Attestation: Evidence and Trust

Abstract

Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser. An open-ended framework for attestation is desirable for safe support to sensitive or high-value activities on heterogeneous networks. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to depend on several claims; and (v) the underlying attestation mechanism must be trustworthy. We propose an architecture for attestation that is guided by these principles, as well as an implementation that adheres to this architecture. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2008
Accession Number
AD1107105

Entities

People

  • Amy Herzog
  • Brian Sniffen
  • George Coker
  • John Ramsdell
  • Jon Millen
  • Joshua Guttman
  • Justin Sheehy
  • Leonard Monk
  • Peter Loscocco

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Human Systems

DTIC Thesaurus Topics

  • Abstracts
  • Authentication
  • Best Practices
  • Commerce
  • Complex Systems
  • Computer Program Documentation
  • Computer Programming
  • Computers
  • Corporations
  • Cryptography
  • Cybersecurity
  • Device Drivers
  • Environment
  • Heterogeneous Networks
  • Hypervisors
  • Identification
  • Identities
  • Kernels (Operating System)
  • Networks
  • New York
  • Operating Systems
  • Security Protocols
  • Virtual Machines

Readers

  • Artificial Intelligence
  • Cybersecurity.
  • Systems Analysis and Design