Skip to main content
SpringerLink
Log in

Principles of remote attestation

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Remote attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser over a network. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to be derived from several claims; and (v) the underlying attestation mechanism must be trustworthy. We illustrate how to acquire evidence from a running system, and how to transport it via protocols to remote appraisers. We propose an architecture for attestation guided by these principles. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., Levkowetz H.: Extensible Authentication Protocol (EAP). RFC 3748 (Proposed Standard), June (2004)

  2. Armknecht, F., Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Ramunno, G., Vernizzi, D.: An efficient implementation of trusted channels based on openssl. In: STC ’08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 41–50. ACM, New York, NY, USA (2008)

  3. Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G. (eds): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall PTR, Upper Saddle River, NJ (2003)

    Google Scholar 

  4. Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R., Stüble, C.: A protocol for property-based attestation. In: STC ’06: Proceedings, First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York, NY, USA (2006)

  5. AMD Corporation: Amd64 architecture programmer’s manual volume 2: System programming rev 3.11 http://www.amd.com/usen/assets/content_type/white_papers_and_tech_docs/24593.pdf, January (2006)

  6. Intel Corporation: Intel trusted execution technology. http://www.download.intel.com/technology/security/downloads/31516803.pdf, November (2006)

  7. Microsoft Corporation: Ngscb official page. http://www.microsoft.com/resources/ngscb/default.mspx (2007)

  8. deMoura, L., Owre, S., Shankar, N.: The SAL language manual. Technical Report SRI-CSL-01-02, SRI International (2003)

  9. Doghmi, S.F., Guttman, J.D., Thayer, F.J.: Searching for shapes in cryptographic protocols. In: Tools and Algorithms for Construction and Analysis of Systems (TACAS), Number 4424 in LNCS, pp. 523–538. Springer, (2007). Extended version at http://www.eprint.iacr.org/2006/435

  10. Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: STC ’07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 30–40. ACM, New York, NY, USA (2007)

  11. Grawrock D.: The Intel Safer Computing Initiative. Intel Press, Hillsboro (2006)

    Google Scholar 

  12. TCG Best Practices Group: Design, Implementation, and Usage Principles for TPM-Based Platforms, May, Version 1.0 (2005)

  13. Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: STC ’08: Proceedings of the 3rd ACM Workshop on Scalable Trusted computing, pp. 11–20. ACM, New York, NY, USA (2008)

  14. Guttman J.D.: Authentication tests and disjoint encryption: a design method for security protocols. J. Comput. Secur. 12(3/4), 409–433 (2004)

    Google Scholar 

  15. Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. In: De Nicola, R., Sangiorgi, D. (eds.) Trust in Global Computing, number 3705 in LNCS, pp. 116–145. Springer, (2005)

  16. Guttman, J.D., Thayer, F.J., Carlson, J.A., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Trust management in strand spaces: a rely-guarantee method. In: Schmidt, D. (ed.) Programming Languages and Systems: 13th European Symposium on Programming, number 2986 in LNCS, pp. 325–339. Springer (2004)

  17. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation—a virtual machine directed approach to trusted computing. In: Proceedings of the Third virtual Machine Research and Technology Symposium, pp. 29–41. USENIX, May (2004)

  18. Petroni, N.L. Jr., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot—a coprocessor-based kernel runtime integrity monitor. In: USENIX Security Symposium, pp. 179–194. USENIX (2004)

  19. Katsuno, Y., Watanabe, Y., Yoshihama, S., Mishina, T., Kudoh, M.: Layering negotiations for flexible attestation. In: STC ’06: Proceedings, First ACM Workshop on Scalable Trusted Computing, pp. 17–20. ACM Press, New York, NY, USA (2006)

  20. Kerber, R.: Advanced tactic targeted grocer: ‘Malware’ stole Hannaford data. The Boston Globe, p. 1, 18 March (2008)

  21. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: Formal verification of an OS kernel. In: ACM Symposium on Operating Systems Principles, Big Sky, MT, October (2009)

  22. Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC ’07: Proceedings of the 2007 ACM workshop on Scalable Trusted Computing, pp. 50–57. ACM, New York, NY, USA (2007)

  23. Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: STC ’07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 21–29. ACM, New York, NY, USA (2007)

  24. McMillan, K.: (1992) The SMV system. http://www.kenmcmil.com

  25. Millen, J., Guttman, J., Ramsdell, J., Sheehy, J., Sniffen, B.: Call by Contract for Cryptographic Protocol. In: FCS-ARSPA (2006) http://www.mitre.org/work/tech_papers/tech_papers_06/06_0498/index.html

  26. Millen, J., Guttman, J., Ramsdell, J., Sheehy, J., Sniffen, B.: Analysis of a measured launch. Technical report, The MITRE Corporation, June (2007) http://www.mitre.org/work/tech_papers/tech_papers_07/07_0843/index.html

  27. Nagarajan, A., Varadharajan, V., Hitchens, M.: Trust management for trusted computing platforms in web services. In: STC ’07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 58–62. ACM, New York, NY, USA (2007)

  28. Poritz, J.A.: computing, signed code and the heat death of the internet. In: SAC ’06: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1855–1859. ACM Press, New York, NY, USA (2006) Trust[ed | in]

  29. Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW ’04: Proceedings, 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York, NY, USA (2004)

  30. Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based tpm virtualization. In: ISC ’08: Proceedings of the 11th International Conference on Information Security, pp. 1–16. Springer, Berlin, Heidelberg (2008)

  31. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, pp. 16–16. USENIX Association, Berkeley, CA, USA (2004)

  32. Schellekens D., Wyseur B., Preneel B.: Remote attestation on legacy operating systems with trusted platform modules. Electron. Notes Theor. Comput. Sci. 197(1), 59–72 (2008)

    Article  MathSciNet  Google Scholar 

  33. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: verifying integrity and guaranteeing execution of code on legacy platforms. In: Proceedings of ACM Symposium on Operating Systems Principles (SOSP), pp. 1–16, October (2005). See also Pioneer Web pages., http://www.cs.cmu.edu

  34. Shi, E., Perrig, A., Van Doorn, L.: BIND: a time-of-use attestation service for secure distributed systems. In: Proceedings of IEEE Symposium on Security and Privacy, May (2005)

  35. Shieh, A., Williams, D., Sirer, E., Schneider, F.B.: Nexus: a new operating system for trustworthy computing. In: SOSP ’05: Proceedings of the Twentieth ACM ymposium on Operating Systems Principles, pp. 1–9. ACM Press, New York, NY, USA (2005)

  36. Stone, B.: 11 charged in theft of 41 million card numbers. The New York Times, p. B 1, 5 August (2008)

  37. Thober, M., Pendergrass, J.A., McDonell, C.D.: Improving coherency of runtime integrity measurement. In: STC ’08: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 51–60. ACM, New York, NY, USA (2008)

  38. Trusted Computing Group: TCG Trusted Network Connect: TNC Architecture for Interoperability, May Version 1.1 (2006)

  39. Trusted Computing Group: TCG Trusted Network Connect TNC IF-IMC, May. Version 1.1 (2006)

  40. Trusted Computing Group: TPM Main Specification, Design Principles, version 1.2 edition (2006) http://www.trustedcomputinggroup.org/specs/TPM/mainP1DPrev103.zip

  41. Trusted Computing Group: TCG Specification Architecture Overview, revision 1.4 edition (2007) http://www.trustedcomputinggroup.org/.../TCG_1_4_Architecture_Overview.pdf

  42. van Dijk, M., Rhodes, J., Sarmenta, L.F.G., Devadas, S.: Offline untrusted storage with immediate detection of forking and replay attacks. In: STC ’07: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 41–48. ACM, New York, NY, USA (2007)

Download references

Author information

Authors and Affiliations

  1. National Security Agency, Bedford, MA, USA

    George Coker & Peter Loscocco

  2. The MITRE Corporation, Bedford, MA, USA

    Joshua Guttman, Amy Herzog, Jonathan Millen, Brian O’Hanlon, John Ramsdell, Ariel Segall, Justin Sheehy & Brian Sniffen

Authors
  1. George Coker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joshua Guttman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Loscocco
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amy Herzog
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jonathan Millen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Brian O’Hanlon
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. John Ramsdell
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Ariel Segall
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Justin Sheehy
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Brian Sniffen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joshua Guttman.

Additional information

MITRE’s work on this paper was supported by the National Security Agency through US Army CE-COM contract W15P7T-05-C-F600.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Coker, G., Guttman, J., Loscocco, P. et al. Principles of remote attestation. Int. J. Inf. Secur. 10, 63–81 (2011). https://doi.org/10.1007/s10207-011-0124-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-011-0124-7

Keywords

Search

Navigation