Online Talk: Trade-offs in Remote Attestation

Trade-offs in Remote Attestation, in line with Confidential Remote Computing.

Event is Online on Zoom:
https://tu-dresden.zoom.us/j/65536566290?pwd=ZUlKVVYrL0dkek1uNmxoN2k4T3pYQT09

Abstract: A trustworthy set of hardware primitives for reporting the system or software identity is the backbone of the area of confidential remote computing. Establishing trusted interactions with remote services require correct utilisation of these hardware primitives for attestation and provisioning purposes. The value of remote attestation is often -unintentionally- ignored or undervalued by the industrial companies, big tech vendors or the practitioners. However, confidential remote computing cannot exist without the strong and independent attesation mechanism. The reason of weaknesses from industrial vendors may be explained with the difficulty of the open research challenges in remote attestation. In this talk, we shall be talking on trade-offs in remote attestation in three areas.

First, privacy related trade-offs beginning with the TPM’s Root of Trust for Reporting (RoTR) and early prototype TEEs with the binary-identity based attestation and the property-based attestation mechanisms. We shall disucss the software-based and hardware-based attesation mechanisms.

Second, we shall talk on abusive methods and malware related arguments with the TEEs using strong remote attestation solutions. We will be discussing on how an advanced malware can or cannot potentially abuse the security features presented by TEEs to achieve their malicious goals. We consider a ransomware example abusively utilising key generation mechanisms of the remote attestation mechanisms.

Third, in a subsequent connection with the malware arguments, we shall present our insights on dynamic code loading into TEEs/enclaves, changing the runtime enclave identity, methods to deal with private algorithms enabling code confidentiality, potential solutions for industrial practice under limited support of hardware features.

This talk aims to boost discussions in the area of remote attestation and highlights the trade-offs to be considered in designing future attestation mechanisms.

Date: 12.10.23 (Thursday)

Time: 14 hrs (CEST)

Meeting link: https://tu-dresden.zoom-x.de/j/65536566290?pwd=ZUlKVVYrL0dkek1uNmxoN2k4T3pYQT09

Meeting ID: 655 3656 6290
Passcode: 42tP&Zj?

-------------------------------

We are building a community around the following topics;

• Confidential Computing
• Digital Security by Design
• IoT Security
• Zero Trust
• Trusted Computing
• Remote Attestation
• Software Isolation
• Root of Trust for Measurement, Reporting, Storage
• Trusted Platform Module
• Software Guard eXtensions
• Digital Hardware Enclaves
• Hardware Assisted Trust
• Confidential Compute Architecture
• Secure Enclave Development
• Cloud, Infrastructure, IoT, Edge, Web, Server, End-user Device, Application Security

Audience:
Warm welcome for all expert and non-expert participants. Engineering to Insurance, Finance to Healthcare, it is open to anyone seeking to deepen their experiences in the age of Digital Trust.

Our community experts, Oxford & ETH alumnus and academic researchers will be answering the questions of how can we trust our digital devices, how can we establish trusted channels between our servers, and answers on collecting evidences about a remote system running with our critical assets.

------------------------------------

If you cannot make to this event, we can still organise a free workshop at your corporation. It can be public or private to your company members. If you feel that your employees need further training on Confidential Computing, Zero Trust, and Security by Design, please contact us using the form below. We will be in touch with you with the available dates.
https://docs.google.com/forms/d/e/1FAIpQLSdoQ59oy7dyKc9JwQy-JDYD4Zn_VAi8wAprxuQAW58XR_MASQ/viewform