User-Centered Attestation for Layered and Decentralized Systems

<div>Virtualization is omnipresent as the backbone of</div><div>cloud, edge, and fog computing as well as X-as-a-service infrastructure. It continues to gain increased popularity even in edge or end-user and embedded devices. The need for standards and specifications for secure and trustworthy collaboration becomes a pressing issue. Trusted Computing is considered one of the pillars towards trustworthy systems both in terms of practical security mechanisms and supporting standards. This paper revisits the Trusted Computing tool-set and introduces its current application</div><div>in virtualization scenarios. We discuss challenges related to</div><div>translating the term trust between specifications for hardware modules such as the Trusted Platform Module (TPM) and applied specifications for operating systems, hypervisors, and virtual machines are — defining trust establishment becomes crucial for specifications extending trust beyond the TPM. We define Usercentered</div><div>attestation as a set of principles suitable for layered,</div><div>decentralized systems along with a methodology for specifying and synthesizing such a trust establishment strategy.</div>