We present Copland, a language for specifying layered attestations. Layered attestations provide a remote appraiser with structured evidence of the integrity of a target system to support a trust decision. The language is designed to bridge the gap between formal analysis of attestation security guarantees and concrete implementations. We therefore provide two semantic interpretations of terms in our language. The first is a denotational semantics in terms of partially ordered sets of events. This directly connects Copland to prior work on layered attestation. The second is an operational semantics detailing how the data and control flow are executed. This gives explicit implementation guidance for attestation frameworks. We show a formal connection between the two semantics ensuring that any execution according to the operational semantics is consistent with the denotational event semantics. This ensures that formal guarantees resulting from analyzing the event semantics will hold for executions respecting the operational semantics. All results have been formally verified with the Coq proof assistant.
Thu 11 Apr (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
|16:30 - 17:00|
John D. Ramsdell, Paul D. Rowe, Perry Alexander, Sarah Helble, Peter Loscocco, J. Aaron Pendergrass, Adam PetzLink to publication
|17:00 - 17:30|
|Link to publication|