Evidence Tampering and Chain of Custody in Layered Attestations
Ian D. Kretz, Clare C. Parran, John D. Ramsdell, Paul D. Rowe
TL;DR
This work formalizes chain-of-custody concerns in layered remote attestation by introducing Copland's data-flow semantics to model evidence flow and tampering. It defines the Tamper Opportunities Problem (TOP) and Tamper Strategies Problem (TSP), and develops algorithms to compute tamper opportunities and minimal tamper strategies, respectively. It then proposes the Evidence Protection Program (EPPP), which yields maximally tamper-resistant Copland phrases while preserving semantics and proving idempotence. Together, these contributions provide a principled framework for attestation protocol designers to minimize tampering opportunities and integrate trust analyses into complex, multi-boundary systems.
Abstract
In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. Examples of the kinds of evidence that might be collected are boot time image hash values; fingerprints of initialization files for userspace applications; and a comprehensive measurement of a running kernel. In layered attestations, evidence is typically composed of measurements of key subcomponents taken from different trust boundaries within a target system. Discrete measurement evidence is bundled together for appraisal by the components that collectively perform the attestation. In this paper, we initiate the study of evidence chain of custody for remote attestation. Using the Copland attestation specification language, we formally define the conditions under which a runtime adversary active on the target system can tamper with measurement evidence. We present algorithms for identifying all such tampering opportunities for given evidence as well as tampering "strategies" by which an adversary can modify incriminating evidence without being detected. We then define a procedure for transforming a Copland-specified attestation into a maximally tamper-resistant version of itself. Our efforts are intended to help attestation protocol designers ensure their protocols reduce evidence tampering opportunities to the smallest, most trustworthy set of components possible.