Abstract
Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.
In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.
Keywords
- Trusted Platform Module
- Logical Volume
- Trust Computing
- Virtual Machine Monitor
- Application Integrity
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 2–13. ACM, San Jose (2006)
Advanced Micro Devices: AMD64 Virtualization: Secure Virtual Machine Architecture Reference Manual (May 2005)
Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proceedings of the IEEE 94(2), 357–369 (2006), doi:10.1109/JPROC.2005.862423
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the 1997 IEEE Symposium on Security and Privacy, p. 65. IEEE Computer Society, Los Alamitos (1997)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)
Bellard, F.: Qemu, a fast and portable dynamic translator. In: ATEC 2005: Proceedings of the annual conference on USENIX Annual Technical Conference, p. 41. USENIX Association, Berkeley (2005)
Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)
Bratus, S., D’Cunha, N., Sparks, E., Smith, S.W.: Toctou, traps, and trusted computing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 14–32. Springer, Heidelberg (2008)
Cabuk, S., Chen, L., Plaquin, D., Ryan, M.: Trusted integrity measurement and reporting for virtualized platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 180–196. Springer, Heidelberg (2010)
Cáceres, R., Carter, C., Narayanaswami, C., Raghunath, M.: Reincarnating pcs with portable soulpads. In: Proceedings of the 3rd International Conference on Mobile Systems, Applications, and Services, pp. 65–78. ACM, Seattle (2005)
Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A.R., Schulz, S., Schunter, M., Winandy, M., Zhan, J.: Trusted virtual domains - design, implementation and lessons learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)
Clair, L.S., Schiffman, J., Jaeger, T., McDaniel, P.: Establishing and sustaining system integrity via root of trust installation. In: Computer Security Applications Conference, Annual, pp. 19–29 (2007)
Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008), http://dx.doi.org/10.1007/978-3-540-88625-9_1
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory (1981)
Dyer, J., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.: Building the ibm 4758 secure coprocessor. Computer 34(10), 57–66 (2001)
EMSCB Project Consortium: The European Multilaterally Secure Computing Base (EMSCB) project (2004), http://www.emscb.org/
England, P., Lampson, B., Manferdelli, J., Willman, B.: A trusted open platform. Computer 36(7), 55–62 (2003)
England, P.: Practical techniques for operating system attestation. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 1–13. Springer, Heidelberg (2008)
Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology (2005), http://clemens.endorphin.org/publications
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th Symposium on Operating System Principles(SOSP 2003), pp. 193–206. ACM, New York (October 2003)
Gebhardt, C., Dalton, C.: Lala: a late launch application. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, pp. 1–8. ACM, Chicago (2009)
Gebhardt, C., Tomlinson, A.: Secure Virtual Disk Images for Grid Computing. In: 3rd Asia-Pacific Trusted Infrastructure Technologies Conference (APTC 2008). IEEE Computer Society, Los Alamitos (October 2008)
Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Hillsboro (February 2009) ISBN: 978-1934053171
Intel Corporation: Intel active management technology (amt), http://www.intel.com/technology/platform-technology/intel-amt/index.htm
Intel Corporation: Trusted Boot (2008), http://sourceforge.net/projects/tboot/
Intel Corporation: Intel Trusted Execution Technology Software Development Guide (December 2009), http://download.intel.com/technology/security/downloads/315168.pdf
Kauer, B.: Oslo: improving the security of trusted computing. In: SS 2007: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–9. USENIX Association, Berkeley (2007)
Kivity, A., Kamay, V., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux Virtual Machine Monitor. In: OLS 2007: Proceedings of the Linux Symposium, pp. 225–230 (2007)
Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with tcpa/tcg hardware, or: How i learned to stop worrying and love the bear. Tech. rep., Department of Computer Science/Dartmouth PKI Lab, Dartmouth College (2003)
McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)
McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 315–328. ACM, Glasgow (2008)
OpenTC Project Consortium: The Open Trusted Computing (OpenTC) project (2005-2009), http://www.opentc.net/
Pfitzmann, B., Riordan, J., Stueble, C., Waidner, M., Weber, A., Saarlandes, U.D.: The perseus system architecture (2001)
Pirker, M., Toegl, R., Winkler, T., Vejda, T.: Trusted computing for the JavaTMplatform (2009), http://trustedjava.sourceforge.net/
Pirker, M., Toegl, R.: Towards a virtual trusted platform. Journal of Universal Computer Science 16(4), 531–542 (2010), http://www.jucs.org/jucs_16_4/towards_a_virtual_trusted
Pirker, M., Toegl, R., Gissing, M.: Dynamic enforcement of platform integrity (a short paper). In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)
Popek, G.J., Goldberg, R.P.: Formal requirements for virtualizable third generation architectures. Commun. ACM 17(7), 412–421 (1974)
Qumranet: KVM - Kernel-based Virtualization Machine (2006), http://www.qumranet.com/files/white_papers/KVM_Whitepaper.pdf
Ravi Sahita, U.W., Dewan, P.: Dynamic software application protection. Tech. rep., Intel Corporation (2009), http://blogs.intel.com/research/trusted%20dynamic%20launch-flyer-rlspss_001.pdf
Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Hempelmann, C., Raskin, V. (eds.) NSPW, pp. 67–77. ACM, New York (2004)
Safford, D., Kravitz, J., Doorn, L.v.: Take control of tcpa. Linux Journal (112), 2 (2003), http://domino.research.ibm.com/comm/research_projects.nsf/pages/gsal.TCG.html
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium, USENIX Association, San Diego (2004)
Scarlata, V., Rozas, C., Wiseman, M., Grawrock, D., Vishik, C.: Tpm virtualization: Building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Vieweg (2007)
Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society, Washington, DC, USA (2009)
Shi, E., Perrig, A., Van Doorn, L.: Bind: a fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168 (2005)
Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)
Strachey, C.: Time sharing in large, fast computers. In: IFIP Congress (1959)
Trusted Computing Group: TCG infrastructure specifications, https://www.trustedcomputinggroup.org/specs/IWG/
Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007)
Tygar, J., Yee, B.: Dyad: A system for using physically secure coprocessors. In: Technological Strategies for the Protection of Intellectual Property in the Networked Multimedia Environment, pp. 121–152. Interactive Multimedia Association (1994)
Vasudevan, A., McCune, J.M., Qu, N., van Doorn, L., Perrig, A.: Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 141–165. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Toegl, R., Pirker, M., Gissing, M. (2011). acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-25283-9_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25282-2
Online ISBN: 978-3-642-25283-9
eBook Packages: Computer ScienceComputer Science (R0)