Assured Remote Execution on a device is the ability of suitably authorized parties to construct secure channels with known processes -- i.e. processes executing known code -- running on it. Assured Remote Execution requires a hardware basis including cryptographic primitives. In this paper, we show that a simple hardware-level mechanism called Cryptographically Assured Information Flow (CAIF) enables Assured Remote Execution. CAIF is akin to some operations in existing Trusted Execution Environments, but securely implements an ideal functionality defined in terms of logging and confidential escrow. We show how to achieve Assured Remote Execution for a wide variety of processes on a CAIF device. Cryptographic protocol analysis demonstrates our security goals are achieved even against a strong adversary that may modify our programs and execute unauthorized programs on the device. Assured Remote Execution enables useful functionality such as trustworthy remote attestation, and provides some of the support needed for secure remote reprogramming. Acknowledgment. We are grateful to the MITRE Independent Research and Development Program for support.

翻译：设备上的可信远程执行，是指经适当授权的参与方能够与设备上运行着已知代码的进程建立安全通道的能力。可信远程执行需要包含密码原语的硬件基础。本文证明，一种名为密码学保障信息流（CAIF）的简单硬件级机制能够实现可信远程执行。CAIF与现有可信执行环境中的某些操作类似，但能以日志记录和机密托管为基础安全实现理想功能。我们展示了如何在CAIF设备上为多种进程实现可信远程执行。密码协议分析表明，即使面对可篡改程序并在设备上执行未授权程序的强大攻击者，我们的安全目标仍能实现。可信远程执行为可信远程证明等实用功能提供了支持，并为安全远程重编程奠定了基础。致谢：感谢MITRE独立研发计划的支持。