Publication

Attestable Software Versioning for Stateful Confidential Computing

Abstract

Trusted execution environments enable the creation of confidential and attestable enclaves that exclude the platform and service providers from the trusted base. From its initial attestable state, a stateful enclave such as a confidential database can hold confidential information in memory or use an enclave-specific secret seed to encrypt it on disk. The attestation logic is bound to a unique software version, and does not provide a mechanism to upgrade software version. We propose attestable software versioning to ensure the trust-worthy software migration of stateful enclaves in the context of an untrusted service operator. Attestable software versioning relies on extended attestation, a two-steps hashing process for measurement validation of an enclave extended with its complete software lineage, which further restricts migration to white-listed software versions. Enclaves rely on mutual local or remote extended attestation during the software upgrade; client program use remote extended attestation to determine the software lineage decisions made by the untrusted service operator. The mechanism enables a full separation of roles and responsibilities between software editors, which cannot access data, and untrusted platform operators, who trigger attestable software upgrades.

About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.