Abstract
Today, virtualization technologies and hypervisors celebrate their rediscovery. Especially migration of virtual machines (VMs) between hardware platforms provides a useful and cost-effective means to manage complex IT infrastructures. A challenge in this context is the virtualization of hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization, however, have various shortcomings that hinder the deployment to a wide range of useful scenarios. In this paper, we address these shortcomings by presenting a flexible and privacy-preserving design of a virtual TPM that in contrast to existing solutions supports different approaches for measuring the platform’s state and for key generation, and uses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like TPM.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Carr, N.G.: The end of corporate computing. MIT Sloan Management Review 46(3), 67–73 (2005)
Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A VMM security kernel for the VAX architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 2–19. IEEE Computer Society, Los Alamitos (1990)
Trusted Computing Group: TPM Main Specification Version 1.1b (February 2002), https://www.trustedcomputinggroup.org
Trusted Computing Group: TPM Main Specification Version 1.2 rev. 103 (July 2007), https://www.trustedcomputinggroup.org
Microsoft Corporation: Bitlocker drive encryption (July 2007), http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: 13th Usenix Security Symposium, San Diego, California (August 2004), pp. 223–238 (2004)
Berger, S., Caceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th USENIX Security Symposium, USENIX, August 2006, pp. 305–320 (2006)
Goldman, K., Berger, S.: TPM Main Part 3 – IBM Commands (April 2005), http://www.research.ibm.com/secure_systems_department/projects/vtpm/mai%nP3IBMCommandsrev10.pdf
Scarlata, V., Rozas, C., Wiseman, M., Grawrock, D., Vishik, C.: TPM virtualization: Building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, Vieweg, pp. 43–56 (2007)
Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Computer Networks 31(8), 831–860 (1999)
Yee, B.S.: Using Secure Coprocessors. PhD thesis, School of Computer Science, Carnegie Mellon University (May 1994) CMU-CS-94-149
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1997, pp. 65–71. IEEE Computer Society Press, Los Alamitos (1997)
Macdonald, R., Smith, S., Marchesini, J., Wild, O.: Bear: An open-source virtual secure coprocessor based on TCPA. Technical Report TR2003-471, Department of Computer Science, Dartmouth College (2003)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: A virtual machine directed approach to trusted computing. In: USENIX Virtual Machine Research and Technology Symposium (2004)
Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: 17th Annual Computer Security Applications Conference (ACSAC) (2001)
Chen, L., Landfermann, R., Loehr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York (2006)
Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research (May 2004)
Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: The 2004 New Security Paradigms Workshop. ACM Press, New York (2004)
Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC 2007: Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, pp. 50–57. ACM Press, New York (2007)
Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 21–24 (2006)
Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC 2006 Fall), Tokyo (December 2006)
Asokan, N., Ekberg, J.E., Sadeghi, A.R., Stüble, C., Wolf, M.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)
Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., Neugebauer, R.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles, October 2003, pp. 164–177 (2003)
Anderson, M.J., Moffie, M., Dalton, C.I.: Towards trustworthy virtualisation environments: Xen library os security service infrastructure. Technical Report HPL-2007-69, Hewlett-Packard Laboratories (April 2007)
Sadeghi, A.R., Stüble, C., Pohlmann, N.: European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD, Verlag Friedrich Vieweg & Sohn, Wiesbaden 28(9), 548–554 (2004)
Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511, IBM Research Division (February 2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sadeghi, AR., Stüble, C., Winandy, M. (2008). Property-Based TPM Virtualization. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-85886-7_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85884-3
Online ISBN: 978-3-540-85886-7
eBook Packages: Computer ScienceComputer Science (R0)