Attestation: Evidence and Trust

  • George Coker
  • Joshua Guttman
  • Peter Loscocco
  • Justin Sheehy
  • Brian Sniffen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5308)


Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to be derived from several claims; and (v) the underlying attestation mechanism must be trustworthy. We propose an architecture for attestation guided by these principles, as well as an implementation that adheres to this architecture. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.


Virtual Machine Trusted Platform Module Virtual Machine Monitor Policy Decision Point Trust Base 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz, H.: Extensible Authentication Protocol (EAP). RFC 3748 (Proposed Standard) (June 2004)Google Scholar
  2. 2.
    Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G. (eds.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River (2003)Google Scholar
  3. 3.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings, First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York (2006)CrossRefGoogle Scholar
  4. 4.
    AMD Corporation. Amd64 architecture programmer’s manual volume 2: System programming rev 3.11 (January 2006), /24593.pdfGoogle Scholar
  5. 5.
    Intel Corporation. Intel trusted execution technology (November 2006),
  6. 6.
    Microsoft Corporation. Ngscb official page (2007),
  7. 7.
    Grawrock, D.: The Intel Safer Computing Initiative. Intel Press (2006)Google Scholar
  8. 8.
    TCG Best Practices Group. Design, Implementation, and Usage Principles for TPM-Based Platforms. Version 1.0 (May 2005)Google Scholar
  9. 9.
    Guttman, J.D.: Authentication tests and disjoint encryption: a design method for security protocols. Journal of Computer Security 12(3/4), 409–433 (2004)CrossRefGoogle Scholar
  10. 10.
    Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. In: De Nicola, R., Sangiorgi, D. (eds.) TGC 2005. LNCS, vol. 3705, pp. 116–145. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Guttman, J.D., Thayer, F.J., Carlson, J.A., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Trust management in strand spaces: A rely-guarantee method. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 325–339. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation – a virtual machine directed approach to trusted computing. In: Proceedings of the Third virtual Machine Research and Technology Symposium, May 2004, pp. 29–41. USENIX (2004)Google Scholar
  13. 13.
    Petroni Jr., N.L., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot - a coprocessor-based kernel runtime integrity monitor. In: USENIX Security Symposium, pp. 179–194. USENIX (2004)Google Scholar
  14. 14.
    Katsuno, Y., Watanabe, Y., Yoshihama, S., Mishina, T., Kudoh, M.: Layering negotiations for flexible attestation. In: STC 2006: Proceedings, First ACM Workshop on Scalable Trusted Computing, pp. 17–20. ACM Press, New York (2006)CrossRefGoogle Scholar
  15. 15.
    Kerber, R.: Advanced tactic targeted grocer: ‘Malware’ stole Hannaford data. The Boston Globe p. 1, 18 March (2008)Google Scholar
  16. 16.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the linux operating system. Technical report, NSA, NAI Labs (April 2001)Google Scholar
  17. 17.
    Millen, J., Guttman, J., Ramsdell, J., Sheehy, J., Sniffen, B.: Call by contract for cryptographic protocol. In: FCS-ARSPA (2006)Google Scholar
  18. 18.
    Poritz, J.A.: Trust[ed | in] computing, signed code and the heat death of the internet. In: SAC 2006: Proceedings of the 2006 ACM symposium on Applied computing, pp. 1855–1859. ACM Press, New York (2006)Google Scholar
  19. 19.
    Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings, 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)Google Scholar
  20. 20.
    Seshadri, A.: Pioneer web page,
  21. 21.
    Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying integrity and guaranteeing execution of code on legacy platforms. In: Proceedings of ACM Symposium on Operating Systems Principles (SOSP), October 2005, pp. 1–16 (2005)Google Scholar
  22. 22.
    Shi, E., Perrig, A., Van Doorn, L.: BIND: A time-of-use attestation service for secure distributed systems. In: Proceedings of IEEE Symposium on Security and Privacy (May 2005)Google Scholar
  23. 23.
    Shieh, A., Williams, D., Sirer, E.G., Schneider, F.B.: Nexus: a new operating system for trustworthy computing. In: SOSP 2005: Proceedings of the twentieth ACM symposium on Operating systems principles, pp. 1–9. ACM Press, New York (2005)CrossRefGoogle Scholar
  24. 24.
    Stone, B.: 11 charged in theft of 41 million card numbers. The New York Times, p. B 1, 5 August (2008)Google Scholar
  25. 25.
    Trusted Computing Group. TPM Main Specification, version 1.1b edition (2001),
  26. 26.
    Trusted Computing Group. TCG Trusted Network Connect: TNC Architecture for Interoperability. Version 1.1 (May 2006)Google Scholar
  27. 27.
    Trusted Computing Group. TCG Trusted Network Connect TNC IF-IMC, Version 1.1 (May 2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • George Coker
    • 2
  • Joshua Guttman
    • 1
  • Peter Loscocco
    • 2
  • Justin Sheehy
    • 1
  • Brian Sniffen
    • 1
  1. 1.The MITRE CorporationUSA
  2. 2.National Security AgencyUSA

Personalised recommendations