Transparent Attested DNS for Confidential Computing Services
Antoine Delignat-Lavaud, Cédric Fournet, Kapil Vaswani, Manuel Costa, Sylvan Clebsch, Christoph M. Wintersteiger
TL;DR
This paper addresses the challenge of distributing, updating, and verifying TEEs' attestation evidence in confidential services by introducing Attested DNS (aDNS), a DNS-based mechanism that binds attested service implementations to domain names and enforces zone-specific policies. The approach leverages standard Internet security layers (DNSSEC, DANE, ACME) and a public transparency ledger to enable auditing and cross-client compatibility, including a browser extension that verifies attestations during TLS handshakes. Key contributions include protocols for TEE registration, attestation-based certificate issuance, and controlled zone delegation, plus an architecture implemented as a network of TEEs with a transparent ledger. The work demonstrates sample confidential services across multiple TEE platforms and shows that aDNS can deliver low connection overhead while enabling legacy Web clients to benefit from confidential computing when trusted attestations are verified, ultimately providing a scalable, auditable foundation for confidential services on the Web.
Abstract
Confidential services running in hardware-protected Trusted Execution Environments (TEEs) can provide higher security assurance, but this requires custom clients and protocols to distribute, update, and verify their attestation evidence. Compared with classic Internet security, built upon universal abstractions such as domain names, origins, and certificates, this puts a significant burden on service users and providers. In particular, Web browsers and other legacy clients do not get the same security guaranties as custom clients. We present a new approach for users to establish trust in confidential services. We propose attested DNS (aDNS): a name service that securely binds the attested implementation of confidential services to their domain names. ADNS enforces policies for all names in its zone of authority: any TEE that runs a service must present hardware attestation that complies with the domain-specific policy before registering keys and obtaining certificates for any name in this domain. ADNS provides protocols for zone delegation, TEE registration, and certificate issuance. ADNS builds on standards such as DNSSEC, DANE, ACME and Certificate Transparency. ADNS provides DNS transparency by keeping all records, policies, and attestations in a public append-only log, thereby enabling auditing and preventing targeted attacks. We implement aDNS as a confidential service using a fault-tolerant network of TEEs. We evaluate it using sample confidential services that illustrate various TEE platforms. On the client side, we provide a generic browser extension that queries and verifies attestation records before opening TLS connections, with negligible performance overhead, and we show that, with aDNS, even legacy Web clients benefit from confidential computing as long as some enlightened clients verify attestations to deter or blame malicious actors.