Team for Research in
Ubiquitous Secure Technology

Logical attestation: an authorization architecture for trustworthy computing
Emin Gun Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, Fred Schneider

Citation
Emin Gun Sirer, Willem de Bruijn, Patrick Reynolds, Alan Shieh, Kevin Walsh, Dan Williams, Fred Schneider. "Logical attestation: an authorization architecture for trustworthy computing". Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, 2011.

Abstract
This paper describes the design and implementation of a new operating system authorization architecture to support trustworthy computing. Called logical attestation, this architecture provides a sound framework for reasoning about run time behavior of applications. Logical attestation is based on attributable, unforgeable statements about program properties, expressed in a logic. These statements are suitable for mechanical processing, proof construction, and verification; they can serve as credentials, support authorization based on expressive authorization policies, and enable remote principals to trust software components without restricting the local user's choice of binary implementations. We have implemented logical attestation in a new operating system called the Nexus. The Nexus executes natively on x86 platforms equipped with secure coprocessors. It supports both native Linux applications and uses logical attestation to support new trustworthy-computing applications. When deployed on a trustworthy cloud-computing stack, logical attestation is efficient, achieves high-performance, and can run applications that provide qualitative guarantees not possible with existing modes of attestation.

Electronic downloads

Citation formats  
  • HTML
    Emin Gun Sirer, Willem de Bruijn, Patrick Reynolds, Alan
    Shieh, Kevin Walsh, Dan Williams, Fred Schneider. <a
    href="http://www.truststc.org/pubs/874.html"
    >Logical attestation: an authorization architecture for
    trustworthy computing</a>, Proceedings of the
    Twenty-Third ACM Symposium on Operating Systems Principles,
    2011.
  • Plain text
    Emin Gun Sirer, Willem de Bruijn, Patrick Reynolds, Alan
    Shieh, Kevin Walsh, Dan Williams, Fred Schneider.
    "Logical attestation: an authorization architecture for
    trustworthy computing". Proceedings of the Twenty-Third
    ACM Symposium on Operating Systems Principles, 2011.
  • BibTeX
    @inproceedings{SirerdeBruijnReynoldsShiehWalshWilliamsSchneider11_LogicalAttestationAuthorizationArchitectureForTrustworthy,
        author = {Emin Gun Sirer and Willem de Bruijn and Patrick
                  Reynolds and Alan Shieh and Kevin Walsh and Dan
                  Williams and Fred Schneider},
        title = {Logical attestation: an authorization architecture
                  for trustworthy computing},
        booktitle = {Proceedings of the Twenty-Third ACM Symposium on
                  Operating Systems Principles},
        year = {2011},
        abstract = {This paper describes the design and implementation
                  of a new operating system authorization
                  architecture to support trustworthy computing.
                  Called logical attestation, this architecture
                  provides a sound framework for reasoning about run
                  time behavior of applications. Logical attestation
                  is based on attributable, unforgeable statements
                  about program properties, expressed in a logic.
                  These statements are suitable for mechanical
                  processing, proof construction, and verification;
                  they can serve as credentials, support
                  authorization based on expressive authorization
                  policies, and enable remote principals to trust
                  software components without restricting the local
                  user's choice of binary implementations. We have
                  implemented logical attestation in a new operating
                  system called the Nexus. The Nexus executes
                  natively on x86 platforms equipped with secure
                  coprocessors. It supports both native Linux
                  applications and uses logical attestation to
                  support new trustworthy-computing applications.
                  When deployed on a trustworthy cloud-computing
                  stack, logical attestation is efficient, achieves
                  high-performance, and can run applications that
                  provide qualitative guarantees not possible with
                  existing modes of attestation.},
        URL = {http://www.truststc.org/pubs/874.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.