestations. In Principles of Security and Trust (POST’19). Lecture Notes in Computer Science, Vol. 7871. Springer, 197–221.Google ScholarGoogle Scholar
  15. Paul D. Rowe. 2016a. Bundling evidence for layered attestation. In Trust and Trustworthy Computing. Springer International Publishing, Cham, Switzerland, 119–139.Google ScholarGoogle Scholar
  16. P. D. Rowe. 2016b. Confining adversary actions via measurement. In Graphical Models for Security (CraMSec’16). Lecture Notes in Computer Science, Vol. 9987. Springer, 150–166.Google ScholarGoogle Scholar
  17. Omar Sefraoui, Mohammed Aissaoui, and Mohsine Eleuldj. 2012. OpenStack: Toward an open-source solution for cloud computing. International Journal of Computer Applications 55, 3 (2012), 38–42.Google ScholarGoogle ScholarCross RefCross Ref
  18. TCG. 2012. TNC Architecture for Interoperability version 1.5 (1.5 ed.). Trusted Computing Group.Google ScholarGoogle Scholar

Index Terms

  1. Flexible Mechanisms for Remote Attestation

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Privacy and Security
        ACM Transactions on Privacy and Security  Volume 24, Issue 4
        November 2021
        295 pages
        ISSN:2471-2566
        EISSN:2471-2574
        DOI:10.1145/3476876
        Issue’s Table of Contents

        Copyright © 2021 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 30 September 2021
        • Accepted: 1 June 2021
        • Revised: 1 April 2021
        • Received: 1 October 2020
        Published in tops Volume 24, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!