On Remote Attestation for Google Chrome OS

In this paper we present an approach to add Remote Attestation capabilities to the Google Chrome OS platform. Our approach is based on the combination of two integral aspects of Chrome OS: (1) its Verified Boot procedure and (2) its extensible, app-based architecture. Verified Boot ensures the integrity of the static operating system base including firmware, kernel and user land code. The dynamic part of Chrome OS is formed by apps, that can be installed, updated and removed during runtime by the user. We propose an approach that is able to attest both the integrity of the static Chrome OS base as well as the dynamic part composed of apps installed by the user to a remote party. The static part is attested without any measurements of binaries. We detail properties of apps that are reasonable to be measured. Thus, a remote party can reason about the trustworthiness of a remote platform by knowing (1) that it is running Chrome OS and (2) by knowing certain characteristics of installed apps.