Universal Remote Attestation for Cloud and Edge Platforms ott2023universal
With more computing workloads being shifted to the cloud, verifying the integrity of remote software stacks through remote attestation becomes an increasingly important topic. During remote attestation, a prover provides attestation evidence to a verifier, backed by a hardware trust anchor. While generating this information, which is essentially a list of hashes, is easy, examining the trustworthiness of the overall platform based on the provided list of hashes without context is difficult. Furthermore, as different trust anchors use different formats, interaction between devices using different attestation technologies is a complex problem. To address this problem, we propose a universal, hardware-agnostic device-identity and attestation framework. Our framework focuses on easing attestation by having provers present meaningful metadata to verify the integrity of the attestation evidence. We implemented and evaluated the framework for Trusted Platform Modules (TPM), AMD SEV-SNP attestation, and ARM PSA Entity Attestation Tokens (EATs).
Universal Remote Attestation for Cloud and Edge Platforms ott2023universal
ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
Authors: | Simon Ott, Monika Kamhuber, Joana Pecholt, and Sascha Wessel |
Year/month: | 2023/ |
Booktitle: | ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security |
Pages: | 1 - 11 |
Fulltext: | click here |
Abstract |
|
With more computing workloads being shifted to the cloud, verifying the integrity of remote software stacks through remote attestation becomes an increasingly important topic. During remote attestation, a prover provides attestation evidence to a verifier, backed by a hardware trust anchor. While generating this information, which is essentially a list of hashes, is easy, examining the trustworthiness of the overall platform based on the provided list of hashes without context is difficult. Furthermore, as different trust anchors use different formats, interaction between devices using different attestation technologies is a complex problem. To address this problem, we propose a universal, hardware-agnostic device-identity and attestation framework. Our framework focuses on easing attestation by having provers present meaningful metadata to verify the integrity of the attestation evidence. We implemented and evaluated the framework for Trusted Platform Modules (TPM), AMD SEV-SNP attestation, and ARM PSA Entity Attestation Tokens (EATs). |
Bibtex:
@inproceedings {author = { Simon Ott and Monika Kamhuber and Joana Pecholt and Sascha Wessel},
title = { Universal Remote Attestation for Cloud and Edge Platforms ott2023universal },
year = { 2023 },
booktitle = { ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security },
pages = { 1 - 11 },
url = { https://doi.org/10.1145/3600160.3600171 },
}