Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trusted Computing

Trust 2008: Trusted Computing - Challenges and Applications pp 48–59Cite as

Towards Trust Services for Language-Based Virtual Machines for Grid Computing

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 4968)

Abstract

The concept of Trusted Computing (TC) promises a new approach to improve the security of computer systems. The core functionality, based on a hardware component known as Trusted Platform Module (TPM), is integrated into commonly available hardware. Still, only limited software support exists, especially in the context of grid computing. This paper discusses why platform independent virtual machines (VM) with their inherent security features are an ideal environment for trusted applications and services. Based on different TC architectures building a chain-of-trust, a VM can be executed in a secure way. This chain-of-trust can be extended at run-time by considering the identity of the application code and by deriving attestable properties from the VMs configuration. An interface to provide applications with TC services like sealing or remote attestation regardless of the underlying host architecture is discussed.

Keywords

  • Virtual Machine
  • Application Program Interface
  • Trusted Third Party
  • Trusted Platform Module
  • Access Control Model

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   69.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: Proceedings of the 13th USENIX Security Symposium, pp. 223–238. USENIX Association (2004)

    Google Scholar 

  2. Sarmenta, L., Rhodes, J., Müller, T.: TPM/J Java-based API for the Trusted Platform Module (2007), http://projects.csail.mit.edu/tc/tpmj/

  3. Microsoft Developer Network. TPM Base Services (2007), http://msdn2.microsoft.com/en-us/library/aa446796.aspx

  4. TrouSerS - An Open-Source TCG Software Stack Implementation (2007), http://trousers.sourceforge.net/

  5. Sadeghi, A.-R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring about Policies, not Mechanisms. In: Proceedings of the New Security Paradigm Workshop (NSPW), pp. 67–77. ACM, New York (2004)

    Google Scholar 

  6. Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing. In: Proceedings of the 3rd Virtual Machine Research and Technology Symposium, pp. 29–41. USENIX Association (2004)

    Google Scholar 

  7. Pirker, M., Winkler, T., Toegl, R., Vejda, T.: Trusted Computing for the JavaTMPlatform (2007), http://trustedjava.sourceforge.net/

  8. Trusted Computing Group. TCG Software Stack Specification, Version 1.2 Errata A (2007), https://www.trustedcomputinggroup.org/specs/TSS/

  9. Trusted Computing Group. TCG Infrastructure Specifications (2007), https://www.trustedcomputinggroup.org/specs/IWG

  10. Trusted Computing Group (2007), https://www.trustedcomputinggroup.org

  11. Trusted Computing Group. TCG Specification Architecture Overview, Revision 1.4 (2007), https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf

  12. Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)

    CrossRef  Google Scholar 

  13. Getov, V., von Laszewski, G., Philippsen, M., Foster, I.: Multiparadigm communications in Java for grid computing. Communincations of the ACM 44(10), 118–125 (2001)

    CrossRef  Google Scholar 

  14. Parabon Computation, Inc. Frontier: The Premier Internet Computing Platform Whitepaper (2004), http://www.parabon.com/users/internetComputingWhitePaper.pdf

  15. Mao, W., Jin, H., Martin, A.: Innovations for Grid Security from Trusted Computing (2005), http://forge.gridforum.org/sf/go/doc8087

  16. Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A Practical Approach for Establishing Trust Relationships between Remote Platforms using Trusted Computing. In: Proceedings of the 2007 Symposium on Trustworthy Global Computing (in print, 2007)

    Google Scholar 

  17. Sheehy, J., Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., Monk, L., Ramsdell, J., Sniffen, B.: Attestation: Evidence and Trust. Technical report 07 0186, MITRE Corporation (2007)

    Google Scholar 

  18. Kühn, U., Selhorst, M., Stüble, C.: Realizing Property-Based Attestation and Sealing with Commonly Available Hard- and Software. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, pp. 50–57. ACM, New York (2007)

    CrossRef  Google Scholar 

  19. Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.-R.: A Protocol for Property-Based Attestation. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 7–16. ACM, New York (2006)

    CrossRef  Google Scholar 

  20. Loehr, H., Ramasamy, H., Sadeghi, A.-R., Schulz, S., Schunter, M., Stueble, C.: Enhancing Grid Security Using Trusted Virtualization. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol. 4610, pp. 372–384. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  21. Wallach, D., Felten, E.: Understanding Java Stack Inspection. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 52–63. IEEE, Los Alamitos (1998)

    Google Scholar 

  22. Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. J. Parallel Distrib. Comput. 66(9), 1189–1204 (2006)

    CrossRef  MATH  Google Scholar 

  23. Mao, W., Yan, F., Chen, C.: Daonity: grid security with behaviour conformity from trusted computing. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC 2006), pp. 43–46. ACM, New York (2006)

    CrossRef  Google Scholar 

  24. Gong, L., Mueller, M., Prafullchandra, H., Schemers, R.: Going beyond the sandbox: an overview of the new security architecture in the javaTM development Kit 1.2. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems, pp. 103–112. USENIX Association (1997)

    Google Scholar 

  25. Berger, S., Cáceres, R., Goldman, K., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. IBM Research Report, RC23879 (W0602-126) (2006)

    Google Scholar 

  26. Roubtsov, V. Cracking Java byte-code encryption, JavaWorld (2003), http://www.javaworld.com/javaqa/2003-05/01-qa-0509-jcrypt_p.html

  27. Toegl, R., et al.: Trusted Computing API for Java, Java Specification Request 321, Java Community Process (2008), http://www.jcp.org/en/jsr/detail?id=321

  28. Biberstein, M., Gil, J., Porat, S.: Sealing, Encapsulation, and Mutability. In: Proceedings of the 15th European Conference on Object-Oriented Programming, pp. 28–52. Springer, Heidelberg (2001)

    Google Scholar 

  29. Gong, L., Schemers, R.: Signing, Sealing, and Guarding Java Objects. In: Mobile Agents and Security, pp. 206–216. Springer, Heidelberg (1998)

    CrossRef  Google Scholar 

  30. Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proceedings of the eleventh ACM symposium on Access control models and technologies (SACMAT 2006), pp. 19–28. ACM, New York (2006)

    CrossRef  Google Scholar 

  31. Anderson, M.J., Moffie, M., Dalton, C.I.: Towards Trustworthy Virtualisation Environments: Xen Library OS Security Service Infrastructure. HP Research Report, HPL-2007-69 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A–8010, Graz, Austria

    Tobias Vejda, Ronald Toegl, Martin Pirker & Thomas Winkler

Authors
  1. Tobias Vejda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ronald Toegl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Pirker
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thomas Winkler
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2008 Springer-Verlag Berlin Heidelberg

    About this paper

    Cite this paper

    Vejda, T., Toegl, R., Pirker, M., Winkler, T. (2008). Towards Trust Services for Language-Based Virtual Machines for Grid Computing. In: Lipp, P., Sadeghi, AR., Koch, KM. (eds) Trusted Computing - Challenges and Applications. Trust 2008. Lecture Notes in Computer Science, vol 4968. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68979-9_4

    Download citation

    • DOI: https://doi.org/10.1007/978-3-540-68979-9_4

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-68978-2

    • Online ISBN: 978-3-540-68979-9

    • eBook Packages: Computer ScienceComputer Science (R0)

    search

    Navigation