Our measurement architecture is not restricted to measuring executable code. Adding measurement hooks into applications, we can include structured input data, such as configuration files and java classes, into our measurements. Changes are simple-instrumenting applications, such as Apache or the Java classloader, means adding a measurement call before loading relevant files.
In order to establish confidence in a system, privacy is impacted by our approach. The attestation protocol releases detailed information of the attesting system to allow challengers or trusted third parties to establish trust. However, the attesting system has full control over the release of this information, and can run code that it trusts not to release such information. Also, a system agent could be configured to release attestations to authenticated challengers and the operating system could only provide quotes to that agent.
Inducing frequent changes in loaded executable files can cause the measurement list to grow beyond practical limits, resulting in a denial of service attack. To prevent this attack, a maximum length of the measurement list can be configured. Any additional measurement is aggregated into the TPM-protected PCR register, but the measurement is not stored in the kernel. Consequently, a system that exceeds this maximum number of measurements will not be able to successfully convince challenging parties of its integrity because the measurement list will not validate against the aggregate any more.