Build trusted computing pool using H/W security feature, such as Intel TXT.
The feature will allow one to build trusted computing pools based on H/W-based security features, such as Intel Trusted Execution Technology (TXT). Combining attestation done by a separate entity (i.e. "remote attestation"), the hosting provider and users can ensure that verified measurement of software be running in the cloud. Such remote attestation services can be developed by using SDK that we plan to provide. Policy-based scheduling will be used to find "trusted" nodes.
Blueprint information
- Status:
- Complete
- Approver:
- Rick Clark
- Priority:
- Undefined
- Drafter:
- Jun Nakajima
- Direction:
- Needs approval
- Assignee:
- Jun Nakajima
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
- Deferred
- Milestone target:
- None
- Started by
- Completed by
- Vish Ishaya
Whiteboard
We have POC/demo systems.
The SDK will include API spec, sample code, source code of remote attestation services, and documentation. The developers can select and modify the implementation of the remote attestation, based on their needs accordingly.
We are working on a blueprint for policy based scheduling that comprehends "trusted" servers as one of the scheduling policies.