Clarifying CPU vendor's responsibilities for Remote Attestation with Intel SGX

抄録

Intel Software Guard eXtensions (SGX) allows users to confirm the confidentiality and integrity of running programs on cloud platforms by remote attestation. SGX has recently adopted the new remote attestation, ECDSA Attestation, and will abolish the previous one, EPID Attestation. ECDSA Attestation enables third parties to build their own verification environment. However, its high degree of freedom obscures the boundary of responsibility between the CPU vendor and third parties regarding ECDSA Attestation.

This paper clarifies the scope of responsibility for Intel, the developer of SGX, in ECDSA Attestation. To achieve this, we compared each component of ECDSA Attestation and EPID Attestation. Our analysis revealed that Intel is no longer responsible for the entire verification process but is instead limited to distributing signed data. Furthermore, we demonstrate that modifying DCAP does not violate responsibility boundaries in ECDSA Attestation. To the best of our knowledge, this study is the first to highlight the necessity of discussing the scope of responsibility in TEE.