Secure Push Attestation with Extensible REST APIs

Until now, the Keylime attestation software has operated on a pull basis: requiring open ports on each attesting node so the verifier can request evidence at a set interval. A new push mode developed by the community brings a number of advantages and presents new opportunities for the project in areas such as extensibility, containerisation and even confidential computing.

In this talk, we will take a whirlwind tour of the new REST-based APIs and how these are composed to achieve a robust security result. We will discuss the challenges of managing state in a multi-phase HTTP protocol and building resilience in the presence of misbehaving clients. Attendees will hear how these changes open the door for increased integration in the wider ecosystem and our vision for the future of attestation.