Author: Guoxing Chen, Yinqian Zhang, Ten-Hwang Lai
Affiliation: The Ohio State University, The Ohio State University, The Ohio State University
Conference: CCS 2019
Paper Link: https://dl.acm.org/doi/10.1145/3319535.3354220
Note Link: https://jbox.sjtu.edu.cn/l/S1oYKk
Contributor: pdh

Overview

This paper presents OPERA, which is an Open Platform for Enclave Remote Attestation. Instead of completely trusting the IAS, OPERA leverage the feature of SGX to build the trust-chain during the attestation service, which is shown below.

The Issuing enclave (IssueE) and the attestation enclave (AttestE) are designed by OPERA and will be periodically validated by IAS. During the attestation of ISV enclave (IsvE), the AttestE and IssueE will be the role of IAS and IPS in the traditional remote attestation scenary.

In general, OPERA is designed to achieve the following properties:

  • Openness. OPERA is a open-sourced design and the content of the enclave inside the OPERA can be verified.
  • Privacy. No other parties would acquire the information of the attested enclave. Only the platform who would run the attested enclaves can know some information about these enclaves.
  • Performant. The attestation process has been simplified due to the fact that there is no need to generate the IAS signature and the report can be verified by the ISV or its users. Therefore, OPERA can achieve higher performance than the traditional remote attestation.