Visible to the public An Infrastructure for Faithful Execution of Remote Attestation ProtocolsConflict Detection Enabled

TitleAn Infrastructure for Faithful Execution of Remote Attestation Protocols
Publication TypeConference Proceedings
Year of Publication2021
AuthorsAdam Petz, Perry Alexander
Conference NameNASA Formal Methods Symposium (NFM’21)
Date Published05/2021
Conference LocationNorfolk, VA (Online)
Keywords2021: April, KU, Scalability and Composability, Scalable Trust Semantics & Infrastructure
Abstract

Experience shows that even with a well-intentioned user at the keyboard, a motivated attacker can compromise a computer system at a layer below or adjacent to the shallow forms of authentication that are now accepted as commonplace[3]. Therefore, rather than asking "Can we trust the person behind the keyboard", a still better question might be: "Can we trust the computer system underneath?". An emerging technology for gaining trust in a remote computing system is remote attestation. Remote attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network[2]. Although many existing approaches to remote attestation wisely adopt a layered architecture-where the bottom layers measure layers above-the dependencies between components remain static and measurement orderings fixed. For modern computing environments with diverse topologies, we can no longer fix a target architecture any more than we can fix a protocol to measure that architecture.Copland [1] is a domain-specific language and formal framework that provides a vocabulary for specifying the goals of layered attestation protocols. It also provides a reference semantics that characterizes system measurement events and evidence handling; a foundation for comparing protocol alternatives. The aim of this work is to refine the Copland semantics to a more fine-grained notion of attestation manager execution-a high-privilege thread of control responsible for invoking attestation services and bundling evidence results. This refinement consists of two cooperating components called the Copland Compiler and the Attestation Virtual Machine (AVM). The Copland Compiler translates a Copland protocol description into a sequence of primitive attestation instructions to be executed in the AVM. When considered in combination with advances in virtualization, trusted hardware, and high-assurance system software components-like compilers, file-systems, and OS kernels-a formally verified remote attestation infrastructure creates exciting opportunities for building system-level security arguments.

Citation Keynode-75225
Refereed DesignationRefereed