Logical Attestation: An Authorization Architecture for Trustworthy Computing
Venue
Proceedings of the 23rd ACM Symposium on Operating System Principles, ACM, New York, NY, USA (2011)
Publication Year
2011
Authors
Emin Gün Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, Fred B. Schneider
BibTeX
Abstract
This paper describes the design and implementation of a new operating system
authorization architecture to support trustworthy computing. Called logical
attestation, this architecture provides a sound framework for reasoning about run
time behavior of applications. Logical attestation is based on attributable,
unforgeable statements about program properties, expressed in a logic. These
statements are suitable for mechanical processing, proof construction, and
verification; they can serve as credentials, support authorization based on
expressive authorization policies, and enable remote principals to trust software
components without restricting the local user’s choice of binary implementations.
We have implemented logical attestation in a new operating system called the Nexus.
The Nexus executes natively on x86 platforms equipped with secure coprocessors. It
supports both native Linux applications and uses logical attestation to support new
trustworthy-computing applications. When deployed on a trustworthy cloud-computing
stack, logical attestation is efficient, achieves high-performance, and can run
applications that provide qualitative guarantees not possible with existing modes
of attestation.
