Saved in:
Bibliographic Details
Main Authors: Kretz, Ian D., Parran, Clare C., Ramsdell, John D., Rowe, Paul D.
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2402.00203
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913218738257920
author Kretz, Ian D.
Parran, Clare C.
Ramsdell, John D.
Rowe, Paul D.
author_facet Kretz, Ian D.
Parran, Clare C.
Ramsdell, John D.
Rowe, Paul D.
contents In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. Examples of the kinds of evidence that might be collected are boot time image hash values; fingerprints of initialization files for userspace applications; and a comprehensive measurement of a running kernel. In layered attestations, evidence is typically composed of measurements of key subcomponents taken from different trust boundaries within a target system. Discrete measurement evidence is bundled together for appraisal by the components that collectively perform the attestation. In this paper, we initiate the study of evidence chain of custody for remote attestation. Using the Copland attestation specification language, we formally define the conditions under which a runtime adversary active on the target system can tamper with measurement evidence. We present algorithms for identifying all such tampering opportunities for given evidence as well as tampering "strategies" by which an adversary can modify incriminating evidence without being detected. We then define a procedure for transforming a Copland-specified attestation into a maximally tamper-resistant version of itself. Our efforts are intended to help attestation protocol designers ensure their protocols reduce evidence tampering opportunities to the smallest, most trustworthy set of components possible.
format Preprint
id arxiv_https___arxiv_org_abs_2402_00203
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Evidence Tampering and Chain of Custody in Layered Attestations
Kretz, Ian D.
Parran, Clare C.
Ramsdell, John D.
Rowe, Paul D.
Cryptography and Security
In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. Examples of the kinds of evidence that might be collected are boot time image hash values; fingerprints of initialization files for userspace applications; and a comprehensive measurement of a running kernel. In layered attestations, evidence is typically composed of measurements of key subcomponents taken from different trust boundaries within a target system. Discrete measurement evidence is bundled together for appraisal by the components that collectively perform the attestation. In this paper, we initiate the study of evidence chain of custody for remote attestation. Using the Copland attestation specification language, we formally define the conditions under which a runtime adversary active on the target system can tamper with measurement evidence. We present algorithms for identifying all such tampering opportunities for given evidence as well as tampering "strategies" by which an adversary can modify incriminating evidence without being detected. We then define a procedure for transforming a Copland-specified attestation into a maximally tamper-resistant version of itself. Our efforts are intended to help attestation protocol designers ensure their protocols reduce evidence tampering opportunities to the smallest, most trustworthy set of components possible.
title Evidence Tampering and Chain of Custody in Layered Attestations
topic Cryptography and Security
url https://arxiv.org/abs/2402.00203