Multi-Platform Attestation Verification
Loading...
URL
Journal Title
Journal ISSN
Volume Title
School of Science |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
2024-11-17
Department
Major/Subject
Security and Cloud Computing
Mcode
Degree programme
Master's Programme in Security and Cloud Computing
Language
en
Pages
52
Series
Abstract
In Confidential Computing, establishing trust towards Trusted Execution Environments (TEEs) through remote attestation is an essential procedure, which involves verifying the hardware and software configuration of an attested TEE based on evidence. Currently, however, remote attestation mechanisms and related evidence formats for TEEs are vendor–and TEE model–specific. Standards such as the IETF EAT (Entity Attestation Token) format are emerging, but existing TEEs from, e.g., AMD and Intel still use proprietary mechanisms. This thesis explores a flexible approach for abstracting multi-vendor attestation evidence verification, where a verifier can acquire the capabilities to verify evidence for new TEE types via dynamically loaded trusted modules. The solution is implemented as a prototype based on the VERAISON verification service, which is extended to load WebAssembly-based modules for verifying, e.g., AMD SEV-SNP attestation reports.Description
Supervisor
Gunn, LachlanThesis advisor
Gligoroski, DaniloKjällman, Jimmy
Keywords
confidential computing, remote attestation, trusted execution environments, VERAISON, Entity Attestation Token (EAT), WebAssembly