Auditability & Explainability of OBLV Deployments
Trust Model

Trust Model

OBLV’s trust model is pivotal for the system's security and reliability. It is built on a series of layered attestations, each playing a role in establishing and maintaining a secure and transparent operational environment.

Levels of Attestation in OBLV's Trust Model:

LevelLevel of AttestationDetails
Level 6Image-Specific ConfigurationsThis level scrutinises the specific configurations of each image, including settings and operational parameters, ensuring alignment with security and operational policies. Deviations, if any, are identified during the attestation process.
Level 5Image-Specific Digest & SignaturesEach image undergoes verification through its unique digest and signature, ensuring data integrity and confirming the image's authenticity.
Level 4Secondary ManifestThe secondary manifest acts as a detailed record of the image's anticipated state, including dependencies and network configurations, for comparison against the actual state.
Level 3Image PCRsPlatform Configuration Registers (PCRs) store measurements of the enclave image and its components to detect any deviations from the official image.
Level 2Certificate ChainAn attestation document signed by a certificate within the AWS Nitro Card establishes a link between the physical infrastructure of the enclave and the official AWS Root Certificate Authority.
Level 1AWS Root Certificate AuthorityThe foundational level is where the AWS Root CA provides the root of trust for the entire system.

Attestation and Verification Process

The attestation process in OBLV deployments verifies the integrity and authenticity of the enclave environments. This process includes:

  • Ensuring Code Integrity: Attestation confirms that the code within the enclaves is unaltered and functioning as intended.
  • Measuring Against Baselines: The state of each enclave is measured and compared against known, trusted baselines to ensure its authenticity.

Role of Certificate Chain and AWS Root CA

The certificate chain is a vital part of the trust model, tracing back to the AWS Root CA. This chain ensures that each component within the system is authenticated and validated against stringent AWS security standards.

Secondary Manifests and Image Signatures

Secondary manifests and image signatures provide detailed insights into the configurations and state of each enclave, adding another layer of security and integrity.

Incorporating Trust in Operations

This trust model is deeply embedded in every operational aspect of OBLV deployments. From deployment to ongoing management, each step adheres to security, authenticity, and integrity principles, instilling confidence in users about the secure and compliant handling of their data.

2024 Oblivious Software Ltd. All rights reserved.