Kuniyasu Suzaki

Professor at the Institute of Information Security (IISEC), Graduate School. He maintained the Japanese version of KNOPPIX (1CD Linux) from 2003 to 2012. His current research interests include confidential computing based on Trusted Execution Environments (TEE) and trusted computing based on the Trusted Platform Module (TPM).

Remote Attestation Sample for Cloud Confidential Computing

I report remote lesson learned by attestation sample codes for cloud confidential computing services. https://github.com/iisec-suzaki/cloud-ra-sample

Remote attestation is essential for confidential computing because it guarantees the genuineness of CPU hardware and the integrity and origin of software. However, it is not widely adopted due to its configuration complexity and because it is often treated as an optional security feature.

This talk explains practical and easy ways to deploy and use remote attestation, along with its importance. The samples cover major cloud confidential computing services (Azure, AWS, GCP, and Sakura Internet) and architectures (Intel SGX, Intel TDX, AMD SEV-SNP, and AWS Nitro). I will demonstrate the differences in setup and verification processes across cloud providers.

In addition, I will briefly explain differences in how each cloud handles virtual TPM (vTPM) and Secure Boot, as well as variations in remote attestation APIs, including evidence formats and verification workflows.

Finally, I will share key insights to help avoid common pitfalls and strengthen remote attestation practices across different cloud environments.