Corpus ID: 17899967

vTPM: Virtualizing the Trusted Platform Module

@inproceedings{Berger2006vTPMVT,
  title={vTPM: Virtualizing the Trusted Platform Module},
  author={S. Berger and R. C{\'a}ceres and Kenneth A. Goldman and Ronald Perez and R. Sailer and L. V. Doorn},
  booktitle={USENIX Security Symposium},
  year={2006}
}
We present the design and implementation of a system that enables trusted computing for an unlimited number of virtual machines on a single hardware platform. To this end, we virtualized the Trusted Platform Module (TPM). As a result, the TPM's secure storage and cryptographic functions are available to operating systems and applications running in virtual machines. Our new facility supports higher-level services for establishing trust in virtualized environments, for example remote attestation… Expand

Figures and Tables from this paper

E2VT: An Effective and Efficient VM-Transparent Mechanism for Preventing TPVM OS Boot Failure
TLDR
This paper design and implement E2VT, an effective and efficient mechanism for preventing the TPVM OS boot failure while being transparent to the TP VM system, maintaining the original system performance, and making minimal modifications to the existing architecture. Expand
Improving Xen security through disaggregation
TLDR
This paper introduces the work to disaggregate the management virtual machine in a Xen-based system, and describes the implementation, which moves the domain builder, the most important privileged component, into a minimal trusted compartment. Expand
Dependable TCB Based on the Cell Broadband Engine Isolation Facility
  • M. Murase, H. Tokuda
  • Computer Science
  • 2011 IEEE 17th International Conference on Embedded and Real-Time Computing Systems and Applications
  • 2011
TLDR
This paper presents a dependable TCB on a Cell Broadband Engine TM processor by providing a hardware and software hybrid TPM, and shows the feasibility of this hybrid implementation of the TPM by assessing its performance and security properties. Expand
Obtaining the Integrity of Your Virtual Machine in the Cloud
  • Aimin Yu, Yu Qin, D. Wang
  • Computer Science
  • 2011 IEEE Third International Conference on Cloud Computing Technology and Science
  • 2011
TLDR
This paper designed and implemented TCG(trusted computing group)-based remote attestation for the Xen VM under the assumption that the trusted platform module(TPM) and hyper visor are secure and the privileged domain0 may be malicious. Expand
Enabling secure VM-vTPM migration in private clouds
TLDR
This work detail the requirements that a secure VM-vTPM migration solution should satisfy in private virtualized environments and proposes a vTPM key structure suitable for VM-tPM migration, and shows that the proposed protocol provides stronger security guarantees when compared to existing solutions forVM-v TPM migration. Expand
On the security of virtual machine migration and related topics
TLDR
A secure migration protocol is proposed using a novel vTPM key hierarchy that satisfies a set of requirements for the secure VM-vTPM migration and its performance is evaluated using different ciphers and VM RAM sizes. Expand
Trusted virtual platforms: a key enabler for converged client devices
TLDR
The architecture for reducing and containing the privileged code of the Xen Hypervisor is described and the Trusted Virtual Platform architecture is described, aimed at supporting the strong enforcement of integrity and security policy controls over a virtual entity. Expand
A Security-Enhanced vTPM 2.0 for Cloud Computing
TLDR
The vTPM 2.0 system and the security-enhanced protection mechanism are designed and implemented for the first time and the key distribution and protection mechanism is presented. Expand
Towards Trust Services for Language-Based Virtual Machines for Grid Computing
TLDR
Why platform independent virtual machines (VM) with their inherent security features are an ideal environment for trusted applications and services is discussed. Expand
Secure Attestation of Virtualized Environments
TLDR
An approach that provides adequate security and is easy to implement but is prone to relay attacks is identified, which outperforms the other approach for a small number of VMs, as used in network devices and embedded systems. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 34 REFERENCES
Terra: a virtual machine-based platform for trusted computing
We present a flexible architecture for trusted computing, called Terra, that allows applications with a wide range of security requirements to run simultaneously on commodity hardware. ApplicationsExpand
Design and Implementation of a TCG-based Integrity Measurement Architecture
TLDR
This work shows that many of the Microsoft NGSCB guarantees can be obtained on today's hardware and today's software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent trusted entity, a TPM for example. Expand
Xen and the art of virtualization
TLDR
Xen, an x86 virtual machine monitor which allows multiple commodity operating systems to share conventional hardware in a safe and resource managed fashion, but without sacrificing either performance or functionality, considerably outperform competing commercial and freely available solutions. Expand
Safe Hardware Access with the Xen Virtual Machine Monitor
TLDR
The new Safe Hardware Interface is presented, an isolation architecture used within the latest release of Xen which allows unmodified device drivers to be shared across isolated operating system instances, while protecting individual OSs, and the system as a whole, from driver failure. Expand
Secure Data Management in Trusted Computing
TLDR
This paper identifies shortcomings of the TCG specification related to the availability of sealed data during software and hardware life cycles, i.e., software update or/and hardware migration and proposes both software andHardware solutions to resolve these problems. Expand
Building a MAC-based security architecture for the Xen open-source hypervisor
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have beenExpand
Live migration of virtual machines
TLDR
The design options for migrating OSes running services with liveness constraints are considered, the concept of writable working set is introduced, and the design, implementation and evaluation of high-performance OS migration built on top of the Xen VMM are presented. Expand
Survey of virtual machine research
The complete instruction-by-instruction simulation of one computer system on a different system is a well-known computing technique. It is often used for software development when a hardware base isExpand
QEMU, a Fast and Portable Dynamic Translator
  • Fabrice Bellard
  • Computer Science
  • USENIX Annual Technical Conference, FREENIX Track
  • 2005
TLDR
QEMU supports full system emulation in which a complete and unmodified operating system is run in a virtual machine and Linux user mode emulation where a Linux process compiled for one target CPU can be run on another CPU. Expand
Guest Editors' Introduction: Resource Virtualization Renaissance
Virtualization technologies encompass a variety of mechanisms and techniques used to address computer system problems such as security, performance, and reliability by decoupling the architecture andExpand
...
1
2
3
4
...