Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trusted Systems

INTRUST 2010: Trusted Systems pp 326–345Cite as

acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6802))

Abstract

Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.

In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 2–13. ACM, San Jose (2006)

    Google Scholar 

  2. Advanced Micro Devices: AMD64 Virtualization: Secure Virtual Machine Architecture Reference Manual (May 2005)

    Google Scholar 

  3. Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proceedings of the IEEE 94(2), 357–369 (2006), doi:10.1109/JPROC.2005.862423

    Article  Google Scholar 

  4. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, p. 65. IEEE Computer Society, Los Alamitos (1997)

    Google Scholar 

  5. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)

    Chapter  Google Scholar 

  6. Bellard, F.: Qemu, a fast and portable dynamic translator. In: ATEC 2005: Proceedings of the annual conference on USENIX Annual Technical Conference, p. 41. USENIX Association, Berkeley (2005)

    Google Scholar 

  7. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)

    Google Scholar 

  8. Bratus, S., D’Cunha, N., Sparks, E., Smith, S.W.: Toctou, traps, and trusted computing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 14–32. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Cabuk, S., Chen, L., Plaquin, D., Ryan, M.: Trusted integrity measurement and reporting for virtualized platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 180–196. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. Cáceres, R., Carter, C., Narayanaswami, C., Raghunath, M.: Reincarnating pcs with portable soulpads. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, pp. 65–78. ACM, Seattle (2005)

    Google Scholar 

  11. Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A.R., Schulz, S., Schunter, M., Winandy, M., Zhan, J.: Trusted virtual domains - design, implementation and lessons learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Clair, L.S., Schiffman, J., Jaeger, T., McDaniel, P.: Establishing and sustaining system integrity via root of trust installation. In: Computer Security Applications Conference, Annual, pp. 19–29 (2007)

    Google Scholar 

  13. Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008), http://dx.doi.org/10.1007/978-3-540-88625-9_1

    Chapter  Google Scholar 

  14. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory (1981)

    Google Scholar 

  15. Dyer, J., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.: Building the ibm 4758 secure coprocessor. Computer 34(10), 57–66 (2001)

    Article  Google Scholar 

  16. EMSCB Project Consortium: The European Multilaterally Secure Computing Base (EMSCB) project (2004), http://www.emscb.org/

  17. England, P., Lampson, B., Manferdelli, J., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)

    Article  Google Scholar 

  18. England, P.: Practical techniques for operating system attestation. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 1–13. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology (2005), http://clemens.endorphin.org/publications

  20. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th Symposium on Operating System Principles(SOSP 2003), pp. 193–206. ACM, New York (October 2003)

    Google Scholar 

  21. Gebhardt, C., Dalton, C.: Lala: a late launch application. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, pp. 1–8. ACM, Chicago (2009)

    Chapter  Google Scholar 

  22. Gebhardt, C., Tomlinson, A.: Secure Virtual Disk Images for Grid Computing. In: 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC 2008). IEEE Computer Society, Los Alamitos (October 2008)

    Google Scholar 

  23. Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Hillsboro (February 2009) ISBN: 978-1934053171

    Google Scholar 

  24. Intel Corporation: Intel active management technology (amt), http://www.intel.com/technology/platform-technology/intel-amt/index.htm

  25. Intel Corporation: Trusted Boot (2008), http://sourceforge.net/projects/tboot/

  26. Intel Corporation: Intel Trusted Execution Technology Software Development Guide (December 2009), http://download.intel.com/technology/security/downloads/315168.pdf

  27. Kauer, B.: Oslo: improving the security of trusted computing. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–9. USENIX Association, Berkeley (2007)

    Google Scholar 

  28. Kivity, A., Kamay, V., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux Virtual Machine Monitor. In: OLS 2007: Proceedings of the Linux Symposium, pp. 225–230 (2007)

    Google Scholar 

  29. Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with tcpa/tcg hardware, or: How i learned to stop worrying and love the bear. Tech. rep., Department of Computer Science/Dartmouth PKI Lab, Dartmouth College (2003)

    Google Scholar 

  30. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)

    Google Scholar 

  31. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 315–328. ACM, Glasgow (2008)

    Chapter  Google Scholar 

  32. OpenTC Project Consortium: The Open Trusted Computing (OpenTC) project (2005-2009), http://www.opentc.net/

  33. Pfitzmann, B., Riordan, J., Stueble, C., Waidner, M., Weber, A., Saarlandes, U.D.: The perseus system architecture (2001)

    Google Scholar 

  34. Pirker, M., Toegl, R., Winkler, T., Vejda, T.: Trusted computing for the JavaTMplatform (2009), http://trustedjava.sourceforge.net/

  35. Pirker, M., Toegl, R.: Towards a virtual trusted platform. Journal of Universal Computer Science 16(4), 531–542 (2010), http://www.jucs.org/jucs_16_4/towards_a_virtual_trusted

    Google Scholar 

  36. Pirker, M., Toegl, R., Gissing, M.: Dynamic enforcement of platform integrity (a short paper). In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  37. Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. Commun. ACM 17(7), 412–421 (1974)

    Article  MathSciNet  MATH  Google Scholar 

  38. Qumranet: KVM - Kernel-based Virtualization Machine (2006), http://www.qumranet.com/files/white_papers/KVM_Whitepaper.pdf

  39. Ravi Sahita, U.W., Dewan, P.: Dynamic software application protection. Tech. rep., Intel Corporation (2009), http://blogs.intel.com/research/trusted%20dynamic%20launch-flyer-rlspss_001.pdf

  40. Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Hempelmann, C., Raskin, V. (eds.) NSPW, pp. 67–77. ACM, New York (2004)

    Google Scholar 

  41. Safford, D., Kravitz, J., Doorn, L.v.: Take control of tcpa. Linux Journal (112), 2 (2003), http://domino.research.ibm.com/comm/research_projects.nsf/pages/gsal.TCG.html

  42. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, USENIX Association, San Diego (2004)

    Google Scholar 

  43. Scarlata, V., Rozas, C., Wiseman, M., Grawrock, D., Vishik, C.: Tpm virtualization: Building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Vieweg (2007)

    Google Scholar 

  44. Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society, Washington, DC, USA (2009)

    Chapter  Google Scholar 

  45. Shi, E., Perrig, A., Van Doorn, L.: Bind: a fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168 (2005)

    Google Scholar 

  46. Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)

    Google Scholar 

  47. Strachey, C.: Time sharing in large, fast computers. In: IFIP Congress (1959)

    Google Scholar 

  48. Trusted Computing Group: TCG infrastructure specifications, https://www.trustedcomputinggroup.org/specs/IWG/

  49. Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007)

    Google Scholar 

  50. Tygar, J., Yee, B.: Dyad: A system for using physically secure coprocessors. In: Technological Strategies for the Protection of Intellectual Property in the Networked Multimedia Environment, pp. 121–152. Interactive Multimedia Association (1994)

    Google Scholar 

  51. Vasudevan, A., McCune, J.M., Qu, N., van Doorn, L., Perrig, A.: Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 141–165. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A–8010, Graz, Austria

    Ronald Toegl, Martin Pirker & Michael Gissing

Authors
  1. Ronald Toegl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Pirker
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Gissing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Google Inc. and Department of Computer Science, Columbia University, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Toegl, R., Pirker, M., Gissing, M. (2011). acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25283-9_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25282-2

  • Online ISBN: 978-3-642-25283-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation