Archivio Istituzionale della RicercaGiven the trend towards softwarized and distributed infrastructures, there is an increasing need to demonstrate the integrity of their components as a basis to evaluate their trustworthiness. To this aim, evidence about the current state of a component must be generated and provided to an external party that verifies it. This is a complex task because various architectures and proof types exist, and each scenario requires a custom strategy for verification. The current solutions are developed for specific contexts, resulting in a lack of standardisation and interoperability. Veraison is a standard-based open-source software that aims to address this issue enhancing consistency when developing an attestation framework. Based on the RATS architecture proposed by IETF, it reduces the effort necessary by offering a set of components easily adaptable to different use cases. This paper analyzes Veraison and compares it to existing integrity verification systems, to suggest possible applications and further developments.
Standard-Based Remote Attestation: The Veraison Project / Ferro, Lorenzo; Lioy, Antonio. - ELETTRONICO. - 3731:(2024), pp. 1-13. (Intervento presentato al convegno ITASEC-2024: The Italian Conference on CyberSecurity tenutosi a Salerno (Italy) nel April 8-12, 2024).
Standard-Based Remote Attestation: The Veraison Project
Ferro, Lorenzo;Lioy, Antonio
2024
Abstract
Given the trend towards softwarized and distributed infrastructures, there is an increasing need to demonstrate the integrity of their components as a basis to evaluate their trustworthiness. To this aim, evidence about the current state of a component must be generated and provided to an external party that verifies it. This is a complex task because various architectures and proof types exist, and each scenario requires a custom strategy for verification. The current solutions are developed for specific contexts, resulting in a lack of standardisation and interoperability. Veraison is a standard-based open-source software that aims to address this issue enhancing consistency when developing an attestation framework. Based on the RATS architecture proposed by IETF, it reduces the effort necessary by offering a set of components easily adaptable to different use cases. This paper analyzes Veraison and compares it to existing integrity verification systems, to suggest possible applications and further developments.
| File | Dimensione | Formato | |
|---|---|---|---|
|
itasec2024-ferro-lioy.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Creative commons
Dimensione
364.63 kB
Formato
Adobe PDF
|
364.63 kB | Adobe PDF | Visualizza/Apri |
|
paper28.pdf
accesso aperto
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Creative commons
Dimensione
437.63 kB
Formato
Adobe PDF
|
437.63 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2988310