Abstract
Many solutions have been proposed to raise the security level of virtualisation. However, most overlook the security of virtual disk images. With our paper we present a secure, flexible and transparent security architecture for virtual disk images. Virtual machines running on our architecture transparently benefit from confidentiality and integrity assurance. We achieve this by incorporating the concepts of Trusted Computing and in particular the Trusted Platform Module (TPM). This enables us to provide a secure and flexible trusted virtual disk infrastructure to a broad number of platforms. Furthermore, the unique concept of Trusted Virtual Disk Images (TVDI) allows an image owner to stay in control over the disk image throughout its complete life-cycle.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
William A. Arbaugh, Angelos D. Keromytis, David J. Farber, and Jonathan M. Smith, Automated recovery in a secure bootstrap process, Proceedings of Network and Distributed System Security Symposium, Internet Society, 1998, pp. 155–167.
Stefan Berger, Ramán Cáceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer, and Leendert van Doom, vtpm: virtualizing the trusted platform module, USENLX-SS’06: Proceedings of the 15th conference on USENIX Security Symposium (Berkeley, CA, USA), USENIX Association, 2006, pp. 21–21.
Haibo Chen, Jieyun Chen, Wenbo Mao, and Fei Yan, Daonity - grid security from two levels of virtualization , Inf. Secur. Tech. Rep. 12 (2007), no. 3, 123–138.
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh, Terra: a virtual machine-based platform for trusted computing , SOSP ’03: Proceedings of the nineteenth ACM symposium on Operating systems principles (New York, NY, USA), ACM, 2003, pp. 193–206.
Tal Garfinkel and Mendel Rosenblum, When virtual is harder than real: security challenges in virtual machine based computing environments, HOTOS’05: Proceedings of the 10th conference on Hot Topics in Operating Systems (Berkeley, CA, USA), USENIX Association, 2005, pp. 20–20.
Carl Gebhardt and Allan Tomlinson, Security considerations for virtualization, Tech. report, Department of Mathematics, Royal Holloway, University of London, 2008.
Hans Lohr, HariGovind V. Ramasamy, Ahmad-Reza Sadeghi, Stefan Schulz, Matthias Schunter, and Christian Stable, Enhancing grid security using trusted virtualization., ATC (Bin Xiao, Laurence Tianruo Yang, Jianhua Ma, Christian Muller-Schloer, and Yu Hua, eds.), Lecture Notes in Computer Science, vol. 4610, Springer, 2007, pp. 372–384.
Jonathan M. McCune, Bryan J. Parno, Adrian Perrig, Michael K. Reiter, and Hiroshi Isozaki, Flicker: an execution infrastructure fortcb minimization , SIGOPS Oper. Syst. Rev. 42 (2008), no. 4, 315–328.
Mark McLoughlin, The qcow image format, http://www.gnome.org/~markmc/qcow-image-format.html.
Ralph C. Merkle, Protocols for public key cryptosystems , Security and Privacy 00 (1980), 122–134.
Arvind Seshadri, Mark Luk, Ning Qu, and Adrian Perrig, Secvisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity oses, SOSP ’07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles (New York, NY, USA), ACM, 2007, pp. 335–350.
C. Strachey, Time sharing in large fast computers, vol. paper B. 2. 1, Proceedings of the International Conference on Information Processing, June 1959, pp. 336–341.
Frederic Stumpf, Michael Benz, Martin Hermanowski, and Claudia Eckert, An approach to a trustworthy system architecture using virtualization, Proceedings of the 4th International Conference on Autonomic and Trusted Computing (ATC-2007) (Hong Kong, China), Lecture Notes in Computer Science, vol. 4158, Springer-Verlag, July 2007, pp. 191–202.
Kuniyasu Suzaki, Toshiki Yagi, Kengo Iijima, and Nguyen Anh Quynh, Os circular: internet client for reference , LISA’07: Proceedings of the 21st conference on 21st Large Installation System Administration Conference (Berkeley, CA, USA), USENIX Association, 2007, pp. 1–12.
TCG, TPM Main, Part 1 Design Principles , TCG Specification Version 1.2 Revision 103, The Trusted Computing Group, Portland, OR, USA, July 2007.
TCG, TPM Main, Part 2 TPM Data Structures , TCG Specification Version 1.2 Revision 103, The Trusted Computing Group, Portland, OR, USA, July 2007.
TCG, TPM Main, Part 3 Commands , TCG Specification Version 1.2 Revision 103, The Trusted Computing Group, Portland, OR, USA, July 2007.
VMware and XenSource, The open virtual machine format whitepaper for ovf specification , Tech. report, VMware and XenSource, 2007.
Andrew Warfield and Julian Chesterfield, Blktap userspace tools + library , http://lxr.xensource.com/lxr/source/tools/blktap/README, June 2006.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
Gebhardt, C., Tomlinson, A. (2009). Trusted Virtual Disk Images. In: Gawrock, D., Reimer, H., Sadeghi, AR., Vishik, C. (eds) Future of Trust in Computing. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9324-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9324-6_21
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0794-6
Online ISBN: 978-3-8348-9324-6
eBook Packages: Computer ScienceComputer Science (R0)