Department of Computer Science: MSc Thesis Presentations

Platform-Agnostic Remote Attestation with WebAssembly Components

Author: Wentao Xie
Supervisor: Lachlan Gunn
Advisor: Jimmy Kjällman

Abstract: When communicating with services and functions in the cloud and at the edge, it's often essential to verify that the communication takes place with a node operating with a trusted configuration, e.g., a specific piece of software running in a Trusted Execution Environment. Remote attestation plays a critical role in establishing such trust between distributed nodes. However, vendor-provided attestation evidence formats differ across hardware platforms (e.g., AMD SEV-SNP, Intel TDX), making verification with different TEE platforms a complex undertaking.  

This thesis proposes a solution in which each platform’s verification logic is encapsulated into a sandboxed WebAssembly component, which a verifier can load and use through a single, uniform interface with minimal overhead. The implementation leverages the Trustee attestation service framework and implements two WebAssembly components that support the verification of attestation evidence for both AMD SEV-SNP and Intel TDX, facilitating multi-platform attestation in a consistent and secure manner. In addition, the attestation service is integrated with an In-Network Data Fabric to demonstrate its applicability.