End-to-end security for hardware running verified software

摘要

A verified software system may be executable on secure hardware. Prior to being executed, the software system may be verified as conforming to a software specification. First credentials attesting to an identity of the software system may be sent to an external application. Second credentials signed by a provider of the secure hardware may be sent to the external application. The second credentials may attest to an identity of the secure hardware. The external application may securely exchange one or more messages with a software application of the software system. For example, the one or more messages may be decryptable only by the external application and the software application to provide confidentiality for each message. As another example, an attestation may vouch for an identity of a sender of each of the one or more messages to attest to an integrity of each message.

主权项

1. One or more computer-readable memory storage devices storing instructions that, when executed by one or more processors, program the one or more processors to perform acts comprising:
executing, by secure hardware, a software system that has been verified to conform to a software specification, the software system including an operating system and a software application; sending a public key from the software application to an external application that is external to the software system, wherein the public key corresponds to a private key that is known only to the software system; sending first credentials signed by the secure hardware to the external application, wherein the first credentials identifies that the public key is associated with the software system; and sending second credentials comprising a second certificate signed using a second key by a provider of the secure hardware to the external application, the second credentials attesting to an identity of the secure hardware.