Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification

Sardar, Muhammad Usama; Musaev, Saidgani; Fetzer, Christof

doi:10.1109/access.2021.3087421

Cited by 25 publications

(12 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The current absence of this feature prevents the sort of attested boot that is so useful in establishing a chain of trust on an SEV VM; we use, for instance, this attested boot in our implementation. As for TDX, inconsistencies have been outlined [49], [51] on the specifications proposed by Intel, 6 illustrating even its theoretical immaturity. TDX uses the same principles and general architecture as SGX to provide remote attestation.…”

Section: F Discussionmentioning

confidence: 99%

“…TDX uses the same principles and general architecture as SGX to provide remote attestation. However, it does have a number of differences as far as components taking part in this procedure and what is being attested/measured [51]. So, TDX's remote attestation procedure relies on different primitives that are yet to be made available in hardware.…”

Section: F Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Flexible Remote Attestation of Pre-SNP SEV VMs Using SGX Enclaves

Antonino,

Derek,

Wołoszyn

2023

IEEE Access

View full text Add to dashboard Cite

We propose a protocol that explores a synergy between two TEE implementations: it brings SGX-like remote attestation to SEV VMs. We use the notion of a trusted guest owner, implemented as an SGX enclave, to deploy, attest, and provision an SEV VM. This machine can, in turn, rely on the trusted owner to generate SGX-like attestation proofs on its behalf. Our protocol combines the application portability of SEV with the flexible remote attestation of SGX. We formalise our protocol and prove that it achieves the intended guarantees using the Tamarin prover. Moreover, we develop an implementation for our trusted guest owner together with example SEV machines, and put those together to demonstrate how our protocol can be used in practice; we use this implementation to evaluate our protocol in the context of creating accountable machine-learning models. We also discuss how our protocol can be extended to provide a simple remote attestation mechanism for a heterogeneous infrastructure of trusted components.INDEX TERMS remote attestation, trusted execution environments, SGX, SEV, security I. INTRODUCTION

show abstract

Section: F Discussionmentioning

confidence: 99%

Section: F Discussionmentioning

confidence: 99%

Flexible Remote Attestation of Pre-SNP SEV VMs Using SGX Enclaves

Antonino,

Derek,

Wołoszyn

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…As the TDX was released on processors early in 2023, there have been no studies so far that have analyzed it in production. There are only a few theoretical analyses of the specifications that appeared before the actual release of TDX-enabled processors [15,16].…”

Section: Trusted Execution Environmentsmentioning

confidence: 99%

Secure Multiparty Computation Using Secure Virtual Machines

Miladinović,

Milaković,

Vukasović

et al. 2024

Electronics

View full text Add to dashboard Cite

The development of new processor capabilities which enable hardware-based memory encryption, capable of isolating and encrypting application code and data in memory, have led to the rise of confidential computing techniques that protect data when processed on untrusted computing resources (e.g., cloud). Before confidential computing technologies, applications that needed data-in-use protection, like outsourced or secure multiparty computation, used purely cryptographic techniques, which had a large negative impact on the processing performance. Processing data in trusted enclaves protected by confidential computing technologies promises to protect data-in-use while possessing a negligible performance penalty. In this paper, we have analyzed the state-of-the-art in the field of confidential computing and present a Confidential Computing System for Artificial Intelligence (CoCoS.ai), a system for secure multiparty computation, which uses virtual machine-based trusted execution environments (in this case, AMD Secure Encrypted Virtualization (SEV)). The security of the proposed solution, as well as its performance, have been formally analyzed and measured. The paper reveals many gaps not reported previously that still exist in the current confidential computing solutions for the secure multiparty computation use case, especially in the processes of creating new secure virtual machines and their attestation, which are tailored for single-user use cases.

show abstract

“…Sardar, Musaev, and Fetzer [34] proposed a model to verify an implementation of RA written in ProVerif (which is based on the applied π-calculus) which is tailored to the TDX design based on Intel's official documentation. Their model contains several processes by default, such as the quoting enclave, the guest trust domain, the TDX module, and the CPU hardware.…”

Section: Related Workmentioning

confidence: 99%

$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation

Lanckriet,

Busi,

Devriese

2023

2023 IEEE 36th Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Remote attestation (RA) is a primitive that allows the authentication of software components on untrusted systems by relying on a root of trust. Network protocols can use the primitive to establish trust in remote software components they communicate with. As such, RA can be regarded as a firstclass security primitive like (a)symmetric encryption, message authentication, etc. However, current formal models of RA do not allow analysing protocols that use the primitive without tying them to specific platforms, low-level languages, memory protection models, or implementation details.In this paper, we propose and demonstrate a new model, called π RA , that supports RA at a high level of abstraction by treating it as a cryptographic primitive in a variant of the applied πcalculus. To demonstrate the use of π RA , we use it to formalise and analyse the security of MAGE, an SGX-based framework that allows mutual attestation of multiple enclaves. The protocol is formalised in the form of a compiler that implements actorbased communication primitives in a source language (π Actor ) in terms of remote attestation primitives in π RA . Our security analysis uncovers a caveat in the security of MAGE that was left unmentioned in the original paper.

show abstract

Demystifying Attestation in Intel Trust Domain Extensions via Formal Verification

Cited by 25 publications

References 32 publications

Flexible Remote Attestation of Pre-SNP SEV VMs Using SGX Enclaves

Flexible Remote Attestation of Pre-SNP SEV VMs Using SGX Enclaves

Secure Multiparty Computation Using Secure Virtual Machines

$\pi_{\mathbf{RA}}$: A $\pi\text{-calculus}$ for Verifying Protocols that Use Remote Attestation

Contact Info

Product

Resources

About