Abstract
Verifiable trust is a desirable property for computing platforms. Current trusted computing systems developed by Trusted Computing Group (TCG) provide verifiable trust by taking immutable snapshots of the whole set of platform components. It is, however, difficult to use this technology directly in virtualized platforms because of complexity and dynamic changes of platform components. In this paper, we introduce a novel integrity management solution based on a small Software-based Root of Trust for Measurement (SRTM) that provides a trusted link to the integrity measurement chain in the TCG technology.
Our solution makes two principal contributions: The first is a key management method, by which a verifier can be convinced that the SRTM is a trusted delegatee of a Trusted Platform Module (TPM). The second is two integrity management services, which provides a novel dependency relation between platform components and enables reversible changes to measured components. This extended abstract of the paper focuses on the key management method and shows the high level idea of these two services. Details of the dependency relation, the reversible changes, and the Xen implementation may be found in the full version of the paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the trusted platform module. In: Proceedings of the 15th USENIX Security Symposium, Berkeley, CA, USA, pp. 21–21. USENIX Association (2006)
Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: Managing security in the Trusted Virtual Datacenter. In: ACM SIGOPS Operating Systems Review (2008)
Chen, P.M., Noble, B.D.: When virtual is better than real. In: Proceedings of the 8th Workshop on Hot Topics in Operating Systems, Washington, DC, USA, p. 133. IEEE Computer Society, Los Alamitos (2001)
Criswell, J., Lenharth, A., Dhurjati, D., Adve, V.: Secure virtual architecture: A safe execution environment for commodity operating systems. In: SOSP 2007: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pp. 351–366. ACM, New York (2007)
Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., Neugebauer, R.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles (October 2003)
England, P., Lampson, B., Manferdelli, J., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 193–206. ACM Press, New York (2003)
Gasmi, Y., Sadeghi, A., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing (SAC 2007), pp. 30–40. ACM, New York (2007)
Griffin, J.L., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Caceres, R.: Trusted Virtual Domains: Toward secure distributed services. In: Proc. of 1st IEEE Workshop on Hot Topics in System Dependability, HotDep (2005)
Hohmuth, M., Peter, M., Härtig, H., Shapiro, J.S.: Reducing TCB size by using untrusted components: Small kernels versus virtual-machine monitors. In: Proceedings of the 11th ACM SIGOPS European workshop: beyond the PC. ACM Press, New York (2004)
Jansen, B., Ramasamy, H.V., Schunter, M.: Policy enforcement and compliance proofs for Xen virtual machines
Kauer, B.: Authenticated Booting on L4 (2004), http://os.inf.tu-dresden.de/papers_ps/kauer-beleg.pdf
Kauer, B.: OSLO: Improving the security of Trusted Computing. In: Proceedings of the 16th USENIX Security Symposium. USENIX Association (2007)
The Fiasco micro-kernel (2004), http://os.inf.tu-dresden.de/fiasco/
Liedtke, J.: On μ-kernel construction. In: Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP), Copper Mountain Resort, CO, December 1995, pp. 237–250 (1995)
Microsoft. Bitlocker drive encryption, http://www.microsoft.com/windows/windows-vista/features/bitlocker.aspx
Murray, D.G., Milos, G., Hand, S.: Improving Xen security through disaggregation. In: Proceedings of the ACM Conference on Virtual Execution Environments (March 2008)
Qumranet. KVM: Kernel-based virtualization driver (2006), http://kvm.qumranet.com
Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77 (2004)
Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure hypervisor approach to trusted virtualized systems. IBM Research Report (2005)
Sailer, R., Zhang, X., Jaeger, T.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium-Volume 13 Table of Contents, p. 16 (2004)
Seshadri, A., Luk, M., Qu, N., Perrig, A.: Secvisor: A tiny hypervisor to provide lifetime kernel code integrity for commodity OSes. In: SOSP 2007: Proceedings of Twenty-First ACM SIGOPS Symposium on Operating Systems Principles, pp. 335–350. ACM, New York (2007)
Sugerman, J., Venkitachalam, G., Lim, B.-H.: Virtualizing I/O devices on VMware workstation’s hosted virtual machine monitor. In: Proceedings of the General Track: 2002 USENIX Annual Technical Conference, Berkeley, CA, USA, pp. 1–14. USENIX Association (2002)
Trusted Computing Group. TCG Specification Architecture Overview (March 2003), Trusted Computing Group: https://www.trustedcomputinggroup.org/groups/TCG_1_3_Architecture_Overview.pdf (Specification Revision 1.3 March 28, 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cabuk, S., Chen, L., Plaquin, D., Ryan, M. (2010). Trusted Integrity Measurement and Reporting for Virtualized Platforms. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-14597-1_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14596-4
Online ISBN: 978-3-642-14597-1
eBook Packages: Computer ScienceComputer Science (R0)