Bundling Evidence for Layered Attestation

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9824)


Systems designed with measurement and attestation in mind are often layered, with the lower layers measuring the layers above them. Attestations of such systems, which we call layered attestations, must bundle together the results of a diverse set of application-specific measurements of various parts of the system. Some methods of layered attestation are more trustworthy than others especially in the presence of an adversary that can dynamically corrupt system components. It is therefore important for system designers to understand the trust consequences of different designs. This paper presents a formal framework for reasoning about layered attestations. We identify inference principles based on the causal effects of dynamic corruption, and we propose a method for bundling evidence that is robust to such corruptions.


Dynamic Corruption Platform Configuration Registers (PCRs) Trusted Platform Module (TPM) Quota Effects Physical TPM 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



I would like to thank Pete Loscocco for suggesting and guiding the direction of this research. Many thanks also to Perry Alexander and Joshua Guttman for their valuable feedback on earlier versions of this work. Thanks also to Sarah Helble and Aaron Pendergrass for lively discussions about measurement and attestation systems. Finally, thank you to the anonymous reviewers for helpful comments in improving the paper.


  1. 1.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 31–August 4, 2006 (2006)Google Scholar
  2. 2.
    Berger, S., Goldman, K.A., Pendarakis, D.E., Safford, D., Valdez, E., Zohar, M.: Scalable attestation: a step toward secure and trusted clouds. IEEE Cloud Comput. 2(5), 10–18 (2015)CrossRefGoogle Scholar
  3. 3.
    Cabuk, S., Chen, L., Plaquin, D., Ryan, M.: Trusted integrity measurement and reporting for virtualized platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 180–196. Springer, Heidelberg (2010)Google Scholar
  4. 4.
    Coker, G., Guttman, J.D., Loscocco, P., Herzog, A.L., Millen, J.K., O’Hanlon, B., Ramsdell, J.D., Segall, A., Sheehy, J., Sniffen, B.T.: Principles of remote attestation. Int. J. Inf. Sec. 10(2), 63–81 (2011)CrossRefGoogle Scholar
  5. 5.
    Cucurull, J., Guasch, S.: Virtual TPM for a secure cloud: fallacy or reality? Universidad de Alicante (2014)Google Scholar
  6. 6.
    Davi, L., Sadeghi, A.-R., Winandy, M.: Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks. In: Proceedings of the 4th ACM Workshop on Scalable Trusted Computing, STC 2009, Chicago, Illinois, USA, 13 November 2009, pp. 49–54 (2009)Google Scholar
  7. 7.
    Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: towards providing complete system integrity evidence. In: Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2009, Estoril, Lisbon, Portugal, 29 June–2 July, 2009, pp. 115–124 (2009)Google Scholar
  8. 8.
    Loscocco, P., Wilson, P.W., Aaron Pendergrass, J., Durward McDonell, C.: Linux kernel integrity measurement using contextual inspection. In: Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, STC 2007, Alexandria, VA, USA, 2 November 2007, pp. 21–29 (2007)Google Scholar
  9. 9.
    Maliszewski, R., Sun, N., Wang, S., Wei, J., Qiaowei, R.: Trusted boot (tboot).
  10. 10.
    Namiluko, C., Martin, A.: Provenance-based model for verifying trust-properties. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 255–272. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Lo Presti, S.: A tree of trust rooted in extended trusted computing. In: Proceedings of the Second Conference on Advances in Computer Security and Forensics Programme (ACSF), pp. 13–20 (2007)Google Scholar
  12. 12.
  13. 13.
  14. 14.
    Rowe, P.D.: Confining adversary actions via measurement. In: Proceeding of the 3rd International Workshop in Graphical Models for Security, GraMSec 2016 (in press)Google Scholar
  15. 15.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, San Diego, CA, USA, 9–13 August 2004, pp. 223–238 (2004)Google Scholar
  16. 16.
    Schmidt, A.U., Leicher, A., Brett, A., Shah, Y., Cha, I.: Tree-formed verification data for trusted platforms. Comput. Secur. 32, 19–35 (2013)CrossRefGoogle Scholar
  17. 17.
    Wei, J., Calton, P., Rozas, C.V., Rajan, A., Zhu, F.: Modeling the runtime integrity of cloud servers: a scoped invariant perspective. In: Proceedings of the Second International Conference in Cloud Computing, CloudCom 2010, November 30–3 December 2010, Indianapolis, Indiana, USA, pp. 651–658 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.The MITRE CorporationBedfordUSA

Personalised recommendations