Remote Attestation for Custom-built Software

Abstract

With trusted computing technology, we can build trust relations between computing platforms distributed on network. But current methods which are merely based on the integrity of components to justify the dependability of remote runtime environment, are hard to adapt today’s Internet full of heterogeneous platforms due to the scalability of measurement list. Especially when verifying open source software, this shortcoming is more obvious for the reason that all possible custom-built versions have to be considered. To solve this problem, we extended existing method to limit the size of measurement list by attesting the building process of custom-built software.