Universal Remote Attestation for Cloud and Edge Platforms

Proceedings of the 18th International Conference on Availability, Reliability and Security Pub Date : 2023-08-29 DOI:10.1145/3600160.3600171

Simon Ott, Monika Kamhuber, Joana Pecholt, Sascha Wessel

{"title":"Universal Remote Attestation for Cloud and Edge Platforms","authors":"Simon Ott, Monika Kamhuber, Joana Pecholt, Sascha Wessel","doi":"10.1145/3600160.3600171","DOIUrl":null,"url":null,"abstract":"With more computing workloads being shifted to the cloud, verifying the integrity of remote software stacks through remote attestation becomes an increasingly important topic. During remote attestation, a prover provides attestation evidence to a verifier, backed by a hardware trust anchor. While generating this information, which is essentially a list of hashes, is easy, examining the trustworthiness of the overall platform based on the provided list of hashes without context is difficult. Furthermore, as different trust anchors use different formats, interaction between devices using different attestation technologies is a complex problem. To address this problem, we propose a universal, hardware-agnostic device-identity and attestation framework. Our framework focuses on easing attestation by having provers present meaningful metadata to verify the integrity of the attestation evidence. We implemented and evaluated the framework for Trusted Platform Modules (TPM), AMD SEV-SNP attestation, and ARM PSA Entity Attestation Tokens (EATs).","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3600171","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

With more computing workloads being shifted to the cloud, verifying the integrity of remote software stacks through remote attestation becomes an increasingly important topic. During remote attestation, a prover provides attestation evidence to a verifier, backed by a hardware trust anchor. While generating this information, which is essentially a list of hashes, is easy, examining the trustworthiness of the overall platform based on the provided list of hashes without context is difficult. Furthermore, as different trust anchors use different formats, interaction between devices using different attestation technologies is a complex problem. To address this problem, we propose a universal, hardware-agnostic device-identity and attestation framework. Our framework focuses on easing attestation by having provers present meaningful metadata to verify the integrity of the attestation evidence. We implemented and evaluated the framework for Trusted Platform Modules (TPM), AMD SEV-SNP attestation, and ARM PSA Entity Attestation Tokens (EATs).

查看原文本刊更多论文

用于云和边缘平台的通用远程认证

随着越来越多的计算工作负载转移到云端，通过远程认证验证远程软件堆栈的完整性成为一个越来越重要的主题。在远程认证期间，证明者向验证者提供由硬件信任锚支持的认证证据。虽然生成这些信息(本质上是一个哈希列表)很容易，但基于所提供的没有上下文的哈希列表检查整个平台的可信度却很困难。此外，由于不同的信任锚使用不同的格式，使用不同认证技术的设备之间的交互是一个复杂的问题。为了解决这个问题，我们提出了一个通用的、与硬件无关的设备身份和认证框架。我们的框架侧重于通过让证明者提供有意义的元数据来验证证明证据的完整性，从而简化证明过程。我们实现并评估了可信平台模块(TPM)、AMD SEV-SNP认证和ARM PSA实体认证令牌(EATs)的框架。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 18th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量