Abstract
Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to be derived from several claims; and (v) the underlying attestation mechanism must be trustworthy. We propose an architecture for attestation guided by these principles, as well as an implementation that adheres to this architecture. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748 (Proposed Standard) (June 2004)
Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G. (eds.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2003)
Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings, First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York (2006)
AMD Corporation. Amd64 architecture programmer’s manual volume 2: System programming rev 3.11 (January 2006), http://www.amd.com/usen/assets/content_type/white_papers_and_tech_docs /24593.pdf
Intel Corporation. Intel trusted execution technology (November 2006), http://download.intel.com/technology/security/downloads/31516803.pdf
Microsoft Corporation. Ngscb official page (2007), http://www.microsoft.com/resources/ngscb/default.mspx
Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)
TCG Best Practices Group. Design, Implementation, and Usage Principles for TPM-Based Platforms. Version 1.0 (May 2005)
Guttman, J.D.: Authentication tests and disjoint encryption: a design method for security protocols. Journal of Computer Security 12(3/4), 409–433 (2004)
Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 116–145. Springer, Heidelberg (2005)
Guttman, J.D., Thayer, F.J., Carlson, J.A., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Trust management in strand spaces: A rely-guarantee method. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 325–339. Springer, Heidelberg (2004)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation – a virtual machine directed approach to trusted computing. In: Proceedings of the Third virtual Machine Research and Technology Symposium, May 2004, pp. 29–41. USENIX (2004)
Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: USENIX Security Symposium, pp. 179–194. USENIX (2004)
Katsuno, Y., Watanabe, Y., Yoshihama, S., Mishina, T., Kudoh, M.: Layering negotiations for flexible attestation. In: STC 2006: Proceedings, First ACM Workshop on Scalable Trusted Computing, pp. 17–20. ACM Press, New York (2006)
Kerber, R.: Advanced tactic targeted grocer: ‘Malware’ stole Hannaford data. The Boston Globe p. 1, 18 March (2008)
Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. Technical report, NSA, NAI Labs (April 2001)
Millen, J., Guttman, J., Ramsdell, J., Sheehy, J., Sniffen, B.: Call by contract for cryptographic protocol. In: FCS-ARSPA (2006)
Poritz, J.A.: Trust[ed | in] computing, signed code and the heat death of the internet. In: SAC 2006: Proceedings of the 2006 ACM symposium on Applied computing, pp. 1855–1859. ACM Press, New York (2006)
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings, 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)
Seshadri, A.: Pioneer web page, http://www.cs.cmu.edu/
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In: Proceedings of ACM Symposium on Operating Systems Principles (SOSP), October 2005, pp. 1–16 (2005)
Shi, E., Perrig, A., Van Doorn, L.: BIND: A time-of-use attestation service for secure distributed systems. In: Proceedings of IEEE Symposium on Security and Privacy (May 2005)
Shieh, A., Williams, D., Sirer, E.G., Schneider, F.B.: Nexus: a new operating system for trustworthy computing. In: SOSP 2005: Proceedings of the twentieth ACM symposium on Operating systems principles, pp. 1–9. ACM Press, New York (2005)
Stone, B.: 11 charged in theft of 41 million card numbers. The New York Times, p. B 1, 5 August (2008)
Trusted Computing Group. TPM Main Specification, version 1.1b edition (2001), https://www.trustedcomputinggroup.org/downloads/tcg_spec_1_1b.zip
Trusted Computing Group. TCG Trusted Network Connect: TNC Architecture for Interoperability. Version 1.1 (May 2006)
Trusted Computing Group. TCG Trusted Network Connect TNC IF-IMC, Version 1.1 (May 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B. (2008). Attestation: Evidence and Trust . In: Chen, L., Ryan, M.D., Wang, G. (eds) Information and Communications Security. ICICS 2008. Lecture Notes in Computer Science, vol 5308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88625-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-88625-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88624-2
Online ISBN: 978-3-540-88625-9
eBook Packages: Computer ScienceComputer Science (R0)