Description
Confidential Computing has emerged as a solution for protecting data in use, relying
on hardware-based trusted execution environments to isolate and encrypt data while
in memory. Remote Attestation is an essential component of CC, allowing users to
verify the state of the remote environment before trusting it with confidential data. This
thesis evaluates the effectiveness of Remote Attestation ( RA ) for the Arm Confidential
Computing Architecture, which leverages the Realm Management Extension to provide
hardware-isolated Realms for secure code execution.
After introducing background on RA and Arm Confidential Computing Architecture
(Arm CCA ), metrics for secure RA are selected based on academic literature. Evaluation
of the tokens shows that Arm CCA satisfies metrics including cryptographic identity,
secure initialization tracking, replay protection, clear packaging format, and platform
identity binding between the Realm and CCA platform tokens. However, it lacks
user-configurable disclosure control and comprehensive runtime logging. Overall,
analysis indicates that Arm CCA RA establishes a baseline of trustworthiness, but
future hardware implementations could be strengthened in transparency and verifier
control.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching