Learn More
We present the design and implementation of a system that enables trusted computing for an unlimited number of virtual machines on a single hardware platform. To this end, we virtualized the Trusted Platform Module (TPM). As a result, the TPM's secure storage and cryptographic functions are available to operating systems and applications running in virtual(More)
Exopolysaccharide (EPS) synthesis by Erwinia amylovora depends on environmental and genetic predispositions. To measure the amount of the acidic EPS amylovoran synthesized by E. amylovora cell cultures, a turbidity assay using cetylpyridinium salt was developed. The EPS produced by bacteria grown on solid media was additionally characterized by its water(More)
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been proven useful for high-security environments that prioritize security over performance and code reuse, our approach aims at commercial security where near-zero(More)
The trusted virtual data center (TVDc) is a technology developed to address the need for strong isolation and integrity guarantees in virtualized environments. In this paper, we extend previous work on the TVDc by implementing controlled access to networked storage based on security labels and by implementing management prototypes that demonstrate the(More)
Virtualization technology is becoming increasingly common in datacenters, since it allows for collocation of multiple workloads, consisting of operating systems, middleware and applications, in different virtual machines (VMs) on shared physical hardware platforms. However, when coupled with the ease of VM migration, this trend increases the potential(More)
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We implement a prototype(More)
In this paper we present our experience in building the Research Compute Cloud (RC2), a cloud computing platform for use by the worldwide IBM Research community. Within eleven months of its official release RC2 has reached a community of 631 users spanning 34 countries , and serves on average 350 active users and 1800 active VM instances per month. Besides(More)
Scalable attestation combines secure boot and trusted boot technologies, and extends them up into the host, its programs, and into the guest's operating system and workloads, to both detect and prevent integrity attacks. Anchored in hardware, this integrity appraisal and attestation protects persistent data (files) from remote attack, even if the attack is(More)
We consider a wireless ad-hoc network with single antenna nodes under a two-hop traffic pattern. Two system architectures are investigated in this paper: Either linear amplify-and-forward relays (LinRel) or a distributed antenna system with linear processing (LDAS) serve as repeater nodes. The gain factors of the repeaters are assigned such that the mean(More)
Many people desire ubiquitous access to their personal computing environments. We present a system in which a user leverages a personal mobile device to establish trust in a public computing device, or kiosk, prior to resuming her environment on the kiosk. We have designed a protocol by which the mobile device determines the identity and integrity of all(More)