Litcius/Paper detail

Formal Specification and Verification of Architecturally-Defined Attestation Mechanisms in Arm CCA and Intel TDX

Muhammad Usama Sardar, Thomas Fossati, Simon Frost, Shale Xiong

2023IEEE Access12 citationsDOIOpen Access PDF

Abstract

Attestation is one of the most critical mechanisms in confidential computing (CC). We present a holistic verification approach enabling comprehensive and rigorous security analysis of architecturally-defined attestation mechanisms in CC. Specifically, we analyze two prominent next-generation hardware-based Trusted Execution Environments (TEEs), namely Arm Confidential Compute Architecture (CCA) and Intel Trust Domain Extensions (TDX). For both of these solutions, we provide a comprehensive specification of all phases of the attestation mechanism, namely provisioning, initialization, and attestation protocol. We demonstrate that including the initialization phase in the formal model leads to a violation of integrity, freshness, and secrecy properties for Intel’s claimed trusted computing base (TCB), which could not be captured by considering the attestation protocol alone in the related work. We open-source our artifacts. Other researchers, including a team from Intel, are adopting our artifacts for further analysis.

Topics & Concepts

Computer scienceOperating systemProgramming languageSecurity and Verification in ComputingCryptographic Implementations and SecurityPhysical Unclonable Functions (PUFs) and Hardware Security