Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

Abstract: A process includes, in a computer system, acquiring a first measurement that corresponds to a software container. Acquiring the measurement includes a hardware processor of the computer system measuring a given layer of a plurality of layers of layered file system structure corresponding to the software container. The given layer includes a plurality of files, and the first measurement includes a measurement of the plurality of files. The process includes storing the first measurement in a secure memory of the computer system. A content of the secure memory is used to verify an integrity of the software container.

Abstract: A method for securing a plurality of compute nodes includes authenticating a hardware architecture of each of a plurality of components of the compute nodes. The method also includes authenticating a firmware of each of the plurality of components. Further, the method includes generating an authentication database comprising a plurality of authentication descriptions that are based on the authenticated hardware architecture and the authenticated firmware. Additionally, a policy for securing a specified subset of the plurality of compute nodes is implemented by using the authentication database.

Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.

Abstract: A process includes communicating by a first device, with a second device. The communicating includes the first device receiving data from the second device that represents a certificate. The certificate binds a hierarchy of logical identifiers to a cryptographic key. The hierarchy of identifiers includes a first logical identifier that corresponds to a group membership. The process includes authenticating, by the first device, the second device based on the certificate. The process includes allowing, by the first device, a secure connection to be set up between the first device and the second device based on whether the first logical identifier represents that the second device is a member of a first group of devices of which the first device is a member.

Abstract: Examples for identification and authentication of hardware. Techniques may include receiving a node identifier during an initial phase of the node. The node identifier may include an initial unique identifier of the node. The node may receive a latest change identifier during a phase change of the node, wherein the phase change may cause a hierarchical change of the node. The latest change identifier is configured to incorporate a latest unique identifier corresponding to a latest system and one or more unique identifiers corresponding to one or more earlier systems of the node. Further, responsive to the reception of the latest change identifier, delete an earlier change identifier, and the node may send the second change identifier to a management service, in response to a request for authentication of the node by the management service.

Abstract: Examples relate to verifying network elements. In one example, a computing device may: receive, from a client device, a request for attestation of a back-end network, the request including back-end configuration requirements; obtain, from a network controller that controls the back-end network, a controller configuration that specifies each network element included in the back-end network; provide each network element included in the back-end network with a request for attestation of a network element configuration of the network element; receive, from each network element, response data that specifies the network element configuration of the network element; verify that the response data received from each network element meets the back-end configuration requirements included in the request for attestation of the back-end network; and provide the client device with data verifying that the back-end network meets the back-end configuration requirements.

Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.

Abstract: A computer platform includes a security processor; at least one hardware processor; and a memory. The security processor stores data representing a private platform key. The private platform key is part of an asymmetric pair of keys, and the asymmetric pair of keys includes a public platform key. The memory stores a firmware image. The firmware image includes data representing a root certificate of a public key infrastructure that signs a second certificate that is associated with the computer platform. The second certificate includes the public platform key and binding information binding the second certificate to the computer platform. The firmware image includes instructions that, when executed by the hardware processor(s), cause the hardware processor(s) to access data representing the second certificate and determine whether the second certificate is valid based on the root certificate and the binding information.

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

Abstract: A process includes a first tenant of a plurality of tenants communicating with a security processor of a computer platform, via a first physical request interface of the security processor, to acquire ownership of a first command execution engine of the security processor associated with the first physical request interface. The process includes a second tenant of the plurality of tenants communicating with the security processor, via a second physical request interface of the security processor, to acquire ownership of a second command execution engine of the security processor associated with the second physical request interface. The process includes the security processor receiving a first request from the first tenant in the first physical interface, and the second processor receiving a second request from the second tenant in the second physical request interface.

Abstract: A system comprising an inner kernel of an operating system (OS) running at a higher privilege level than an outer kernel of the OS, the inner kernel to measure a data structure in a memory; a device including a measurement engine to measure the data structure in the memory, wherein the device operates independently of the OS; and a trusted execution environment including an application to compare measurements from the inner kernel and the measurement engine.

Abstract: A method of certifying a state of a platform includes receiving one or more software elements of a software stack of the platform by an authentication module and performing a hash algorithm on the software stack to generate one or more hash values. The software stack uniquely determines a software state of the platform. The method includes generating creation data, a creation hash, and a creation ticket, corresponding to the hash values and sending the creation ticket to the platform. The method also includes receiving the creation ticket by the authentication module and certifying the creation data and the creation hash based on the creation ticket. The method further includes generating a certified structure based on the creation data and performing the hash algorithm on the certified structure to generate a hash of the certified structure. The certified structure uniquely determines the software state of the platform.

Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.

Abstract: Example implementations relate to a method and system for provisioning an identity certificate for a BMC of a platform. Based on the certificate signing request (CSR) received from the BMC, a certificate authority (CA) associated with the platform manufacturer may verify the identity of the security processor and private key of BMC. A cryptographic audit session log between a provisioning service of the platform and the security coprocessor of the platform is received along with the CSR at the CA implemented in a cloud system. The CA verifies the signature on the received cryptographic audit session log. After verification, validation tools at the cloud system determine a first time and second time associated with the security coprocessor. When the difference between the first time and the second time is below an expected time of cryptographic communication, the CSR is considered as a valid request and an identity certificate for the BMC is generated and transmitted to the platform.

Abstract: Examples disclosed herein relate to using an integrity manifest certificate to verify the state of a platform. A device identity of a device that has the device identity provisioned and stored in a security co-processor to retrieve an integrity proof from the security co-processor. The device includes at least one processing element, at least one memory device, and a bus including at least one bus device, and wherein the device identity is associated with a device identity certificate signed by a first authority. The integrity proof includes a representation of each of a plurality of hardware components including the at least one processing element, the at least one memory device, the at least one bus device, and a system board and a representation of plurality of firmware components included in the device. The integrity proof is provided to a certification station.

Abstract: The present disclosure relates to a method for integrity verification of a software stack or part of a software stack resident on a host machine. A management entity generates a measurement log for a disk image associated with the software stack or the part of a software stack. A verifier entity retrieves the generated measurement log and compares the generated measurement log with a reference measurement of a verification profile previously assigned by the verifier entity to the software stack or the part of a software stack to verify the software stack or the part of a software stack.

Abstract: Systems and methods for multi-dimensional attestation are provided. One method for multi-dimensional attestation includes upon occurrence of a triggering event, taking triggered measurements of a platform, the platform including a security co-processor and a volatile memory; extending a platform configuration register of the volatile memory to include the triggered measurements; taking snapshots of the platform configuration register over time; storing the snapshots in a snapshot memory; and upon request, sending the triggered measurements and the snapshots to a verifier for detection of potential attacks.