Skip to main content
SpringerLink
Log in

Property-Based TPM Virtualization

  • Conference paper
Information Security (ISC 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5222))

Included in the following conference series:

Abstract

Today, virtualization technologies and hypervisors celebrate their rediscovery. Especially migration of virtual machines (VMs) between hardware platforms provides a useful and cost-effective means to manage complex IT infrastructures. A challenge in this context is the virtualization of hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization, however, have various shortcomings that hinder the deployment to a wide range of useful scenarios. In this paper, we address these shortcomings by presenting a flexible and privacy-preserving design of a virtual TPM that in contrast to existing solutions supports different approaches for measuring the platform’s state and for key generation, and uses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like TPM.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Carr, N.G.: The end of corporate computing. MIT Sloan Management Review 46(3), 67–73 (2005)

    Google Scholar 

  2. Karger, P.A., Zurko, M.E., Bonin, D.W., Mason, A.H., Kahn, C.E.: A VMM security kernel for the VAX architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 2–19. IEEE Computer Society, Los Alamitos (1990)

    Google Scholar 

  3. Trusted Computing Group: TPM Main Specification Version 1.1b (February 2002), https://www.trustedcomputinggroup.org

  4. Trusted Computing Group: TPM Main Specification Version 1.2 rev. 103 (July 2007), https://www.trustedcomputinggroup.org

  5. Microsoft Corporation: Bitlocker drive encryption (July 2007), http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx

  6. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: 13th Usenix Security Symposium, San Diego, California (August 2004), pp. 223–238 (2004)

    Google Scholar 

  7. Berger, S., Caceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th USENIX Security Symposium, USENIX, August 2006, pp. 305–320 (2006)

    Google Scholar 

  8. Goldman, K., Berger, S.: TPM Main Part 3 – IBM Commands (April 2005), http://www.research.ibm.com/secure_systems_department/projects/vtpm/mai%nP3IBMCommandsrev10.pdf

  9. Scarlata, V., Rozas, C., Wiseman, M., Grawrock, D., Vishik, C.: TPM virtualization: Building a general framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, Vieweg, pp. 43–56 (2007)

    Google Scholar 

  10. Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Computer Networks 31(8), 831–860 (1999)

    Article  Google Scholar 

  11. Yee, B.S.: Using Secure Coprocessors. PhD thesis, School of Computer Science, Carnegie Mellon University (May 1994) CMU-CS-94-149

    Google Scholar 

  12. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, May 1997, pp. 65–71. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  13. Macdonald, R., Smith, S., Marchesini, J., Wild, O.: Bear: An open-source virtual secure coprocessor based on TCPA. Technical Report TR2003-471, Department of Computer Science, Dartmouth College (2003)

    Google Scholar 

  14. Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: A virtual machine directed approach to trusted computing. In: USENIX Virtual Machine Research and Technology Symposium (2004)

    Google Scholar 

  15. Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: 17th Annual Computer Security Applications Conference (ACSAC) (2001)

    Google Scholar 

  16. Chen, L., Landfermann, R., Loehr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM Press, New York (2006)

    Chapter  Google Scholar 

  17. Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research (May 2004)

    Google Scholar 

  18. Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: The 2004 New Security Paradigms Workshop. ACM Press, New York (2004)

    Google Scholar 

  19. Kühn, U., Selhorst, M., Stüble, C.: Realizing property-based attestation and sealing with commonly available hard- and software. In: STC 2007: Proceedings of the 2nd ACM Workshop on Scalable Trusted Computing, pp. 50–57. ACM Press, New York (2007)

    Chapter  Google Scholar 

  20. Goldman, K., Perez, R., Sailer, R.: Linking remote attestation to secure tunnel endpoints. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 21–24 (2006)

    Google Scholar 

  21. Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC 2006 Fall), Tokyo (December 2006)

    Google Scholar 

  22. Asokan, N., Ekberg, J.E., Sadeghi, A.R., Stüble, C., Wolf, M.: Enabling fairer digital rights management with trusted computing. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 53–70. Springer, Heidelberg (2007)

    Google Scholar 

  23. Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Pratt, I., Warfield, A., Barham, P., Neugebauer, R.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles, October 2003, pp. 164–177 (2003)

    Google Scholar 

  24. Anderson, M.J., Moffie, M., Dalton, C.I.: Towards trustworthy virtualisation environments: Xen library os security service infrastructure. Technical Report HPL-2007-69, Hewlett-Packard Laboratories (April 2007)

    Google Scholar 

  25. Sadeghi, A.R., Stüble, C., Pohlmann, N.: European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD, Verlag Friedrich Vieweg & Sohn, Wiesbaden 28(9), 548–554 (2004)

    Google Scholar 

  26. Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511, IBM Research Division (February 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Ruhr-University Bochum, D-44780, Bochum, Germany

    Ahmad-Reza Sadeghi & Marcel Winandy

  2. Sirrix AG security technologies, Lise-Meitner-Allee 4, D-44801, Bochum, Germany

    Christian Stüble

Authors
  1. Ahmad-Reza Sadeghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christian Stüble
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcel Winandy
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Tzong-Chen Wu Chin-Laung Lei Vincent Rijmen Der-Tsai Lee

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sadeghi, AR., Stüble, C., Winandy, M. (2008). Property-Based TPM Virtualization. In: Wu, TC., Lei, CL., Rijmen, V., Lee, DT. (eds) Information Security. ISC 2008. Lecture Notes in Computer Science, vol 5222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85886-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85886-7_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85884-3

  • Online ISBN: 978-3-540-85886-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation