Multi-Platform Attestation Verification

Loading...
Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Science | Master's thesis

Date

2024-11-17

Department

Major/Subject

Security and Cloud Computing

Mcode

Degree programme

Master's Programme in Security and Cloud Computing

Language

en

Pages

52

Series

Abstract

In Confidential Computing, establishing trust towards Trusted Execution Environments (TEEs) through remote attestation is an essential procedure, which involves verifying the hardware and software configuration of an attested TEE based on evidence. Currently, however, remote attestation mechanisms and related evidence formats for TEEs are vendor–and TEE model–specific. Standards such as the IETF EAT (Entity Attestation Token) format are emerging, but existing TEEs from, e.g., AMD and Intel still use proprietary mechanisms. This thesis explores a flexible approach for abstracting multi-vendor attestation evidence verification, where a verifier can acquire the capabilities to verify evidence for new TEE types via dynamically loaded trusted modules. The solution is implemented as a prototype based on the VERAISON verification service, which is extended to load WebAssembly-based modules for verifying, e.g., AMD SEV-SNP attestation reports.

Description

Supervisor

Gunn, Lachlan

Thesis advisor

Gligoroski, Danilo
Kjällman, Jimmy

Keywords

confidential computing, remote attestation, trusted execution environments, VERAISON, Entity Attestation Token (EAT), WebAssembly

Other note

Citation