Skip to main content
SpringerLink
Log in

Management of Integrity-Enforced Virtual Applications

  • Conference paper
Secure and Trust Computing, Data Management, and Applications (STA 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 187))

Abstract

The security of virtualization platforms can be improved by applying trusted computing mechanisms such as enforcing the integrity of the hypervisor. In this paper we build on a recently proposed platform that extends this trust on to applications and services. We describe a process that covers the fully integrity-enforcing life-cycle of a trusted virtual application. Our architecture allows applications the safe transition between trusted states, even in case of updates of the hypervisor. We also detail the technical realization in our prototype implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adams, K., Agesen, O.: A comparison of software and hardware techniques for x86 virtualization. In: Proc. of the 12th International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, San Jose (2006)

    Google Scholar 

  2. Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1), 40–47 (2008)

    Article  Google Scholar 

  3. Catuogno, L., Dmitrienko, A., Eriksson, K., Kuhlmann, D., Ramunno, G., Sadeghi, A.R., Schulz, S., Schunter, M., Winandy, M., Zhan, J.: Trusted virtual domains – design, implementation and lessons learned. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 156–179. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. Information and Communications Security, 1–18 (2008)

    Google Scholar 

  5. EMSCB Project Consortium: The European Multilaterally Secure Computing Base (EMSCB) project (2004), http://www.emscb.org/

  6. Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group. Vienna University of Technology (2005)

    Google Scholar 

  7. Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. SOSP. ACM Press, New York (2003)

    Google Scholar 

  8. Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Richard Bowles (2009) ISBN No. 978-1934053171

    Google Scholar 

  9. Intel Corporation: Intel Trusted Execution Technology Software Development Guide (December 2009), http://download.intel.com/technology/security/downloads/315168.pdf

  10. Kivity, A., Kamay, V., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux Virtual Machine Monitor. In: Proceedings of the Linux Symposium OLS 2007, pp. 225–230 (2007)

    Google Scholar 

  11. McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proc. of the IEEE S&P (May 2010)

    Google Scholar 

  12. OpenTC Project Consortium: The Open Trusted Computing (OpenTC) project (2005-2009), http://www.opentc.net/

  13. Pfitzmann, B., Riordan, J., Stueble, C., Waidner, M., Weber, A., Saarlandes, U.D.: The perseus system architecture (2001)

    Google Scholar 

  14. Pirker, M., Toegl, R.: Towards a virtual trusted platform. Journal of Universal Computer Science 16(4), 531–542 (2010), http://www.jucs.org/jucs_16_4/towards_a_virtual_trusted

    Google Scholar 

  15. Pirker, M., Toegl, R., Gissing, M.: Dynamic enforcement of platform integrity. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 265–272. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  16. Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: Proc. ACSAC 2009, pp. 83–92. IEEE Computer Society, Los Alamitos (2009)

    Google Scholar 

  17. Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)

    Google Scholar 

  18. Toegl, R., Pirker, M., Gissing, M.: acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. In: Proc. of INTRUST 2010. Springer, Heidelberg (2010) (in print)

    Google Scholar 

  19. Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007), https://www.trustedcomputinggroup.org/specs/TPM/

  20. Wojtczuk, R., Rutkowska, J.: Attacking intel trusted execution technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf

  21. Wojtczuk, R., Rutkowska, J., Tereshkin, A.: Another way to circumvent intel trusted execution technology. Tech. rep., Invisible Things Lab (2009), http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications (IAIK), Graz University of Technology, Inffeldgasse 16a, A-8010, Graz, Austria

    Michael Gissing, Ronald Toegl & Martin Pirker

Authors
  1. Michael Gissing
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ronald Toegl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Pirker
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Engineering, Hanshin University, 815-802 Byukjeok Hanshin A., Youngtong 2-dong, Soowon, Korea

    Changhoon Lee

  2. University of Geneva, CUI, 24 Rue du Général Dufour, Geneva 4, Switzerland

    Jean-Marc Seigneur

  3. Department of Computer Science and Engineering, Seoul National University of Science and Technology, 172 Gongreung 2-dong, Nowon-gu, 139-742, Seoul, Korea

    James J. Park

  4. Institute of FAW, University of Linz, Altenbergerstrasse 69, 4040, Linz, Austria

    Roland R. Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gissing, M., Toegl, R., Pirker, M. (2011). Management of Integrity-Enforced Virtual Applications. In: Lee, C., Seigneur, JM., Park, J.J., Wagner, R.R. (eds) Secure and Trust Computing, Data Management, and Applications. STA 2011. Communications in Computer and Information Science, vol 187. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22365-5_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22365-5_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22364-8

  • Online ISBN: 978-3-642-22365-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation