Skip to main content

Management of Integrity-Enforced Virtual Applications

  • Conference paper

Part of the Communications in Computer and Information Science book series (CCIS,volume 187)


The security of virtualization platforms can be improved by applying trusted computing mechanisms such as enforcing the integrity of the hypervisor. In this paper we build on a recently proposed platform that extends this trust on to applications and services. We describe a process that covers the fully integrity-enforcing life-cycle of a trusted virtual application. Our architecture allows applications the safe transition between trusted states, even in case of updates of the hypervisor. We also detail the technical realization in our prototype implementation.


  • Trusted Computing
  • Virtualization
  • Integrity Enforcement

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proc. of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, San Jose (2006)

    Google Scholar 

  2. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1), 40–47 (2008)

    CrossRef  Google Scholar 

  3. Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A.R., Schulz, S., Schunter, M., Winandy, M., Zhan, J.: Trusted virtual domains – design, implementation and lessons learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  4. Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. Information and Communications Security, 1–18 (2008)

    Google Scholar 

  5. EMSCB Project Consortium: The European Multilaterally Secure Computing Base (EMSCB) project (2004),

  6. Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group. Vienna University of Technology (2005)

    Google Scholar 

  7. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. SOSP. ACM Press, New York (2003)

    Google Scholar 

  8. Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Richard Bowles (2009) ISBN No. 978-1934053171

    Google Scholar 

  9. Intel Corporation: Intel Trusted Execution Technology Software Development Guide (December 2009),

  10. Kivity, A., Kamay, V., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux Virtual Machine Monitor. In: Proceedings of the Linux Symposium OLS 2007, pp. 225–230 (2007)

    Google Scholar 

  11. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proc. of the IEEE S&P (May 2010)

    Google Scholar 

  12. OpenTC Project Consortium: The Open Trusted Computing (OpenTC) project (2005-2009),

  13. Pfitzmann, B., Riordan, J., Stueble, C., Waidner, M., Weber, A., Saarlandes, U.D.: The perseus system architecture (2001)

    Google Scholar 

  14. Pirker, M., Toegl, R.: Towards a virtual trusted platform. Journal of Universal Computer Science 16(4), 531–542 (2010),

    Google Scholar 

  15. Pirker, M., Toegl, R., Gissing, M.: Dynamic enforcement of platform integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  16. Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: Proc. ACSAC 2009, pp. 83–92. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  17. Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)

    Google Scholar 

  18. Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Proc. of INTRUST 2010. Springer, Heidelberg (2010) (in print)

    Google Scholar 

  19. Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007),

  20. Wojtczuk, R., Rutkowska, J.: Attacking intel trusted execution technology. Tech. rep., Invisible Things Lab (2009),

  21. Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another way to circumvent intel trusted execution technology. Tech. rep., Invisible Things Lab (2009),

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gissing, M., Toegl, R., Pirker, M. (2011). Management of Integrity-Enforced Virtual Applications. In: Lee, C., Seigneur, JM., Park, J.J., Wagner, R.R. (eds) Secure and Trust Computing, Data Management, and Applications. STA 2011. Communications in Computer and Information Science, vol 187. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22364-8

  • Online ISBN: 978-3-642-22365-5

  • eBook Packages: Computer ScienceComputer Science (R0)