Skip to main content
SpringerLink
Log in

Research and Development of TPM Virtualization

  • Conference paper
  • First Online:
Trusted Computing and Information Security (CTCIS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1149))

Included in the following conference series:

  • 813 Accesses

Abstract

Combination of Cloud Computing and Trusted Computing is an important method to build a trusted cloud environment, and the most critical problem is the virtualization of TPM (Trusted Platform Module, TPM). But in view of the current research, TPM virtualization still not only does not meet the whole TCG specification, but also has a lot of security issues, and it is becoming the bottleneck of building a trusted cloud environment by combination of Cloud Computing and Trusted Computing. This paper introduces the basic concepts, types and basic requirements of TPM virtualization. The classification model of TPM virtualization is put forward by the I/O device virtualization technology. The main research work of the key technologies of TPM virtualization, such as architecture, key management, certification trust extension, migration and so on, are described in detail, moreover taking time as the clue, we can display a panoramic view of the evolution of related key technologies. Combined with the existing research results, the research direction and challenges of TPM virtualization under TCG architecture are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The relevant connotations of general security threats, privileged security threats and shared security threats are described in the literature [61]

  2. 2.

    Although S Berger is a researcher at the IBM T. J. Watson Research Center, the published results are academic papers, so he is still attributed to academia.

References

  1. Trusted Computing Group. https://www.trustedcomputing-group.org. Accessed 08 Sept 2019

  2. TPM Specification, Version 2.0/Part 1, Architecture. https://www.Trustedcomputinggroup.org/wp-con-tent/uploads/TPM-Rev-2.0-Part1-Architecture-01.36_public-review.pdf. Accessed 08 Sept 2019

  3. TPM Specification, Version 2.0/ Part 2, Structures. https://www.Trustedcomputinggroup.org/wp-con-tent/uploads/TPM-Rev-2.0-Part2-Structures-01.36_public-review.pdf. Accessed 08 Sept 2019

  4. Specification, Version 2.0/ Part 3, Commands. https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part3-Commands-01.36-code_public-review.pdf. Accessed 08 Sept 2019

  5. TPM Specification, Version 2.0/Part 4, Supporting Routines. https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part3-Commands-01.36-code_public-review.pdf. Accessed 08 Sept 2019

  6. Changxiang, S., Huanguo, Z., Dengguo, F., et al.: Information security review. Scientia Sinica Ser. E: Inf. Sci. 37(2), 129–150 (2007)

    Google Scholar 

  7. Changxiang, S., Huanguo, Z., Huaiming, W., et al.: Research and development of trusted computing. Scientia Sinica Ser. E: Inf. Sci. 40(2), 139–166 (2010)

    Google Scholar 

  8. Dengguo, F., Yu, Q., Dan, W., et al.: Research on trusted computing technology. J. Comput. Res. Dev. 48(8), 1332–1349 (2011)

    Google Scholar 

  9. State Cryptography Administration: Trusted Computing Cryptographic Support Platform Function and Interface Specification (2007)

    Google Scholar 

  10. Rimal, B.P., Choi, E., Lumb, I.: A taxonomy and survey of cloud computing systems. In: Proceedings of the 2009 Fifth International Joint Conference on INC, IMS and IDC, pp. 44–51. IEEE, Seoul (2009)

    Google Scholar 

  11. Yao, S., et al.: An efficient multi-objective scheduling method for data flow in cloud environment. J. Softw. 28(3), 1–19 (2017)

    MathSciNet  Google Scholar 

  12. Siyao, X., Weiwei, L., Zijun, W.: Virtual machine placement algorithm based on peak load characteristics. J. Softw. 27(7), 1876–1887 (2016)

    MathSciNet  Google Scholar 

  13. Wei, W., Zeyu, G., Wenbo, Z., et al.: A cloud computing system fault detection method based on adaptive monitoring. Chin. J. Comput. 39(163), 1–15 (2016)

    Google Scholar 

  14. Guofeng, W., Chuanyi, L., Hezhong, P., et al.: Overview of internal threats in cloud computing models. Chin. J. Comput. 39(145), 1–21 (2016)

    Google Scholar 

  15. Lifang, R., Wenjian, W., Xing, X.: Adaptive cloud computing service portfolio with uncertain perception. J. Comput. Res. Dev. 53(12), 2867–2881 (2016)

    Google Scholar 

  16. Junjie, L., Fenghua, L., Qiongni, L., et al.: Optimized high-dimensional index and KNN query under MapReduce framework. Acta Electronica Sinica 44(8), 1873–1880 (2016)

    Google Scholar 

  17. Amazon Elastic Compute Cloud (EC2). http://aws.amazon.com/ec2/. Accessed 08 Sept 2019

  18. Google App Engine (GAE). https://appengine.google.com/. Accessed 08 Sept 2019

  19. Microsoft Azure Services Platform. http://www.microsoft.com/azure/. Accessed 08 Sept 2019

  20. Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems (Eucalyptus). http://www.eucalyptus.com/. Accessed 08 Sept 2019

  21. Chuang, L., Wenbo, S., Kun, M., et al.: Cloud computing security: architecture, mechanism and model evaluation. Chin. J. Comput. 36(9), 1765–1784 (2013)

    Google Scholar 

  22. Berger, S., Cáceres, R., Goldman, K.A., et al.: vTPM: virtualizaing the trusted platform modual. In: Proceedings of the 15th USENIX security Symposium, pp. 305–320. ACM, Vancouver (2006)

    Google Scholar 

  23. England, P., Loeser, J.: Para-Virtualized TPM sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68979-9_9

    Chapter  Google Scholar 

  24. Stumpf, F., Eckert, C.: Enhancing trusted platform modules with hardware-based virtualization techniques. In: Proceedings of the 2008 Second International Conference on Emerging Security Information, pp. 1–9. IEEE, Cap Esterel (2008)

    Google Scholar 

  25. Lei, S., Deqing, Z., Hai, J.: Xen Virtualization Technology. Huazhong University of Science and Technology Press, Hangzhou (2009)

    Google Scholar 

  26. AlBelooshi, B., Salah, K., Martin, T., et al: Securing cryptographic keys in the IaaS cloud model. In: 8th International Conference on Utility and Cloud Computing (UCC), pp. 397–401. IEEE, Limassol (2015)

    Google Scholar 

  27. Zhilou, Y., Qiao, W., Weipin, Z., et al.: A cloud certificate authority architecture for virtual machines with trusted platform module. In: IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), pp. 1377–1380. IEEE, New York (2015)

    Google Scholar 

  28. Dexian, C., Xiaobo, C., Yu, Q., et al.: TSD: a flexible root of trust for the cloud. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, pp. 119–126. IEEE, Liverpool (2012)

    Google Scholar 

  29. Xin, W., Zhiting, X., Yi, R.: Building trust into cloud computing using virtualization of TPM. In: Fourth International Conference on Multimedia Information Networking and Security, pp. 59–63. IEEE, Nanjing (2012)

    Google Scholar 

  30. Dongliang, X., Xiaolong, W., Yunwei, G., et al.: TrustVP: construction and evolution of trusted chain on virtualization computing platform. In: Eighth International Conference on Computational Intelligence and Security (CIS), pp. 623–630. IEEE, Guangzhou (2012)

    Google Scholar 

  31. Microsoft MVP. http://anilerduran.com/vtpm-in-windows-server-2016-hyper-v/. Accessed 08 Sept 2019

  32. Oricale. https://www.virtualbox.org/. Accessed 08 Sept 2019

  33. VMware. http://www.vmware.com/. Accessed 08 Sept 2019

  34. Xen project. http://www.xenproject.org/. Accessed 08 Sept 2019

  35. KVM project. http://www.linux-kvm.org/. Accessed 08 Sept 2019

  36. Scarlata, V., Rozas, C., Wiseman, M., et al.: TPM virtualization: building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-8348-9452-6_4

    Chapter  Google Scholar 

  37. Anderson, M.J., Moffie, M., Dalton, C.I.: Towards trustworthy virtualization environments: Xen library OS security service infrastructure. Hewlett-Packard Lab. 2007(1), 43–51 (2007)

    Google Scholar 

  38. Murray, G., Milos, G., Hand, S.: Improving Xen security through disaggregation. In: VEE 08: Proceedings of the Fourth ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 151–160. ACM, Seattle (2008)

    Google Scholar 

  39. David, P., Serdar, C., Chris, D., et al.: TPM virtualisation architecture document. Open Trusted Computing (2009)

    Google Scholar 

  40. Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85886-7_1

    Chapter  Google Scholar 

  41. Xin, J., Lina, W., Rongwei, Y., et al.: Administrative domain: security enhancement for virtual TPM. In: International Conference on Multimedia Information Networking and Security, pp. 767–771. IEEE, Nanjing (2010)

    Google Scholar 

  42. Weiqi, D.: Research on key issues of trusted construction of cloud computing execution environment. Huazhong University of Science and Technology (2015)

    Google Scholar 

  43. Bade, S.A., Betz, L.N., Kegel, A.G., et al.: Method and system for virtualization of trusted platform modules. US Patent 7 380 119, May, 2008

    Google Scholar 

  44. Feller, T., Malipatlolla, S., Kasper, M., et al.: dcTPM: a generic architecture for dynamic context management. In: International Conference on Reconfigurable Computing and FPGAs, pp. 211–216. IEEE, Cancun (2011)

    Google Scholar 

  45. Smith, N.M.: Method and apparatus for virtualization of a multi-contexthardware trusted platform module (TPM). US Patent 2009/0 055 641 A1, February 2009

    Google Scholar 

  46. Jayaram Masti, R., Marforio, C., Capkun, S.: An architecture for concurrent execution of secure environments in clouds. In: Proceedings of the 2013 ACM workshop on Cloud computing security workshop, pp. 11–22. ACM, Berlin (2013)

    Google Scholar 

  47. Yap, J.Y., Tomlinson, A.: Para-virtualizing the trusted platform module: an enterprise framework based on version 2.0 specification. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 1–16. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03491-1_1

    Chapter  Google Scholar 

  48. Pci-sig-single root iov. http://www.pcisig.com/specifica-tions/iov/Single_root/. Accessed 08 Sept 2019

  49. Mingda, L., Longyu, M.: A virtual environment security isolation model based on SR-IOV technology. In: Proceedings of the 31st National Computer Security Academic Exchange Conference, pp. 84–89. CNKI, Xiamen (2016)

    Google Scholar 

  50. Xinlong, L., Rui, J., Huafeng, K.: Secure and reliable VM-vTPM migration in private cloud. In: 2nd International Symposium on Instrumentation and Measurement, Sensor Network and Automation (IMSNA), pp. 510–514. IEEE, Toronto (2013)

    Google Scholar 

  51. Yongjiao, Y., Fei, Y., Junpeng, M., et al.: Ng-vTPM: a new generation of TPM virtualization framework design. J. Wuhan Univ. (Nat. Sci. Ed.) 61(2), 103–111 (2015)

    Google Scholar 

  52. Goyette, R.: A review of vTPM: virtualizing the trusted platform module. In: Network Security and Cryptography Symposium, pp. 1–17 (2007)

    Google Scholar 

  53. Lina, W., Hanjun, G., Rongwei, Y., et al.: Research on the construction method of trusted virtual execution environment based on trust extension. J. Commun. 32(9), 1–8 (2011)

    Google Scholar 

  54. Danev, B.: Enabling secure VM-vTPM migration in private clouds. In: ACSAC 2011 Proceedings of the 27th Annual Computer Security Applications Conference, pp. 187–196. ACM, Orlando (2011)

    Google Scholar 

  55. Xin, W., XinFang, Z., Liang, C., et al.: An improved vTPM migration protocol based trusted channel. In: International Conference on Systems and Informatics (ICSAI), pp. 870–875. IEEE, Yantai (2012)

    Google Scholar 

  56. Yinchao, Y., Zai, L., Zuoning, C.: Design and implementation of a secure VM-v TPM migration protocol. Appl. Electron. Tech. 38(4), 130–133 (2012)

    Google Scholar 

  57. Armbrust, M., Fox, A., Grith, R., et al.: A view of cloud computing. Commun. ACM 53(4), 50–58 (2010)

    Article  Google Scholar 

  58. Peiru, F., Bo, Z., Yuan, S., et al.: An improved vTPM-VM live migration protocol. Wuhan University J. Nat. Sci. 20(6), 512–520 (2015)

    Article  MathSciNet  Google Scholar 

  59. Yuqing, H., Bo, Z., Jue, X., et al.: A KVM-based v TPM virtual machine dynamic migration scheme. J. Shandong Univ. (Nat. Sci. Ed.) 52(6), 69–75 (2017)

    Google Scholar 

  60. Virtual platform working group (VPWG) on virtualized trusted platform architecture specification. https://www.trusted-computinggroup.org/wp-content/uploa-ds/TCG_VPWG_Architecture_V1-0_R0-26_FINAL.pdf. Accessed 08 Sept 2019

  61. Yan, D., Huaiming, W., Peichang, S., et al.: Trusted cloud service. Chin. J. Comput. 38(5), 133–149 (2015)

    MathSciNet  Google Scholar 

Download references

Acknowledgements

This work was supported by the National Natural Science Foundation of China (Grant No. 61373162), and the Sichuan Provincial Key Laboratory Project (Grant No. KJ201402).

Author information

Authors and Affiliations

  1. College of Computer Science, Sichuan Normal University, Sichuan, China

    Liang Tan & Huan Xiao

  2. Institute of Computing Technology, Chinese Academy of Sciences, Beijing, China

    Liang Tan

  3. School of National Cyberspace Security, WHU, Wuhan, 430072, China

    Juan Wang

Authors
  1. Liang Tan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huan Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Juan Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Liang Tan .

Editor information

Editors and Affiliations

  1. Fudan University, Shanghai, China

    Weili Han

  2. Beijing Institute of Technology, Beijing, China

    Liehuang Zhu

  3. Wuhan University, Wuhan, China

    Fei Yan

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tan, L., Xiao, H., Wang, J. (2020). Research and Development of TPM Virtualization. In: Han, W., Zhu, L., Yan, F. (eds) Trusted Computing and Information Security. CTCIS 2019. Communications in Computer and Information Science, vol 1149. Springer, Singapore. https://doi.org/10.1007/978-981-15-3418-8_15

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-3418-8_15

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-3417-1

  • Online ISBN: 978-981-15-3418-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation