Remote Attestation and Integrity Verification Solution in a Cloud Based Environment

This Thesis work proposes a remote attestation and integrity verification solution in a Cloud based Environment. It allows an Orchestrator (Verifier) to attest the integrity of the Virtual Machine running on edge devices, connected to the network, during run-time. This solution allows the Prover to provide a strong and verifiable evidence of its system’s state to the Orchestrator. It is also a highly scalable and lightweight solution allowing the Orchestrator to attest multiple edge devices at the same time in an efficient way. Following the guidelines of the previously proposed remote attestation schemes the TPM has been used as a trust anchor to ensure security properties during the whole process. Two types of Integrity Verification protocols have been proposed: the attestation by Quote and the attestation by Proof. The Quote protocol follows more closely the guidelines of the classic remote attestation scheme requiring the Prover to provide a quote data over its system’s measurements. The Proof protocol, on the other hand, is a new type of scheme that leverages the peculiar properties of the TPM. It makes use of an Attestation Key bound with a policy digest to provide a policy-based attestation scheme. It allows the Orchestrator to attest different kinds of properties for distinct remote Virtual Machines in a more flexible way. The whole remote attestation process has been secured by means of two different tracers: the eBPF hooks tracer and the Intel PT. They are two different kinds of tracing techniques allowing to trace at different levels of granularities. An eBPF hooks program has been used to log and verify the correctness of the messages exchanged with the TPM. The Intel PT has been used to perform Control Flow Attestation over the loaded binary extractor in charge of gathering the binary data to be attested during run-time and over the execution of the eBPF hooks program itself. These tracing techniques enhance the level of security of the whole process and guarantee the correctness of all the steps of the remote attestation procedure. Furthermore, a separate analysis and tests have been performed on the Intel PT to assess its capabilities in terms of performance and feasibility. Programs with increasing level of complexity have been used to understand which is the maximum level of program complexity still manageable by the Intel PT.