Skip to main content
SpringerLink
Log in

Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing

  • Conference paper
Trust and Trustworthy Computing (Trust 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6101))

Included in the following conference series:

Abstract

We introduce a new mechanism for rooting trust in a cloud computing environment called the Trusted Virtual Environment Module (TVEM). The TVEM helps solve the core security challenge of cloud computing by enabling parties to establish trust relationships where an information owner creates and runs a virtual environment on a platform owned by a separate service provider. The TVEM is a software appliance that provides enhanced features for cloud virtual environments over existing Trusted Platform Module virtualization techniques, which includes an improved application program interface, cryptographic algorithm flexibility, and a configurable modular architecture. We define a unique Trusted Environment Key that combines trust from the information owner and the service provider to create a dual root of trust for the TVEM that is distinct for every virtual environment and separate from the platform’s trust. This paper presents the requirements, design, and architecture of our approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Carr, N.G.: The Big Switch: Rewiring the World, from Edison to Google. W.W. Norton & Company, New York (2008)

    Google Scholar 

  2. Armbrust, M., Fox, A., Griffith, R., Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., Zaharia, M.: Above the Clouds: A Berkeley View of Cloud Computing. University of California, Berkeley (2009), http://www.eecs.berkeley.edu/Pubs/TechRpts/2009/EECS-2009-28.pdf

    Google Scholar 

  3. Krautheim, F.J., Phatak, D.S., Sherman, A.T.: Private Virtual Infrastructure: A Model for Trustworthy Utility Cloud Computing. TR-CS-10-04. University of Maryland Baltimore County, Baltimore, MD (2010), http://www.cisa.umbc.edu/papers/krautheim_tr-cs-10-04.pdf

    Google Scholar 

  4. Vaquero, L.M., Rodero-Merino, L., Caceres, J., Lindner, M.: A Break in the Clouds: Towards a Cloud Definition. ACM SIGCOMM Computer Communication Review 39, 50–55 (2009)

    Article  Google Scholar 

  5. Grawrock, D.: The Intel Safer Computing Initiative. Intel Press, Hillsboro (2006)

    Google Scholar 

  6. Scarlata, V., Rozas, C., Wiseman, M., Grawrock, D., Vishik, C.: TPM Virtualization: Building a General Framework. In: Pohlmann, N., Reimer, H. (eds.) Trusted Computing, pp. 43–56. Vieweg+Teubner, Wiesbaden (2008)

    Chapter  Google Scholar 

  7. Krautheim, F.J.: Private Virtual Infrastructure for Cloud Computing. In: Workshop on Hot Topics in Cloud Computing, San Diego, CA (2009)

    Google Scholar 

  8. TPM Specification Version 1.2 Revision 103. Trusted Computing Group (2007), http://www.trustedcomputinggroup.org/resources/tpm_main_specification

  9. Abramson, D., Jackson, J., Muthrasanallur, S., Neiger, G., Regnier, G., Sankaran, R., Schoinas, I., Uhlig, R., Vembu, B., Wiegert, J.: Intel Virtualization Technology for Directed I/O. Intel Technology Journal 10, 179–192 (2006)

    Article  Google Scholar 

  10. Intel Trusted Execution Technology, http://www.intel.com/technology/security/

  11. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the Trusted Platform Module. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, BC (2006)

    Google Scholar 

  12. England, P., Loeser, J.: Para-Virtualized TPM Sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the Art of Virtualization. ACM SIGOPS Operating Systems Review 37, 164–177 (2003)

    Article  Google Scholar 

  14. Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-Based TPM Virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Strasser, M.: A Software-based TPM Emulator for Linux. Department of Computer Science, Swiss Federal Institute of Technology, Zurich (2004)

    Google Scholar 

  16. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

  17. Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. IBM, Yorktown Heights, NY (2005), www.research.ibm.com/secure_systems_department/projects/hypervisor/

  18. Dang, Q.: Recommendation for Applications Using Approved Hash Algorithms. NIST Special Publication, vol. 800. NIST, Gaithersburg (2009)

    Google Scholar 

  19. Chisnall, D.: The Definitive Guide to the Xen Hypervisor. Prentice Hall, Upper Saddle River (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cyber Defense Lab, Dept. of CSEE, University of Maryland, Baltimore County (UMBC), Baltimore, MD, USA, 21250

    F. John Krautheim, Dhananjay S. Phatak & Alan T. Sherman

Authors
  1. F. John Krautheim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dhananjay S. Phatak
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alan T. Sherman
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Heinz College, Carnegie Mellon University, 5000 Forbes Avenue, HBH 2105C, 15213, Pittsburgh, PA, USA

    Alessandro Acquisti

  2. Department of Computer Science, 6211 Sudikoff Laboratory, Dartmouth College, 03755-3510, Hanover, NH, USA

    Sean W. Smith

  3. System Security Lab, Ruhr University Bochum, Universitätsstr. 150, 44780, Bochum, Germany

    Ahmad-Reza Sadeghi

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Krautheim, F.J., Phatak, D.S., Sherman, A.T. (2010). Introducing the Trusted Virtual Environment Module: A New Mechanism for Rooting Trust in Cloud Computing. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13869-0_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13868-3

  • Online ISBN: 978-3-642-13869-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation