Remote attestation (RA) is a primitive that allows authentication of software components on untrusted systems by relying on a root of trust. Network protocols can use the primitive to establish trust in remote software components they communicate with. As such, RA can be regarded as a first-class security primitive like (a)symmetric encryption, message authentication, etc. However, current formal models of RA do not allow analysing protocols that use the primitive without tying them to specific platforms, low-level languages, memory protection models or implementation details.

In this paper, we propose and demonstrate a new model, called pi_RA, that supports RA at a high level of abstraction by treating it as a cryptographic primitive in a variant of the applied pi-calculus. To demonstrate the use of pi_RA, we use it to formalise and analyse the security of MAGE, an SGX-based framework that allows mutual attestation of multiple enclaves. The protocol is formalised in the form of a compiler that implements actor-based communication primitives in a source language (pi_Actor) in terms of remote attestation primitives in pi_RA. Subsequently, to prove the security of MAGE, we prove that the compiler representing MAGE is secure. Our security analysis also uncovers a caveat in the security of MAGE that was left unmentioned in the original paper.