Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 142 tok/s
Gemini 2.5 Pro 51 tok/s Pro
GPT-5 Medium 28 tok/s Pro
GPT-5 High 25 tok/s Pro
GPT-4o 59 tok/s Pro
Kimi K2 198 tok/s Pro
GPT OSS 120B 430 tok/s Pro
Claude Sonnet 4.5 36 tok/s Pro
2000 character limit reached

Evidence Tampering and Chain of Custody in Layered Attestations (2402.00203v1)

Published 31 Jan 2024 in cs.CR

Abstract: In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. Examples of the kinds of evidence that might be collected are boot time image hash values; fingerprints of initialization files for userspace applications; and a comprehensive measurement of a running kernel. In layered attestations, evidence is typically composed of measurements of key subcomponents taken from different trust boundaries within a target system. Discrete measurement evidence is bundled together for appraisal by the components that collectively perform the attestation. In this paper, we initiate the study of evidence chain of custody for remote attestation. Using the Copland attestation specification language, we formally define the conditions under which a runtime adversary active on the target system can tamper with measurement evidence. We present algorithms for identifying all such tampering opportunities for given evidence as well as tampering "strategies" by which an adversary can modify incriminating evidence without being detected. We then define a procedure for transforming a Copland-specified attestation into a maximally tamper-resistant version of itself. Our efforts are intended to help attestation protocol designers ensure their protocols reduce evidence tampering opportunities to the smallest, most trustworthy set of components possible.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (20)
  1. The Coq proof assistant reference manual, 2018. Version 8.0, http://coq.inria.fr.
  2. C-flat: Control-flow attestation for embedded systems software. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, page 743–754, New York, NY, USA, 2016. Association for Computing Machinery.
  3. RFC 9334: Remote Attestation Procedures Architecture, 2023. https://datatracker.ietf.org/doc/rfc9334/.
  4. A logic of secure systems and its application to trusted computing. In 2009 30th IEEE Symposium on Security and Privacy, pages 221–236. IEEE, 2009.
  5. A framework for policy based negotiation. In Kristin Yvonne Rozier and Swarat Chaudhuri, editors, NASA Formal Methods, pages 207–223, Cham, 2023. Springer Nature Switzerland.
  6. Flexible mechanisms for remote attestation. ACM Trans. Priv. Secur., 24(4), sep 2021.
  7. Autocert: Automated toctou-secure digital certification for iot with combined authentication and assurance. Computers & Security, 124:102952, 2023.
  8. Linux kernel integrity measurement using contextual inspection. In Proceedings of the 2007 ACM workshop on Scalable trusted computing, STC ’07, pages 21–29, New York, NY, USA, 2007. ACM.
  9. An adaptive simultaneous multi-protocol extension of craft. Sensors, 23(8):4074, 2023.
  10. A platform service for remote integrity measurement and attestation. In MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pages 1–6, 2018.
  11. Maat: A platform service for measurement and attestation. CoRR, abs/1709.10147, 2017.
  12. A copland attestation manager. In Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, pages 1–10, 2019.
  13. An infrastructure for faithful execution of remote attestation protocols. In Aaron Dutle, Mariano M. Moscato, Laura Titolo, César A. Muñoz, and Ivan Perez, editors, NASA Formal Methods, pages 268–286, Cham, 2021. Springer International Publishing.
  14. Design and formal verification of a copland-based attestation protocol. In Proceedings of the 19th ACM-IEEE International Conference on Formal Methods and Models for System Design, pages 111–117, 2021.
  15. Ripte: runtime integrity protection based on trusted execution for iot device. Security and Communication Networks, 2020:1–14, 2020.
  16. Orchestrating layered attestations. In Flemming Nielson and David Sands, editors, Principles of Security and Trust, volume 11426, pages 197–221, Cham, 2019. Springer International Publishing. https://ku-sldg.github.io/copland/resources/copland-post-2019.pdf.
  17. Paul D. Rowe. Confining adversary actions via measurement. Third International Workshop on Graphical Models for Security, pages 150–166, 2016.
  18. Automated trust analysis of copland specifications for layered attestations. In 23rd International Symposium on Principles and Practice of Declarative Programming, PPDP 2021, New York, NY, USA, 2021. Association for Computing Machinery.
  19. A case for remote attestation in programmable dataplanes. In Proceedings of the 21st ACM Workshop on Hot Topics in Networks, pages 122–129, 2022.
  20. Remote attestation assurance arguments for trusted execution environments. In Proceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems, pages 33–42, 2023.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up