| Abstract | The evolution of modern information technology (IT) and operational technology (OT) systems has increasingly led to modular, distributed, and heterogeneous architectures, introducing new security challenges. Trusted Computing technologies, such as the Trusted Platform Module (TPM) and remote attestation, provide mechanisms for verifying software integrity and fostering trust in systems. However, traditional remote attestation primarily focuses on monolithic systems, overlooking critical components such as virtual machines (VMs), software containers, microkernel-based systems, application-level VMs, interpreters, and the integrity of hardware. Moreover, the growing complexity of supply chains demands innovative approaches to ensure the trustworthiness of hardware and software throughout their entire lifecycle.
This thesis extends the principles and applications of TPM-based remote attestation to address these challenges. It introduces novel approaches to remote attestation in modular systems, including VMs, containers, microkernel-based partitions, and interpreters. Furthermore, attestation capabilities are enhanced through mechanisms for selective disclosure and hardware integrity measurement. Another key contribution is the development of a framework that improves the trustworthiness of secure supply chains by ensuring the authenticity and integrity of devices and processes through remote attestation.
The research includes the development of proofs of concept (PoCs) that demonstrate the practicality of these approaches, even in production-relevant systems. In addition, this work has significantly contributed to standardization efforts, including specifications for the Trusted Computing Group (TCG) and Internet Engineering Task Force (IETF). Open-source implementations, such as the CHARRA project, further highlight the practical applicability of this research.
Through rigorous evaluation and practical application, this dissertation addresses critical gaps in the field of remote attestation and paves the way for more robust and trustworthy computing systems in safety-critical domains and supply chain security. |
|---|
