Policy-based implicit attestation for microkernel-based virtualized systems

Steffen Wagner, Claudia Eckert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

We present an attestation mechanism that enables a remote verifier to implicitly evaluate the trustworthiness of the prover’s system through policies. Those policies are verified and enforced by a TPM 2.0, when the attestor interacts with a virtualized hardware component of the prover’s system. For instance, when the verifier reads a virtualized sensor device and requests integrity-protected sensor data, such as the average temperature, a heartbeat value, or an anomaly detection score, the prover’s TPM, which acts as a trust anchor, checks and enforces the policies specified by the verifier. The prover, in turn, is also able to define policies, which can limit access to certain hardware components and are also enforced by the TPM. As a result, both parties have to cooperate for a successful attestation, which implicitly creates verifiable proof of the prover’s trustworthiness using mainly symmetric instead of expensive asymmetric cryptographic operations like digital signatures.

Original languageEnglish
Title of host publicationInformation Security - 19th International Conference, ISC 2016, Proceedings
EditorsMatt Bishop, Anderson C.A. Nascimento
PublisherSpringer Verlag
Pages305-322
Number of pages18
ISBN (Print)9783319458700
DOIs
StatePublished - 2016
Event19th Annual International Conference on Information Security, ISC 2016 - Honolulu, United States
Duration: 3 Sep 20166 Sep 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9866 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th Annual International Conference on Information Security, ISC 2016
Country/TerritoryUnited States
CityHonolulu
Period3/09/166/09/16

Keywords

  • Data integrity
  • Microkernel
  • Policy
  • Remote attestation
  • Trusted platform module

Fingerprint

Dive into the research topics of 'Policy-based implicit attestation for microkernel-based virtualized systems'. Together they form a unique fingerprint.

Cite this