acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode. In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.

[1]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[2]  Paul England,et al.  Practical Techniques for Operating System Attestation , 2008, TRUST.

[3]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[4]  A. Tomlinson,et al.  Secure Virtual Disk Images for Grid Computing , 2008, 2008 Third Asia-Pacific Trusted Infrastructure Technologies Conference.

[5]  Ole Agesen,et al.  A comparison of software and hardware techniques for x86 virtualization , 2006, ASPLOS XII.

[6]  Michael Gissing,et al.  Dynamic Enforcement of Platform Integrity , 2010, TRUST.

[7]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[8]  David Grawrock Dynamics of a trusted platform: a building block approach , 2009 .

[9]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[10]  Christopher Strachey,et al.  Time sharing in large, fast computers , 1959, IFIP Congress.

[11]  Ramón Cáceres,et al.  Reincarnating PCs with portable SoulPads , 2005, MobiSys '05.

[12]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[13]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[14]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[15]  Trent Jaeger,et al.  Justifying Integrity Using a Virtual Machine Verifier , 2009, 2009 Annual Computer Security Applications Conference.

[16]  Adrian Perrig,et al.  Requirements for an Integrity-Protected Hypervisor on the x86 Hardware Virtualized Architecture , 2010, TRUST.

[17]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[18]  Clemens Fruhwirth,et al.  New Methods in Hard Disk Encryption , 2005 .

[19]  Peter Lipp,et al.  A Practical Approach for Establishing Trust Relationships between Remote Platforms Using Trusted Computing , 2007, TGC.

[20]  Birgit Pfitzmann,et al.  Die PERSEUS Systemarchitektur , 2001 .

[21]  LampsonButler,et al.  A Trusted Open Platform , 2003 .

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[23]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[24]  Birgit Pfitzmann,et al.  The PERSEUS System Architecture , 2001 .

[25]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[26]  Sean W. Smith,et al.  Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear , 2003 .

[27]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[28]  Joshua D. Guttman,et al.  Attestation: Evidence and Trust , 2008, ICICS.

[29]  Trent Jaeger,et al.  Establishing and Sustaining System Integrity via Root of Trust Installation , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[30]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[31]  Martin Pirker,et al.  Towards a Virtual Trusted Platform , 2010, J. Univers. Comput. Sci..

[32]  Robert P. Goldberg,et al.  Formal requirements for virtualizable third generation architectures , 1973, SOSP 1973.

[33]  Bernhard Kauer OSLO: Improving the Security of Trusted Computing , 2007, USENIX Security Symposium.

[34]  Mark Ryan,et al.  Trusted Integrity Measurement and Reporting for Virtualized Platforms , 2009, INTRUST.

[35]  Chris I. Dalton,et al.  LaLa: a late launch application , 2009, STC '09.

[36]  Ahmad-Reza Sadeghi,et al.  Trusted Virtual Domains - Design, Implementation and Lessons Learned , 2009, INTRUST.

[37]  Ahmad-Reza Sadeghi,et al.  Trusted Computing - Challenges and Applications, First International Conference on Trusted Computing and Trust in Information Technologies, Trust 2008, Villach, Austria, March 11-12, 2008, Proceedings , 2008, TRUST.

[38]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[39]  Calton Pu,et al.  Reducing TCB complexity for security-sensitive applications: three case studies , 2006, EuroSys.

[40]  A. Kivity,et al.  kvm : the Linux Virtual Machine Monitor , 2007 .

[41]  Sergey Bratus,et al.  TOCTOU, Traps, and Trusted Computing , 2008, TRUST.

[42]  Claire Vishik,et al.  TPM Virtualization: Building a General Framework , 2008 .

[43]  Shouhuai Xu,et al.  Proceedings of the 3rd ACM workshop on Scalable trusted computing , 2008, CCS 2008.

[44]  Leendert van Doorn,et al.  Take control of TCPA , 2003 .

[45]  Mike Bond,et al.  Cryptographic Processors-A Survey , 2006, Proceedings of the IEEE.