Maat: A Platform Service for Measurement and Attestation
This addresses the problem of ensuring software trustworthiness for system administrators and security professionals, but it is incremental as it builds on existing M&A technologies.
The paper tackles the challenge of software integrity measurement and attestation by proposing Maat, a centralized platform service that simplifies integration into trust decisions like authentication and network access control.
Software integrity measurement and attestation (M&A) are critical technologies for evaluating the trustworthiness of software platforms. To best support these technologies, next generation systems must provide a centralized service for securely selecting, collecting, and evaluating integrity measurements. Centralization of M&A avoids duplication, minimizes security risks to the system, and ensures correct ad- ministration of integrity policies and systems. This paper details the desirable features and properties of such a system, and introduces Maat, a prototype implementation of an M&A service that meets these properties. Maat is a platform service that provides a centralized policy-driven framework for determining which measurement tools and protocols to use to meet the needs of a given integrity evaluation. Maat simplifies the task of integrating integrity measurements into a range of larger trust decisions such as authentication, network access control, or delegated computations.