The Future of Attestation in a Confidential World

The Future of Attestation in a Confidential World

The Confidential Computing Consortium from the Linux Foundation hosted a panel of experts to discuss the future of attestation, a key enabling technology to unlock Confidential Computing.

The panel was moderated by Lily Sturmann (Senior Software Engineer at Red Hat) and panelists included Nathaniel McCallum (CTO at Profian), Dave Thaler (Software Architect at Microsoft and CCC TAC Chair), Mark Novak (Director, Applied Research Technologies at JP Morgan Chase), and Simon Johnson (Senior Principal Engineer at Intel's Office of the CTO).

Please find below Nathaniel McCallum's answer to the question "Who is attestation for?"

First, the question that was asked, who is attestation for, and I think that attestation is for everyone. I think that the reason it's not today is because attestation is hard. And because it's hard, it's expensive. And because it's expensive, as Mark said, you have to have people that have money that can be able to do it. But there's no reason that attestation has to be hard. We can actually build attestation services which are scalable. And we can actually make this both easy and cheap. And when it's easy and cheap, then everyone can have attestation. And when everyone has attestation, it creates a new plateau in a certain sense of what we expect out of services. Today, when I make a connection to a remote service, I hand them my data. And I have no idea what they're going to do with that data, right? Do I trust them? Maybe, maybe not, I don't really know. And the reason I can't even make that decision is because we just simply don't have the primitives available to us to be able to do anything that is better than that. Which is why it's really important for us to focus on building scalable, usable forms of attestation. I would also like to add that we also agree that there's an affinity between attestation and TLS, as Dave said. Attestation is one input in an authorization decision. But one of the critical problems that we have is that we also have to secure the channels between confidential apps. Because if we don't, then we actually weaken the properties of the network itself. And so the only real tool we have to do that, besides SSH, which is probably not fit for this, is TLS. And that's going to require a certificate. And this is why Profian actually ships an actual attestation service that does precisely this: it validates an attestation, and it issues a TLS certificate that's used by the Keep when it's communicating to other parties. And this means that every time you establish a connection to another party, you have a statement within the certificate from the other end, that's cryptographically validatable of what the initial state of the system was, and what the workload that's actually running in that system is, and that basically forms the basis of your authorization decision. And in today's modern infrastructure we do basically two levels of authorization, we have channel authorization for TLS, and then we typically also will have a higher level of authorization and authentication in say HTTP. And so combining these two, these two make an effective ability to gather all of the inputs to an authorization process and be able to make an intelligent decision.