Attestation - A Fundamental Component of IT Infrastructure Security
Attestation within the Information Technology (IT) industry is expanding to include protection of the computing infrastructure itself. The initial applications of attestation were in client systems using Trusted Platform Modules (TPMs). More recently, Confidential Computing requires attestation to verify the acceptability of a Trusted Execution Environment. Now, attestation is routinely used to enhance security of Cloud systems, embedded systems, and mainframes. Attestation is also spreading into edge and sensor systems and into system components, all of which require a hardware root of trust to prevent an attacker from spoofing replies. It has even been proposed for chiplets in System in Packages (SiPs). Initially, attestation was associated with boot time measurements, but recent protocol enhancements support dynamic measurements during runtime. This talk will explore uses and expansion of attestation for securing the IT infrastructure.
