Skip to main content
SpringerLink
Log in

Trusted Integrity Measurement and Reporting for Virtualized Platforms

(Work-in-Progress)

  • Conference paper
Trusted Systems (INTRUST 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6163))

Included in the following conference series:

Abstract

Verifiable trust is a desirable property for computing platforms. Current trusted computing systems developed by Trusted Computing Group (TCG) provide verifiable trust by taking immutable snapshots of the whole set of platform components. It is, however, difficult to use this technology directly in virtualized platforms because of complexity and dynamic changes of platform components. In this paper, we introduce a novel integrity management solution based on a small Software-based Root of Trust for Measurement (SRTM) that provides a trusted link to the integrity measurement chain in the TCG technology.

Our solution makes two principal contributions: The first is a key management method, by which a verifier can be convinced that the SRTM is a trusted delegatee of a Trusted Platform Module (TPM). The second is two integrity management services, which provides a novel dependency relation between platform components and enables reversible changes to measured components. This extended abstract of the paper focuses on the key management method and shows the high level idea of these two services. Details of the dependency relation, the reversible changes, and the Xen implementation may be found in the full version of the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the trusted platform module. In: Proceedings of the 15th USENIX Security Symposium, Berkeley, CA, USA, pp. 21–21. USENIX Association (2006)

    Google Scholar 

  2. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: Managing security in the Trusted Virtual Datacenter. In: ACM SIGOPS Operating Systems Review (2008)

    Google Scholar 

  3. Chen, P.M., Noble, B.D.: When virtual is better than real. In: Proceedings of the 8th Workshop on Hot Topics in Operating Systems, Washington, DC, USA, p. 133. IEEE Computer Society, Los Alamitos (2001)

    Chapter  Google Scholar 

  4. Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure virtual architecture: A safe execution environment for commodity operating systems. In: SOSP 2007: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pp. 351–366. ACM, New York (2007)

    Chapter  Google Scholar 

  5. Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., Neugebauer, R.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles (October 2003)

    Google Scholar 

  6. England, P., Lampson, B., Manferdelli, J., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)

    Article  Google Scholar 

  7. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 193–206. ACM Press, New York (2003)

    Chapter  Google Scholar 

  8. Gasmi, Y., Sadeghi, A., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (SAC 2007), pp. 30–40. ACM, New York (2007)

    Google Scholar 

  9. Griffin, J.L., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Caceres, R.: Trusted Virtual Domains: Toward secure distributed services. In: Proc. of 1st IEEE Workshop on Hot Topics in System Dependability, HotDep (2005)

    Google Scholar 

  10. Hohmuth, M., Peter, M., Härtig, H., Shapiro, J.S.: Reducing TCB size by using untrusted components: Small kernels versus virtual-machine monitors. In: Proceedings of the 11th ACM SIGOPS European workshop: beyond the PC. ACM Press, New York (2004)

    Google Scholar 

  11. Jansen, B., Ramasamy, H.V., Schunter, M.: Policy enforcement and compliance proofs for Xen virtual machines

    Google Scholar 

  12. Kauer, B.: Authenticated Booting on L4 (2004), http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf

  13. Kauer, B.: OSLO: Improving the security of Trusted Computing. In: Proceedings of the 16th USENIX Security Symposium. USENIX Association (2007)

    Google Scholar 

  14. The Fiasco micro-kernel (2004), http://os.inf.tu-dresden.de/fiasco/

  15. Liedtke, J.: On μ-kernel construction. In: Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP), Copper Mountain Resort, CO, December 1995, pp. 237–250 (1995)

    Google Scholar 

  16. Microsoft. Bitlocker drive encryption, http://www.microsoft.com/windows/windows-vista/features/bitlocker.aspx

  17. Murray, D.G., Milos, G., Hand, S.: Improving Xen security through disaggregation. In: Proceedings of the ACM Conference on Virtual Execution Environments (March 2008)

    Google Scholar 

  18. Qumranet. KVM: Kernel-based virtualization driver (2006), http://kvm.qumranet.com

  19. Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77 (2004)

    Google Scholar 

  20. Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure hypervisor approach to trusted virtualized systems. IBM Research Report (2005)

    Google Scholar 

  21. Sailer, R., Zhang, X., Jaeger, T.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium-Volume 13 Table of Contents, p. 16 (2004)

    Google Scholar 

  22. Seshadri, A., Luk, M., Qu, N., Perrig, A.: Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: SOSP 2007: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pp. 335–350. ACM, New York (2007)

    Chapter  Google Scholar 

  23. Sugerman, J., Venkitachalam, G., Lim, B.-H.: Virtualizing I/O devices on VMware workstation’s hosted virtual machine monitor. In: Proceedings of the General Track: 2002 USENIX Annual Technical Conference, Berkeley, CA, USA, pp. 1–14. USENIX Association (2002)

    Google Scholar 

  24. Trusted Computing Group. TCG Specification Architecture Overview (March 2003), Trusted Computing Group: https://www.trustedcomputinggroup.org/groups/TCG_1_3_Architecture_Overview.pdf (Specification Revision 1.3 March 28, 2007)

Download references

Author information

Authors and Affiliations

  1. No Institute Given,  

    Serdar Cabuk

  2. Hewlett-Packard Laboratories,  

    Liqun Chen & David Plaquin

  3. University of Birmingham,  

    Mark Ryan

Authors
  1. Serdar Cabuk
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Liqun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Plaquin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mark Ryan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cabuk, S., Chen, L., Plaquin, D., Ryan, M. (2010). Trusted Integrity Measurement and Reporting for Virtualized Platforms. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14597-1_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14596-4

  • Online ISBN: 978-3-642-14597-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation