Skip to main content
SpringerLink
Log in

Secure and Privacy-Aware Multiplexing of Hardware-Protected TPM Integrity Measurements among Virtual Machines

  • Conference paper
Information Security and Cryptology – ICISC 2012 (ICISC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7839))

Included in the following conference series:

Abstract

Measuring the integrity of critical operating system components and securely storing these measurements in a hardware-protected Trusted Platform Module (TPM) is a well-known approach for improving system security. However, currently it is not possible to securely extend this approach to TPMs used in virtualized environments. In this paper, we show how to multiplex integrity measurements of arbitrarily many Virtual Machines (VMs) with just a single standard TPM. In contrast to existing approaches such as vTPM, our approach achieves a higher level of security since measurements will never be held in software but are fully hardware-protected by the TPM at all times. We establish an integrity-protected mapping between each measurement and its respective VM such that it is not possible for an attacker to alter this mapping during remote attestation without being detected. Furthermore, all measurements will be stored in the TPM in a concealed manner in order to prevent information leakage of other VMs during remote attestation. The experimental results of our proof of concept implementation show the feasibility of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Trusted Platform Module, Main Specification, Level 2, Version 1.2, Revision 116 (2011), http://www.trustedcomputinggroup.org/resources/tpm_main_specification

  2. Trusted Computing Group, https://www.trustedcomputinggroup.org/

  3. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 16. USENIX Association, Berkeley (2004)

    Google Scholar 

  4. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol. 15, USENIX Association, Berkeley (2006)

    Google Scholar 

  5. England, P., Loeser, J.: Para-virtualized tpm sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Stumpf, F., Eckert, C.: Enhancing trusted platform modules with hardware-based virtualization techniques. In: The International Conference on Emerging Security Information, Systems, and Technologies, pp. 1–9 (2008)

    Google Scholar 

  7. Virtualized Trusted Platform Architecture Specification, Version 1.0, Revision 26 (2011), http://www.trustedcomputinggroup.org/resources/virtualized_trusted_platform_architecture_specification

  8. Feller, T., Malipatlolla, S., Kasper, M., Huss, S.A.: dctpm: A generic architecture for dynamic context management. In: 2011 International Conference on Reconfigurable Computing and FPGAs (ReConFig), November 30-December 2, pp. 211–216 (2011)

    Google Scholar 

  9. Azab, A.M., Ning, P., Sezer, E.C., Zhang, X.: Hima: A hypervisor-based integrity measurement agent. In: ACSAC, pp. 461–470. IEEE Computer Society (2009)

    Google Scholar 

  10. Litty, L., Lagar-Cavilla, H.A., Lie, D.: Hypervisor support for identifying covertly executing binaries. In: Proceedings of the 17th Conference on Security Symposium, SS 2008, pp. 243–258. USENIX Association, Berkeley (2008)

    Google Scholar 

  11. National Institute of Standards and Technology. Secure Hash Standard (SHA-1). Federal Information Processing Standards Publication 180-1 (1993)

    Google Scholar 

  12. Bellard, F.: Qemu, a fast and portable dynamic translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005, p. 41. USENIX Association, Berkeley (2005)

    Google Scholar 

  13. Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux virtual machine monitor. In: OLS 2007: Proceedings of the Linux Symposium, vol. 1, pp. 225–230 (June 2007)

    Google Scholar 

  14. TrouSerS – The open-source TCG Software Stack, http://trousers.sourceforge.net

Download references

Author information

Authors and Affiliations

  1. AISEC, Fraunhofer Research Institution, Munich, Germany

    Michael Velten & Frederic Stumpf

Authors
  1. Michael Velten
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frederic Stumpf
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, Sejong University, 143-747, Seoul, Korea

    Taekyoung Kwon

  2. School of Computer Science and Engineering, Inha University, 402-751, Incheon, Korea

    Mun-Kyu Lee

  3. National Security Research Institute, 306-600, Daejeon, Korea

    Daesung Kwon

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Velten, M., Stumpf, F. (2013). Secure and Privacy-Aware Multiplexing of Hardware-Protected TPM Integrity Measurements among Virtual Machines. In: Kwon, T., Lee, MK., Kwon, D. (eds) Information Security and Cryptology – ICISC 2012. ICISC 2012. Lecture Notes in Computer Science, vol 7839. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37682-5_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37682-5_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37681-8

  • Online ISBN: 978-3-642-37682-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation