Existing attestation mechanisms lack scalability and support for heterogeneous virtual execution environments (VEEs), such as virtual machines and containers executed inside or outside hardware isolation on different vendors' hardware in clouds managed by various organizations. To overcome these limitations, hardware vendors and cloud providers implement proprietary mechanisms (Intel DCAP, Amazon NitroTPM, Google Titan) to support their offerings. However, due to their plurality, the attestation becomes cumbersome because it increases maintenance and integration costs and reduces portability required in hybrid- and multi-cloud deployments. We introduce WAWEL, a framework that enables scalable attestation of heterogeneous VEEs. WAWEL can be plugged into existing hardware-specific attestation mechanisms, offering a unified interface. WAWEL supports the widely adopted trusted platform module (TPM) attestation standard. We implemented a prototype and integrated it with three different VEEs. It supports runtime integrity attestation with Linux integrity measurement architecture (IMA) and legacy applications requiring zero-code changes. The evaluation demonstrated that the WAWEL prototype achieves very good performance and scalability despite the indirections between the VEE and hardware root of trust.

翻译：现有认证机制缺乏可扩展性，且不支持异构虚拟执行环境（VEE），例如在不同组织管理的云中、不同供应商硬件上、硬件隔离内部或外部执行的虚拟机及容器。为克服这些局限，硬件供应商与云服务商各自实现专有机制（如Intel DCAP、Amazon NitroTPM、Google Titan）以支持其产品。然而，由于此类机制种类繁多，认证过程变得繁琐：维护与集成成本增加，混合云及多云部署所需的可移植性降低。我们提出WAWEL框架，该框架可实现异构VEE的可扩展认证。WAWEL可嵌入现有硬件特定的认证机制中，提供统一接口，并支持广泛采用的可信平台模块（TPM）认证标准。我们实现了原型系统，并将其与三种不同VEE集成。该系统支持基于Linux完整性度量架构（IMA）的运行时完整性认证，且无需修改遗留应用程序的代码。评估结果表明，尽管VEE与硬件信任根之间存在间接层，WAWEL原型仍能实现优异的性能与可扩展性。