Policy-Based Implicit Attestation for Microkernel-Based Virtualized Systems

We present an attestation mechanism that enables a remote verifier to implicitly evaluate the trustworthiness of the prover's system through policies. Those policies are verified and enforced by a TPM 2.0, when the attestor interacts with a virtualized hardware component of the prover's system. For instance, when the verifier reads a virtualized sensor device and requests integrity-protected sensor data, such as the average temperature, a heartbeat value, or an anomaly detection score, the prover's TPM, which acts as a trust anchor, checks and enforces the policies specified by the verifier. The prover, in turn, is also able to define policies, which can limit access to certain hardware components and are also enforced by the TPM. As a result, both parties have to cooperate for a successful attestation, which implicitly creates verifiable proof of the prover's trustworthiness using mainly symmetric instead of expensive asymmetric cryptographic operations like digital signatures.