Building Trust with Attestation

In this episode, we dive deep into the concept of attestation as it relates to building trust in our software and systems.  Marcela Melara and Vinnie Scarlata take us on a technical tour of both software and remote attestation and how these relate to ideas we've covered previously with software supply chain security and confidential computing. We talk trust and integrity, standards and projects, and share some best practices.   Guests: Dr. Marcela Melara is a research scientist in the Security and Privacy Group at Intel Labs. Her current work focuses on developing solutions for high-integrity software supply chains and building trustworthy distributed systems. She has several publications and patents filed related to her research, and leads a number of internal, academic and open-source efforts on software supply chain security. Prior to joining Intel, she received her PhD in Computer Science from Princeton University and did her undergraduate studies at Hobart and William Smith Colleges. She is a Siebel Scholar, a member of Phi Beta Kappa, and her research on CONIKS was awarded the Caspar Bowden PET Award. Outside of work, Marcela is an avid gardener, bookworm, hiker, and gamer. Vinnie Scarlata is a Principal Engineer in the Security & Privacy Research lab in Intel Labs. He is one of the architects for Intel® Software Guard Extensions and Trust Domain Extensions, and has 20+ years of research experience in various areas of security, e.g. Trusted Computing, Trusted Execution Environments (TEE), Attestation, Recoverable Platforms, Runtime Integrity, and Key Management. He has been granted 50+ patents and co-authored several papers. Vinnie received a MS in Information Security from Georgia Tech and a BS in Computer Science from the University of Massachusetts, Amherst.