Management of Integrity-Enforced Virtual Applications

  • Michael Gissing
  • Ronald Toegl
  • Martin Pirker
Part of the Communications in Computer and Information Science book series (CCIS, volume 187)

Abstract

The security of virtualization platforms can be improved by applying trusted computing mechanisms such as enforcing the integrity of the hypervisor. In this paper we build on a recently proposed platform that extends this trust on to applications and services. We describe a process that covers the fully integrity-enforcing life-cycle of a trusted virtual application. Our architecture allows applications the safe transition between trusted states, even in case of updates of the hypervisor. We also detail the technical realization in our prototype implementation.

Keywords

Trusted Computing Virtualization Integrity Enforcement 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proc. of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, San Jose (2006)Google Scholar
  2. 2.
    Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1), 40–47 (2008)CrossRefGoogle Scholar
  3. 3.
    Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A.R., Schulz, S., Schunter, M., Winandy, M., Zhan, J.: Trusted virtual domains – design, implementation and lessons learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. Information and Communications Security, 1–18 (2008)Google Scholar
  5. 5.
    EMSCB Project Consortium: The European Multilaterally Secure Computing Base (EMSCB) project (2004), http://www.emscb.org/
  6. 6.
    Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group. Vienna University of Technology (2005)Google Scholar
  7. 7.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. SOSP. ACM Press, New York (2003)Google Scholar
  8. 8.
    Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Richard Bowles (2009) ISBN No. 978-1934053171Google Scholar
  9. 9.
    Intel Corporation: Intel Trusted Execution Technology Software Development Guide (December 2009), http://download.intel.com/technology/security/downloads/315168.pdf
  10. 10.
    Kivity, A., Kamay, V., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux Virtual Machine Monitor. In: Proceedings of the Linux Symposium OLS 2007, pp. 225–230 (2007)Google Scholar
  11. 11.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proc. of the IEEE S&P (May 2010)Google Scholar
  12. 12.
    OpenTC Project Consortium: The Open Trusted Computing (OpenTC) project (2005-2009), http://www.opentc.net/
  13. 13.
    Pfitzmann, B., Riordan, J., Stueble, C., Waidner, M., Weber, A., Saarlandes, U.D.: The perseus system architecture (2001)Google Scholar
  14. 14.
    Pirker, M., Toegl, R.: Towards a virtual trusted platform. Journal of Universal Computer Science 16(4), 531–542 (2010), http://www.jucs.org/jucs_16_4/towards_a_virtual_trusted Google Scholar
  15. 15.
    Pirker, M., Toegl, R., Gissing, M.: Dynamic enforcement of platform integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: Proc. ACSAC 2009, pp. 83–92. IEEE Computer Society, Los Alamitos (2009)Google Scholar
  17. 17.
    Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)Google Scholar
  18. 18.
    Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Proc. of INTRUST 2010. Springer, Heidelberg (2010) (in print)Google Scholar
  19. 19.
    Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007), https://www.trustedcomputinggroup.org/specs/TPM/
  20. 20.
    Wojtczuk, R., Rutkowska, J.: Attacking intel trusted execution technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf
  21. 21.
    Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another way to circumvent intel trusted execution technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Michael Gissing
    • 1
  • Ronald Toegl
    • 1
  • Martin Pirker
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations