Abstract
It is absolutely critical that trusted configuration management which significantly affects trust chain establishment, sealing storage and remote attestation, especially in trusted virtualization platform like Xen whose system configuration changes easily. TPM (trusted platform module) context manager is presented to carry out dynamic configuration management for virtual machine. It manages the TPM command requests and VM (virtual machine) configurations. The dynamic configuration representation method based on Merkle hash tree is explicitly proposed against TCG (trusted computing group) static configuration representation. It reflects the true VM status in real time even if the configuration has changed, and it eliminates the invalidation of configuration representation, sealing storage and remote attestation. TPM context manager supports TCG storage protection, remote attestation etc, which greatly enhances the security on trusted virtualization platform.
Similar content being viewed by others
References
Barham P, Dragovic B, Fraser K, et al. Xen and the Art of Virtualization[C]//Proceedings of the 19th ACM Symposium on Operating Systems Principles. New York: ACM Press, 2003:164.
Intel Corp. Intel Virtualization Technology[EB/OL]. [2005-08-01]. http://www.intel.com/business/bss/products/server/virtualization.htm.
AMD Inc. AMD SVM specification[EB/OL]. [2005-08-05]. http://www.amd.com/usen/assets/content_type/white_papers_and_tech_docs/24594.pdf.
Trusted Computing Group. Main Part 1, Design Principles Specification[EB/OL]. [2004-12-23]. https://www.trustedcomputinggroup.org/home.
Dyer J, Lindemann M, Perez R, et al. Building the IBM 4758 Secure Coprocessor[J]. Computer, 2001, 34(10): 57–66.
Smith S. Trusted Computing Platforms—Design and Applications[M]. New York: Springer-Verlag, 2005.
Trusted Computing Group. TCG PC Client Specific Implementation Specification for Conventional BIOS [EB/OL]. [2004-12-23]. https://www.trustedcomputinggroup.org/home.
Kühn U, Kursawe K, Lucks S, et al. Secure Data Management in Trusted Computing[C]//Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES). Edinburgh: Springer-Verlag, 2005: 324.
Berger S, Cáceres R, Kenneth A, et al. vTPM: Virtualizing the Trusted Platform Module[R]. New York: IBM Thomas J. Watson Research Center, 2006.
Strasser M. Software-Based TPM Emulator for Linux[D]. ETH Zurich: Swiss Federal Institute of Technology Zurich, 2004.
Merkle R. A Certified Digital Signature[C]//Advances in Cryptology—CRYPTO’89. Santa Barbara: Springer-Verlag, 1990:218–238.
Trusted Computing Group. TPM Main Part 3 Commands Specification [EB/OL]. [2004-12-23]. https://www.trustedcomputinggroup.org/home.
Trusted Computing Group. TPM Structures Specification [EB/OL]. [2004-12-23]. https://www.trustedcomputinggroup.org/home.
Sailer R, Doorn LV, James P. The Role of TPM in Enterprise Security[R]. New York: IBM Thomas J. Waston Research Center, 2004.
Jaeger T, Sailer R, Shankar U. PRIMA: Policy-Reduced Integrity Measurement Architecture[C]//ACM Symposium on Access Control Models and Technologies (SACMAT). Lake Tahoe: ACM Press, 2006:19.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National High Technology Research and Development Program of China (2007AA01Z412)
Rights and permissions
About this article
Cite this article
Qin, Y., Feng, D. & Liu, C. TPM context manager and dynamic configuration management for trusted virtualization platform. Wuhan Univ. J. Nat. Sci. 13, 539–546 (2008). https://doi.org/10.1007/s11859-008-0506-5
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-008-0506-5
Key words
- trusted computing
- TPM (trusted platform module)
- trusted virtualization
- configuration representation
- configuration management