An Open Trusted Computing Architecture — Secure Virtual Machines Enabling User-Defined Policy Enforcement

Virtualization of computers enables a wide variety of applications ranging from server consolidation to secure sandboxing of malicious content. Today, lack of security of virtual machines is a major obstacle for broad adoption of virtual machine technology. We address this obstacle by an open architecture that adds scalable trusted computing concepts to a virtual machine infrastructure. The platform has a layered system architecture, and from bottom to top consists of a Trusted Platform Module (TPM) specified by the Trusted Computing Group (TCG), a trusted virtualization layer with strong isolation properties (among virtual machines) and well-defined interfaces to the TPM, and security services (such as protected storage, security policy enforcement, and identity management). We describe the guiding principles and the overall architecture of the platform, and detail the advantages of such an architecture. The platform can be leveraged to significantly enhance the security and trust properties of the standard operating systems, middleware, and applications hosted atop the platform. We believe the platform has wide-ranging applicability particularly in the context of distributed scenarios with inherent, multilateral trust and security requirements. We give examples of such scenarios that would be enabled by the platform.

[1]  Jochen Liedtke,et al.  The performance of μ-kernel-based systems , 1997, SOSP.

[2]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[3]  HarrisTim,et al.  Xen and the art of virtualization , 2003 .

[4]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[5]  Sean W. Smith,et al.  Bear: An Open-Source Virtual Secure Coprocessor based on TCPA , 2003 .

[6]  Michael Franz,et al.  Semantic remote attestation: a virtual machine directed approach to trusted computing , 2004 .

[7]  Michael Franz,et al.  Awarded Best Paper! Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing , 2004, Virtual Machine Research and Technology Symposium.

[8]  R. Sailer,et al.  The Role of TPM in Enterprise Security , 2004 .

[9]  Sean W. Smith,et al.  Open-source applications of TCPA hardware , 2004, 20th Annual Computer Security Applications Conference.

[10]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[11]  M. Schunter,et al.  Property Attestation — Scalable and Privacy-friendly Security Assessment of Peer Computers , 2004 .

[12]  Tal Garfinkel,et al.  When Virtual Is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , 2005, HotOS.

[13]  Trent Jaeger,et al.  Trusted virtual domains: toward secure distributed services , 2005 .

[14]  Stefan Berger,et al.  Building a MAC-based security architecture for the Xen open-source hypervisor , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).