Designing Trustworthy Layered Attestations

TL;DR

This paper presents a layered attestation framework that enhances trustworthiness by reporting evidence about successive system components, using widely available hardware and software, with minimal performance overhead.

Contribution

It introduces a structured, layered approach to system attestation that improves reliability and trustworthiness against strong adversaries, supported by practical implementation and analysis.

Findings

Layered attestations improve trustworthiness.

Implementation with TPM, Linux, and SELinux is effective.

Performance overhead is approximately 1.3%.

Abstract

Attestation means providing evidence that a remote target system is worthy of trust for some sensitive interaction. Although attestation is already used in network access control, security management, and trusted execution environments, it mainly concerns only a few system components. A clever adversary might manipulate these shallow attestations to mislead the relying party. Reliable attestations require layering. We construct attestations whose layers report evidence about successive components of the target system. Reliability also requires structuring the target system so only a limited set of components matters. We show how to structure an example system for reliable attestations despite a well-defined, relatively strong adversary. It is based on widely available hardware, such as Trusted Platform Modules, and software, such as Linux with SELinux. We isolate our principles in a few maxims that guide system development. We provide a cogent analysis of our mechanisms against our adversary model, as well as an empirical appraisal of the resulting system. We also identify two improvements to the mechanisms so attestation can succeed against strengthened adversaries. The performance burden of our attestation is negligible, circa 1.3 percent. After our first example, we vary our application level, and then also its underlying hardware anchor to use confidential computing with AMD's SEV-SNP. The same maxims help us achieve trustworthy attestations.