< Back

Strengthening Confidentiality with Multiple Attestations

June 5, 3:25 PM - 3:45 PM
Imperial Room A

This session is a collaboration between AMD's SEV-SNP team, the NSA's Trusted Mechanisms research group, and Invary.

We intend to showcase the NSA's open-source Maat Measurement and Attestation Framework, which orchestrates attestations of host and guest OS boot and runtime integrity and guest memory integrity (AMD SEV-SNP).

We will thus show the benefits of aggregated attestations to confidential computing workloads, which benefit both the workload owner utilizing the guest and the host's manager.

We will demonstrate multiple use cases with varying levels of confidentiality, providing optionality to end users, for example:

1. A confidential environment with all components having integrity, as seen through a single aggregated output via MAAT.

2. An environment where the host OS lacks runtime integrity via a rootkit attack, but the guest maintains OS and memory runtime integrity. This scenario allows for a separation of response between the owner of a confidential workload and the owner of the host.

3. An environment where the guest lacks memory integrity, but the host and guest have OS integrity.

4. An environment where the guest lacks OS runtime integrity but maintains memory confidentiality.

The key takeaways are:

1. The benefits of open source frameworks like MAAT to aggregate and orchestrate multiple third-party attestations.

2. An understanding of the layered architecture of a confidential computing environment and how each, if compromised, can impact the others.

3. The importance of attestation in confidential computing.

4. Exposure to the Copland language, used for expressing attestations (as described in "Flexible Mechanisms for Remote Attestation" (DOI: 10.1145/3470535).

About the speakers

Jason Rogers

Jason Rogers

Chief Executive Officer, Invary

Jason is the Chief Executive Officer of Invary, a cybersecurity company specializing in validating the runtime integrity of operating systems and detecting sophisticated rootkits that confuse existing security stacks. Invary is based on an exclusive IP license from the NSA. Prior to joining Invary, Jason served as the Vice President of Platform at Matterport, which manages terabytes of spatial data from over 10 million physical properties and serves nearly 1 billion 3-D virtual tours a year. Jason has also successfully launched a consumer-facing IoT platform for Lowe's and developed numerous software products for Motorola.

Sonemaly Phrasavath

Sonemaly Phrasavath

Sr. Manager, Software System Design, AMD

Sonemaly is a technical engineering leader with more than 15 years of experience with x86 and ARM-based server systems on multiple Linux distros and Windows. She relies on strong people skills to inspire and guide team members in defining and implementing innovative engineering solutions. Sonemaly is currently focused on two functional areas in AMD's Datacenter Ecosystem Application Engineering organization.

Dr. Wes Peck

Dr. Wes Peck

Chief Technology Officer, Invary

Dr. Peck is the Chief Technology Officer of Invary, a cybersecurity company that protects from novel zero-day attacks.

He is accomplished in large-scale software platform architecture, embedded systems, team building, and building novel software solutions that provide direct value to customers.

Dr. Peck served as the Primary Architect and Software Director of Matterport's government SaaS platform and was the Core Platform Director of Matterport's commercial platform and initial public offering on July 2021 NASDAQ:MTTR.

As the principal developer on the Iris Smart Home platform, Dr. Peck oversees the design and development of the embedded hub software (Zigbee and Z-Wave) and video streaming solution (H.264 and RTSP).

Dr. Peck earned his Ph.D. in Computer Science from the University of Kansas with a focus on hardware/software co-design, operating systems, trusted platforms, and specification refinement.