A Flexible Trust Manager for Remote Attestation in Heterogeneous Critical Infrastructures

Nowadays, critical infrastructures are managed through paradigms such as cloud/fog/edge computing and Network Function Virtualization (NFV), providing advantages as flexibility, availability, and reduced management costs. These paradigms introduce several advantages but – given their nature of physically distributed systems – leave room for various security threats, such as software integrity attacks. To counter these threats, Trusted Computing and Remote Attestation (RA) techniques can be used, to allow a third party (Verifier) to verify the software and configuration integrity of a platform (Attester). In environments composed of different objects, several RA frameworks (hardware-based, software-based, or hybrid) might need to be deployed, depending on the capabilities of the attested elements. To ease this process, we propose a new design and implementation of our Trust Monitor (TM) architecture, which implements the Trust Manager specified by ETSI for NFV environments, making it more flexible and usable in different contexts. In addition, we define a generic model for performing RA in heterogeneous environments by employing various RA technologies. More specifically, the extended TM allows flexible RA in hybrid infrastructures composed of different objects, i.e., physical nodes, virtual machines, containers, pods, and enclaves. Through tests performed in an experimental testbed, we show that the proposed implementation is scalable and usable in heterogeneous contexts.