Principles of Layered Attestation
Presented as part of the 2018 HCSS conference.
BIO
Dr. Paul D. Rowe is a Lead Cybersecurity Researcher at The MITRE Corporation. His research interests include cryptographic protocol analysis, Trusted Computing, cyber resiliency, and formal methods for modeling and verification. He received his PhD in mathematics from the University of Pennsylvania.
ABSTRACT
Layered attestations gather heterogeneous pieces of evidence from different parts of a target system, building a structured case for the trustworthiness of the target for a given interaction. Just as with evidence in criminal cases, the manner in which evidence is gathered,processed, and presented affects the conclusions one is warranted to draw. Of course the attestation mechanisms themselves may form part of the target system. A skeptical appraiser may therefore wish to request evidence of the state of the attestation mechanisms, as well as evidence of a "chain of custody'' for measurement data.
This work has three main contributions. First, we identify the logicalstructure induced by dependencies that exist among heterogeneous system components. We show that by measuring components "bottom up,'' any corruption not detected by the attestation must either have occurred recently, or else have affect a component deep in the dependency structure. Second, we demonstrate how to establish a robust chain of custody for the evidence in an optimistic setting in which virtualized TPMs are available. We show that such a chain of custody preserves the "recent or deep'' conclusions warranted by a bottom-up order of measurement. Finally, we introduce Attestation Protocol Description Terms (APDTs), a domain-specific language for specifying how to gather and process evidence. We give a formal semantics for the execution of PDTs that allow them to serve as a semantically explicit representation of a layered attestation for the purpose of negotiation between the target and the appraiser. This semantics has been implemented in Maat, a flexible platform for negotiating and performing layered attestations