Evidence Tampering and Chain of Custody in Layered Attestations
CoRR(2024)
摘要
In distributed systems, trust decisions are made on the basis of integrity
evidence generated via remote attestation. Examples of the kinds of evidence
that might be collected are boot time image hash values; fingerprints of
initialization files for userspace applications; and a comprehensive
measurement of a running kernel. In layered attestations, evidence is typically
composed of measurements of key subcomponents taken from different trust
boundaries within a target system. Discrete measurement evidence is bundled
together for appraisal by the components that collectively perform the
attestation.
In this paper, we initiate the study of evidence chain of custody for remote
attestation. Using the Copland attestation specification language, we formally
define the conditions under which a runtime adversary active on the target
system can tamper with measurement evidence. We present algorithms for
identifying all such tampering opportunities for given evidence as well as
tampering "strategies" by which an adversary can modify incriminating evidence
without being detected. We then define a procedure for transforming a
Copland-specified attestation into a maximally tamper-resistant version of
itself. Our efforts are intended to help attestation protocol designers ensure
their protocols reduce evidence tampering opportunities to the smallest, most
trustworthy set of components possible.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要