Designing Trustworthy Layered Attestations
This work provides a method for improving the reliability of system attestations, which is crucial for security and trust in remote interactions, particularly for systems relying on network access control, security management, and trusted execution environments.
This paper addresses the problem of unreliable shallow attestations by constructing layered attestations that report evidence about successive components of a target system. The authors demonstrate a system based on widely available hardware and software, achieving trustworthy attestations with a negligible performance burden of approximately 1.3 percent.
Attestation means providing evidence that a remote target system is worthy of trust for some sensitive interaction. Although attestation is already used in network access control, security management, and trusted execution environments, it mainly concerns only a few system components. A clever adversary might manipulate these shallow attestations to mislead the relying party. Reliable attestations require layering. We construct attestations whose layers report evidence about successive components of the target system. Reliability also requires structuring the target system so only a limited set of components matters. We show how to structure an example system for reliable attestations despite a well-defined, relatively strong adversary. It is based on widely available hardware, such as Trusted Platform Modules, and software, such as Linux with SELinux. We isolate our principles in a few maxims that guide system development. We provide a cogent analysis of our mechanisms against our adversary model, as well as an empirical appraisal of the resulting system. We also identify two improvements to the mechanisms so attestation can succeed against strengthened adversaries. The performance burden of our attestation is negligible, circa 1.3 percent. After our first example, we vary our application level, and then also its underlying hardware anchor to use confidential computing with AMD's SEV-SNP. The same maxims help us achieve trustworthy attestations.