Maat: A Platform Service for Measurement and Attestation

TL;DR

This paper introduces Maat, a centralized platform service designed to improve software integrity measurement and attestation by providing a secure, policy-driven framework that simplifies integration into trust decisions.

Contribution

The paper presents Maat, a novel prototype system that centralizes and streamlines integrity measurement and attestation processes for enhanced security and policy management.

Findings

Maat effectively centralizes integrity measurement management.

It simplifies integration of measurements into trust decisions.

The system supports flexible, policy-driven measurement protocols.

Abstract

Software integrity measurement and attestation (M&A) are critical technologies for evaluating the trustworthiness of software platforms. To best support these technologies, next generation systems must provide a centralized service for securely selecting, collecting, and evaluating integrity measurements. Centralization of M&A avoids duplication, minimizes security risks to the system, and ensures correct ad- ministration of integrity policies and systems. This paper details the desirable features and properties of such a system, and introduces Maat, a prototype implementation of an M&A service that meets these properties. Maat is a platform service that provides a centralized policy-driven framework for determining which measurement tools and protocols to use to meet the needs of a given integrity evaluation. Maat simplifies the task of integrating integrity measurements into a range of larger trust decisions such as authentication, network access control, or delegated computations.