Abstract:
When a website is accessed, a connection is made using HTTPS to ensure that it ends with the website owner and that subsequent data traffic is secured. However, no further assurances can be given to a user. It is therefore a matter of trust that the site is secure and treats the information exchanged faithfully. This puts users at risk of interacting with insecure or even fraudulent systems. With the availability of confidential computing, which makes execution contexts secure from external access and remotely attestable, this situation can be fundamentally improved.
In this paper, we propose browser-based site attestation that allows users to validate advanced security properties when accessing a website secured by confidential computing. This includes data handling…
Abstract:
When a website is accessed, a connection is made using HTTPS to ensure that it ends with the website owner and that subsequent data traffic is secured. However, no further assurances can be given to a user. It is therefore a matter of trust that the site is secure and treats the information exchanged faithfully. This puts users at risk of interacting with insecure or even fraudulent systems. With the availability of confidential computing, which makes execution contexts secure from external access and remotely attestable, this situation can be fundamentally improved.
In this paper, we propose browser-based site attestation that allows users to validate advanced security properties when accessing a website secured by confidential computing. This includes data handling policies such as the data provided being processed only during the visit and not stored or forwarded. Or informs the user that the accessed site has been audited by a security company and that the audited state is still intact. This is achieved by integrating remote attestation capabilities directly into a commodity browser and enforcing user-managed attestation rules.
Some excerpts:
Such a secured context is encrypted at all times, but is decrypted within the CPU only when the context is about to be executed. Thus, code and data are now also protected from unwanted access during execution. In order to validate that confidential computing applies to a secured context, remote attestation must be performed. During this process, a request is sent to a secured context, which in turn requests an attestation report from a Hardware Root of Trust (HRoT) local to the platform.
We argue that end users could also benefit greatly from the extended guarantees of confidential computing when accessing a secured website. However, there are two main obstacles: First, there is no standardized way for users to detect a secured context and perform remote attestation. Second, if remote attestation is enabled, users must be able to interpret an attestation result to decide whether the remote site is trustworthy.
In this paper, we present site attestation, which takes advantage of confidential computing to improve trust and security when surfing the Web.
7 CONCLUSION
Today, when accessing websites, users have to trust that the remote system is secure, respects data protection laws, and is benevolent. With the availability of confidential computing, remote execution contexts can be secured from external access and become attestable. Site attestation proposes to secure websites through confidential computing and perform remote attestation with trustworthiness policies while surfing the Web, reducing the need to blindly rely on the website’s reputation.
GitHub repo with Nginx, httperf, and Firefox code