img
Home > Mechanisms > Attestation Service

Attestation Service

Attestation Service

An attestation service is responsible for assessing the integrity of cloud compute nodes through techniques introduced by the trusted computing technology and trusted platform modules (TPMs). The TPM creates a hash of a boot component and validates the hash against a set of securely stored values.

A remote attestation service is critical for implementing secure compute platforms in the cloud. It checks whether a platform is launched with known-good firmware and software components, communicates the security trust level or trustworthiness of a platform to consumers, and supports visibility and auditability.

In Figure 1, the attestation service receives signed attestations from secure boot verification services. The attestation service validates the signatures on boot measurements and makes the attestations available to authenticated administrators, workflow engines and orchestration engines that need to know the security status of a resource before dispatching a workload.

Figure 1 - An example of an attestation service.

Related Patterns:

CloudSchool.com Cloud Certified Professional (CCP) Module 7: Fundamental Cloud Security
CloudSchool.com Cloud Certified Professional (CCP) Module 8: Advanced Cloud Security

This mechanism is covered in CCP Module 7: Fundamental Cloud Security and
in Module 8: Advanced Cloud Security.

For more information regarding the Cloud Certified Professional (CCP) curriculum, visit www.arcitura.com/ccp.

Cloud Computing Design Patterns

This cloud computing mechanism is also covered in:

Cloud Computing Design Patterns by Thomas Erl, Robert Cope, Amin Naserpour

(ISBN: 9780133858563, Hardcover, ~ 528 pages)

For more information about this book, visit www.arcitura.com/books.