AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
Attestation Identity Keys have been certified based on an endorsement key that was previously tied to the hardware platform through a chain, as we have shown in the first two solutions, the Attestation Identity Keys must be invalidated once the Virtual Machine is resumed on the t...
vTPM: virtualizing the trusted platform module
USENIX Security, pp.305-+, (2006)
We present the design and implementation of a system that enables trusted computing for an unlimited number of virtual machines on a single hardware platform. To this end, we virtualized the Trusted Platform Module (TPM). As a result, the TPM's secure storage and cryptographic functions are available to operating systems and applications ...More
PPT (Upload PPT)
- Hardware virtualization has enjoyed a rapid resurgence in recent years as a way to reduce the total cost of ownership of computer systems .
- Its implementation is available as a chip that is physically attached to a platform’s motherboard and controlled by software running on the system using well-defined commands 
- It provides cryptographic operations such as asymmetric key generation, decryption, encryption, signing and migration of keys between TPMs, as well as random number generation and hashing.
- Hardware virtualization has enjoyed a rapid resurgence in recent years as a way to reduce the total cost of ownership of computer systems 
- We have extended the Xen hypervisor tools to support virtual Trusted Platform Module devices. xm, the Xen Management tool, parses the virtual machine configuration file and, if specified, recognizes that a virtual Trusted Platform Module instance must be associated with a virtual machine. xend, the Xen Daemon, makes entries in the xenstore  directory that indicate in which domain the Trusted Platform Module backend is located
- For example, Attestation Identity Keys have been certified based on an endorsement key that was previously tied to the hardware platform through a chain, as we have shown in the first two solutions, the Attestation Identity Keys must be invalidated once the Virtual Machine is resumed on the target platform since the link to the old platform has been broken
- Whereas usually virtualization of hardware devices can be achieved through software emulation, we have demonstrated that this is not sufficient in the case of the Trusted Platform Module
- Certificates that may exist for hardware Trusted Platform Module and vouch for strong security properties need to be issued for virtual Trusted Platform Module instances’ endorsement keys
- These certificates can naturally not represent the same properties for a virtual Trusted Platform Module process running in user space
- Discussion and Future
In section 3 the authors introduced the requirements that an architecture for enabling TPM support in a virtual environment must fulfill.
- All existing TPM V 1.2 commands are available to a user domain and the TPM command format remains unchanged.The authors have designed and implemented a system that provides trusted computing functionality to every virtual machine on a virtualized hardware platform.
- Certificates that may exist for hardware TPMs and vouch for strong security properties need to be issued for virtual TPM instances’ endorsement keys.
- Virtual TPM migration can create further problems if certificate chains that have been established break or trust must be reestablished
- Table1: Comparison of TPM Implementations in the virtual TPM with these measurements. This sequence of measurements is part of the setup process of the vTPM instance (see Section 4.4). As the user virtual machine continues to run, the IMA-enhanced kernel in that virtual machine also extends a virtual PCR with measurements of every application that is loaded
- Table2: Comparison of Methods to Issue Certificates for AIKs strong connection between the virtual TPM and the hardware TPM is desired, then one of solution 1,2 or 4 should be implemented. However, it will be necessary in this case to invalidate the chained certificates and keys after migration in order to reestablish a chain to the new hardware root of trust. In that respect our second solution offers better support for a dynamic environment, since here only the AIKs of the virtualized environment need to be recreated and certified. The first solution would eventually have to place the EK’ certificate on a revocation list and create a new EK
- The Xen open-source repository  contains a limited virtual TPM implementation comprised of combined contributions by Intel Corporation and the authors of this paper. Our contributions to Xen so far include the virtual TPM driver pair (front- and back-end drivers), hotplug scripts, and changes to Xen’s management tools. We kept this infrastructure modular so that different realizations of virtual TPMs can work with it. The virtual TPM design and implementation presented in this paper adds the following to what is currently available in Xen: support for migrating a vTPM instance alongside its associated virtual machine, support for attestation of the complete vTPM environment along with the contents of a virtual machine, and an entirely separate software implementation of the TPM specification. In addition, the virtual TPM now in Xen is a partial implementation based on version 1.1 of the TPM specification, while we have updated our virtual TPM to be a complete implementation of version 1.2.
Previous research in the area of trusted computing examined how data that is protected (sealed) by a hardware TPM can be moved to another platform. Kuehn et al 
- Fabrice Bellard. Qemu, a fast and portable dynamic translator. In Proceedings of the USENIX 2005 Annual Technical Conference, FREENIX Track, pages 41–46, 2005.
- C. Clark, K. Fraser, S. Hand, J. G. Hansen, E. Jul, C. Limpach, I. Pratt, and A. Warfield. Live Migration of Virtual Machines. In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation (NSDI ’05), 2005.
- Common Criteria. Trusted Computing Group (TCG) Personal Computer (PC) Specific Trusted Building Block (TBB) Protection Profile and TCG PC Specific TBB With Maintenance Protection Profile, July 2004.
- B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, I. Pratt, A. Warfield, P. Barham, and R. Neugebauer. Xen and the Art of Virtualization. In Proceedings of the ACM Symposium on Operating Systems Principles, October 2003.
- R. Figueiredo, P. A. Dinda, and J. Fortes. Resource virtualization renaissance. IEEE Computer, 38(5):28–31, 2005.
- K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. Warfield, and M. Williamson. Safe Hardware Access with the Xen Virtual Machine Monitor. In Proceedings of the OASIS ASPLOS Workshop, 2004.
- Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. Terra: a Virtual Machine-based Platform for Trusted Computing. In Proceedings of the Symposium on Operating Systems Principles (SOSP), pages 193–206, 2003.
- R. P. Goldberg. Survey of Virtual Machine Research. IEEE Computer Magazine, 7(6):34–45, 1974.
- Applied Data Security Group. What is TrustedGRUB, http://www.prosec.ruhr-uni-bochum.de/trusted grub.html.
- Trusted Computing Group. TCG TPM Specification Version 1.2 - Part 1 Design Principles, 2005.
- Trusted Computing Group. TCG TPM Specification Version 1.2 - Part 3 Commands, 2005.
-  IBM. Integrity Measurement Architecture for Linux. http://www.sourceforge.net/projects/linux-ima.
-  IBM. PHYP: Converged POWER Hypervisor Firmware for pSeries and iSeries. http://www-1.ibm.com/servers/enable/site/peducation/abstracts/abs 2bb2.html.
-  IBM. Secure Coprocessing. http://www.research.ibm.com/secure systems department/projects/scop/index.html. http://domino.research.ibm.com/comm/research projects.nsf/
-  U. Kuhn, K. Kursawe, S. Lucks, A. Sadeghi, and C. Stuble. Secure data management in trusted computing. In Proceedings of Workshop on Cryptographic Hardware and Embedded Systems (CHES 2005), 2005.
-  H. Maruyama, F. Seliger, N. Nagaratnam, T. Ebringer, S. Munetoh, S. Yoshihama, and T. Nakamura. Trusted platform on demand. Technical Report RT0564, IBM, February 2004.
-  National Institute of Standards and Technology. Secure Hash Standard (SHA-1). Federal Information Processing Standards Publication 180-1, 1993.
-  R. Sailer, T. Jaeger, E. Valdez, R. Caceres, R. Perez, S. Berger, J. Griffin, and L. van Doorn. Building a MAC-based security architecture for the Xen opensource hypervisor. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), December 2005.
-  R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a TCG-based integrity measurement architecture. In Proceedings of the USENIX Security Symposium, 2004.
-  The Xen Team. Xen Interface Manual - Xen v3.0 for x86.
-  Trusted Computing Group. http://www.trustedcomputinggroup.org.
-  Trusted Computing Group. TCG PC Specific Implementation Specification, 2003.
-  Trusted Computing Group. TCG Software Stack (TSS) Specification - Version 1.10 Golden, 2003.
-  VMware, Inc. http://www.vmware.com. http://www.xensource.com/products/downloads.