Abstract

An attestation verification service (AVS) enables remote attestation of hardware-based trusted execution environments. However, today the confidential-computing industry lacks AVS that is independent, trusted, cross-technology, and cross-cloud. This hampers the adoption of and trust in confidential computing services. This disclosure describes techniques that leverage a certificate authority (CA) to provide independent and technology/cloud-agnostic attestation verification service (AVS). Per the techniques, the AVS provided by the CA collects certificates from vendors or entities in specific trust chains, e.g., hardware vendors, cloud service providers, etc. The AVS verifies certificates (signatures) from each entity and signs the overall endorsement report with its own certificate. The techniques provide a separation of duties between verification and cloud (or hardware) services. This reduces the potential (or perception) of conflict of interest and substantially lowers the possibility of collusion (e.g., between a cloud service provider and a technology/hardware provider).

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.

Download

Share

COinS