Trusted Virtual Machine Management for Virtualization in Critical Environments

Service providers use virtualization technology to better serve their remote customers and to efficiently use their resources. In particular when virtualization is used within critical infrastructures such as industrial control systems security of the virtual machines is crucial. Creating fully secure systems based on a verified small trusted computing base (TCB) is desirable to minimize the attack surface of the host system. However, attacks can still occur, and sometimes it is not practically possible to provide a small TCB or to completely replace a running system to enforce security. Thus, remote monitoring of the integrity of VMs is desired to confirm their trusted state. In general, it is a complex task to incorporate on-demand system integrity verification into the existing host system to measure a hosted virtual machine (VM) at runtime and to switch back at runtime to the trusted state whenever a change or a manipulation is detected. Also it is necessary to provide the host machine's integrity information along with the VM to remote customers when such status are seeked. In this paper, we address the problem of securing an existing or new host machine with on-demand integrity measurement solution to offer a fresh and trusted VM whenever some illegitimate changes are detected in the current VM. The solution is targeted at smaller devices with a limited number of VMs and customers per device. It also assumes VMs to be rather stable and does not use virtual TPMs. Thus, it focuses on secure virtualization in critical environments, automation, or industry control systems.