Attestation: Evidence and Trust
March 2007
Justin Sheehy, The MITRE Corporation
George Coker, National Security Agency
Joshua Guttman, The MITRE Corporation
Peter Loscocco, National Security Agency
Amy Herzog, The MITRE Corporation
Jon Millen, The MITRE Corporation
Leonard Monk, The MITRE Corporation
John Ramsdell, The MITRE Corporation
Brian Sniffen, The MITRE Corporation
ABSTRACT
Attestation is the activity of making a claim about properties of a target by supplying evidence to
an appraiser. An open-ended framework for attestation is desirable for safe support to sensitive or highvalue
activities on heterogeneous networks.
We identify five central principles to guide development of attestation systems. We argue that (i)
attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the
target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information
about the target; (iv) attestation claims should have explicit semantics to allow decisions to
depend on several claims; and (v) the underlying attestation mechanism must be trustworthy.
We propose an architecture for attestation that is guided by these principles, as well as an implementation
that adheres to this architecture. Virtualized platforms, which are increasingly well supported on
stock hardware, provide a natural basis for our attestation architecture.

Additional Search Keywords
N/A
|