The technology generally relates to computer security and more specifically to computer systems which allow users to verify that a remote computer system conforms to an expected configuration before providing code and/or data to be processed by the computer system.
In a cloud computing environment, users may make use of remote computer systems within the cloud computing environment to carry out processing tasks on their behalf. Users may therefore provide the computer systems within the cloud computing environment with code to be executed and data to be processed. If a user cannot confidently determine the current configuration of the remote computer systems that they are interacting with, they may be dissuaded from using the cloud computing environment to process code and/or data, especially if that code and/or data is sensitive.
A Trusted Execution Environment (TEE), is a secure area of a processor which guarantees that code and data within the secure area is protected with respect to confidentiality and integrity. Two technologies which provide instantiations of a TEE are Trusted Platform Modules (TPMs) and enclaves.
Trusted Platform Modules (TPMs) are security modules which may be used as part of a computer system to ensure that the computer system is in an expected configuration when it is started up. A TPM securely stores measurements of the code modules that are executed by the computer system whilst it is starting up (which is commonly referred to as booting or the boot process or procedure). These measurements can be used to verify that the correct (i.e. untampered with) code modules were executed by the computer system as part of its boot process. However, a TPM only allows users to verify that the boot process was completed successfully (i.e. that the expected code modules were all executed), it does not allow a user to verify that the current configuration of a computer system is as expected as it does not provide any information about processes that have been executed by the operating system or runtime environment after the boot has been completed.
Another technology which enables a user to partially verify the state of a computing system is the use of enclaves. As an example, an enclave may be created using Microsoft® Virtual Secure Mode (VSM). Alternatively, Intel® processors may include Software Guard Extensions (SGX) instructions which allow a secure enclave to be created. However, other mechanisms for creating enclaves can be used, such as AMD® Secure Encrypted Virtualization (SEV). The code and data for a particular process may be stored and/or processed within an enclave. Data and processing within the enclave is protected from other processes that may be being executed within the computer system, helping to ensure its confidentiality and integrity. Enclaves typically provide an enclave quoting mechanism which enables a user to verify that a process is actually operating inside a valid enclave and also the state of the enclave (e.g. the actual process that is within the enclave). However, whilst these quoting mechanisms enable a user to verify the execution environment of a process within an enclave, it does not provide any verification as to the overall configuration of the computer system (i.e. including any processes that are running outside of the enclave). Furthermore, the computing environment that is provided to a process executing within an enclave is typically relatively limited since it does not have access to higher performance hardware such as graphical processing units (GPUs), networks and so on.
The embodiments described below are not limited to implementations which solve any or all of the disadvantages of known computer systems.