In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. Examples of the kinds of evidence that might be collected are boot time image hash values; fingerprints of initialization files for userspace applications; and a comprehensive measurement of a running kernel. In layered attestations, evidence is typically composed of measurements of key subcomponents taken from different trust boundaries within a target system. Discrete measurement evidence is bundled together for appraisal by the components that collectively perform the attestation. In this paper, we initiate the study of evidence chain of custody for remote attestation. Using the Copland attestation specification language, we formally define the conditions under which a runtime adversary active on the target system can tamper with measurement evidence. We present algorithms for identifying all such tampering opportunities for given evidence as well as tampering "strategies" by which an adversary can modify incriminating evidence without being detected. We then define a procedure for transforming a Copland-specified attestation into a maximally tamper-resistant version of itself. Our efforts are intended to help attestation protocol designers ensure their protocols reduce evidence tampering opportunities to the smallest, most trustworthy set of components possible.

翻译：在分布式系统中，信任决策基于远程认证生成的完整性证据。此类证据的示例包括：启动时间镜像哈希值；用户空间应用程序初始化文件的指纹；以及运行中内核的综合度量。在分层认证中，证据通常由目标系统内不同信任边界的关键子组件度量值组成。离散的度量证据被捆绑在一起，供共同执行认证的组件进行评估。本文首次研究了远程认证的证据链问题。利用Copland认证规范语言，我们正式定义了目标系统上活跃的运行时攻击者能够篡改度量证据的条件。我们提出了识别给定证据所有此类篡改机会的算法，以及攻击者可在不被察觉的情况下修改有罪证据的篡改"策略"。随后，我们定义了一种将Copland指定的认证转换为其最大抗篡改版本的流程。本研究旨在帮助认证协议设计者确保其协议能够将证据篡改机会降至最小且最可信的组件集合。