Towards Trust Services for Language-Based Virtual Machines for Grid Computing

  • Tobias Vejda
  • Ronald Toegl
  • Martin Pirker
  • Thomas Winkler
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4968)

Abstract

The concept of Trusted Computing (TC) promises a new approach to improve the security of computer systems. The core functionality, based on a hardware component known as Trusted Platform Module (TPM), is integrated into commonly available hardware. Still, only limited software support exists, especially in the context of grid computing. This paper discusses why platform independent virtual machines (VM) with their inherent security features are an ideal environment for trusted applications and services. Based on different TC architectures building a chain-of-trust, a VM can be executed in a secure way. This chain-of-trust can be extended at run-time by considering the identity of the application code and by deriving attestable properties from the VMs configuration. An interface to provide applications with TC services like sealing or remote attestation regardless of the underlying host architecture is discussed.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium, pp. 223–238. USENIX Association (2004)Google Scholar
  2. 2.
    Sarmenta, L., Rhodes, J., Müller, T.: TPM/J Java-based API for the Trusted Platform Module (2007), http://projects.csail.mit.edu/tc/tpmj/
  3. 3.
    Microsoft Developer Network. TPM Base Services (2007), http://msdn2.microsoft.com/en-us/library/aa446796.aspx
  4. 4.
    TrouSerS - An Open-Source TCG Software Stack Implementation (2007), http://trousers.sourceforge.net/
  5. 5.
    Sadeghi, A.-R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Policies, not Mechanisms. In: Proceedings of the New Security Paradigm Workshop (NSPW), pp. 67–77. ACM, New York (2004)Google Scholar
  6. 6.
    Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing. In: Proceedings of the 3rd Virtual Machine Research and Technology Symposium, pp. 29–41. USENIX Association (2004)Google Scholar
  7. 7.
    Pirker, M., Winkler, T., Toegl, R., Vejda, T.: Trusted Computing for the JavaTMPlatform (2007), http://trustedjava.sourceforge.net/
  8. 8.
    Trusted Computing Group. TCG Software Stack Specification, Version 1.2 Errata A (2007), https://www.trustedcomputinggroup.org/specs/TSS/
  9. 9.
    Trusted Computing Group. TCG Infrastructure Specifications (2007), https://www.trustedcomputinggroup.org/specs/IWG
  10. 10.
    Trusted Computing Group (2007), https://www.trustedcomputinggroup.org
  11. 11.
    Trusted Computing Group. TCG Specification Architecture Overview, Revision 1.4 (2007), https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf
  12. 12.
    Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)CrossRefGoogle Scholar
  13. 13.
    Getov, V., von Laszewski, G., Philippsen, M., Foster, I.: Multiparadigm communications in Java for grid computing. Communincations of the ACM 44(10), 118–125 (2001)CrossRefGoogle Scholar
  14. 14.
    Parabon Computation, Inc. Frontier: The Premier Internet Computing Platform Whitepaper (2004), http://www.parabon.com/users/internetComputingWhitePaper.pdf
  15. 15.
    Mao, W., Jin, H., Martin, A.: Innovations for Grid Security from Trusted Computing (2005), http://forge.gridforum.org/sf/go/doc8087
  16. 16.
    Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A Practical Approach for Establishing Trust Relationships between Remote Platforms using Trusted Computing. In: Proceedings of the 2007 Symposium on Trustworthy Global Computing (in print, 2007)Google Scholar
  17. 17.
    Sheehy, J., Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., Monk, L., Ramsdell, J., Sniffen, B.: Attestation: Evidence and Trust. Technical report 07 0186, MITRE Corporation (2007)Google Scholar
  18. 18.
    Kühn, U., Selhorst, M., Stüble, C.: Realizing Property-Based Attestation and Sealing with Commonly Available Hard- and Software. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 50–57. ACM, New York (2007)CrossRefGoogle Scholar
  19. 19.
    Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R.: A Protocol for Property-Based Attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 7–16. ACM, New York (2006)CrossRefGoogle Scholar
  20. 20.
    Loehr, H., Ramasamy, H., Sadeghi, A.-R., Schulz, S., Schunter, M., Stueble, C.: Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 372–384. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Wallach, D., Felten, E.: Understanding Java Stack Inspection. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 52–63. IEEE, Los Alamitos (1998)Google Scholar
  22. 22.
    Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. J. Parallel Distrib. Comput. 66(9), 1189–1204 (2006)MATHCrossRefGoogle Scholar
  23. 23.
    Mao, W., Yan, F., Chen, C.: Daonity: grid security with behaviour conformity from trusted computing. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC 2006), pp. 43–46. ACM, New York (2006)CrossRefGoogle Scholar
  24. 24.
    Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going beyond the sandbox: an overview of the new security architecture in the javaTM development Kit 1.2. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems, pp. 103–112. USENIX Association (1997)Google Scholar
  25. 25.
    Berger, S., Cáceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. IBM Research Report, RC23879 (W0602-126) (2006)Google Scholar
  26. 26.
    Roubtsov, V. Cracking Java byte-code encryption, JavaWorld (2003), http://www.javaworld.com/javaqa/2003-05/01-qa-0509-jcrypt_p.html
  27. 27.
    Toegl, R., et al.: Trusted Computing API for Java, Java Specification Request 321, Java Community Process (2008), http://www.jcp.org/en/jsr/detail?id=321
  28. 28.
    Biberstein, M., Gil, J., Porat, S.: Sealing, Encapsulation, and Mutability. In: Proceedings of the 15th European Conference on Object-Oriented Programming, pp. 28–52. Springer, Heidelberg (2001)Google Scholar
  29. 29.
    Gong, L., Schemers, R.: Signing, Sealing, and Guarding Java Objects. In: Mobile Agents and Security, pp. 206–216. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  30. 30.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the eleventh ACM symposium on Access control models and technologies (SACMAT 2006), pp. 19–28. ACM, New York (2006)CrossRefGoogle Scholar
  31. 31.
    Anderson, M.J., Moffie, M., Dalton, C.I.: Towards Trustworthy Virtualisation Environments: Xen Library OS Security Service Infrastructure. HP Research Report, HPL-2007-69 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Tobias Vejda
    • 1
  • Ronald Toegl
    • 1
  • Martin Pirker
    • 1
  • Thomas Winkler
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations