research-article

TVDc: managing security in the trusted virtual datacenter

Authors:

Ramón Cáceres,

Dimitrios Pendarakis,

Enriquillo Valdez,

Wayne Schildhauer,

Deepa SrinivasanAuthors Info & Claims

ACM SIGOPS Operating Systems Review, Volume 42, Issue 1

Pages 40 - 47

https://doi.org/10.1145/1341312.1341321

Published: 01 January 2008 Publication History

Abstract

Virtualization technology is becoming increasingly common in datacenters, since it allows for collocation of multiple workloads, consisting of operating systems, middleware and applications, in different virtual machines (VMs) on shared physical hardware platforms. However, when coupled with the ease of VM migration, this trend increases the potential surface for security attacks. Further, the simplified management of VMs, including creation, cloning and migration, makes it imperative to monitor and guarantee the integrity of software components running within VMs.

This paper presents the IBM Trusted Virtual Datacenter (TVDc) technology developed to address the need for strong isolation and integrity guarantees, thus significantly enhancing security and systems management capabilities, in virtualized environments. It signifies the first effort to incorporate trusted computing technologies directly into virtualization and systems management software. We present and discuss various components that constitute TVDc: the Trusted Platform Module (TPM), the virtual TPM, the IBM hypervisor security architecture (sHype) and the associated systems management software.

References

[1]

J. P. Anderson. Computer Security Technology Planning Study. ESD-TR-73-51, Vols. I and II, Air Force Electronic Division Systems, Hanscom AFB, Bedford, MA, Oct. 1972.

[2]

S. Berger, R. Cáceres, K. Goldman, R. Perez, R. Sailer, and L. van Doorn. vTPM: Virtualizing the Trusted Platform Module. 15th USENIX Security Symposium, July 2006.

Digital Library

[3]

W. E. Boebert and R. Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. 8th National Computer Security Conference, 1985.

[4]

D. F. C. Brewer and M. J. Nash. The Chinese Wall Security Policy. IEEE Symposium on Security and Privacy, May 1989.

[5]

A. Bussani, J. L. Griffin, B. Jasen, K. Julisch, G. Karjoth, H. Maruyama, M. Nakamura, R. Perez, M. Schunter, A. Tanner, L. van Doorn, E. V. Herreweghen, M. Waidner, S. Yoshihama. Trusted Virtual Domains: Secure Foundations for Business and IT Services. Research Report RC23792, IBM Research, November 2005.

[6]

S. Cabuk, C. I. Dalton, H. Ramasamy, and M. Schunter. Towards Automated Provisioning of Secure Virtualized Networks. Research Report RZ3692. IBM Research, June 2007.

Digital Library

[7]

J. L. Griffin, T. Jaeger, R. Perez, R. Sailer, L. van Doorn, and R. Cáceres. Trusted Virtual Domains: Toward Secure Distributed Services. 1st IEEE Workshop on Hot Topics in System Dependability, June 2005.

Digital Library

[8]

IEEE Std. 802.1Q-2003, Virtual Bridged Local Area Networks; ISBN 0-7381-3662-X.

[9]

Intel Corporation. Trusted Execution Technology Preliminary Architecture Specification, August 2007. URL:http://www.intel.com/technology/security/downloads/315168.htm

[10]

T. Jaeger, R. Sailer, and U. Shankar. PRIMA: Policy-Reduced Integrity Measurement Architecture. 11th ACM Symposium on Access Control Models and Technologies (SACMAT), June 2006.

Digital Library

[11]

W. Mao, H. Jin, and A. Martin. Innovations for Grid Security from Trusted Computing. White paper, June 2005.

[12]

W. Mao, F. Yan, and C. Chen. Daonity-Grid Security with Behavior Conformity from Trusted Computing. 1st ACM Workshop on Scalable Trusted Computing (STC 2006).

Digital Library

[13]

H. Maruyama, F. Seliger, N. Nagaratnam, T. Ebringer, S. Munetoh, S. Yoshihama, and T. Nakamura. Trusted Platform on Demand. Technical Report RT0564, IBM, February 2004R.

[14]

Meushaw and D. Simard. NetTop-Commercial Technology in High Assurance Applications. National Security Agency Tech Trend Notes, Fall 2000.

[15]

J. M. McCune, S. Berger, R. Cáceres, T. Jaeger, and R. Sailer. Shamon-A System for Distributed Mandatory Access Control. 22nd Annual Computer Security Applications Conference (ACSAC), December 2006.

Digital Library

[16]

Open Trusted Computing. URL:http://www.opentc.net.

[17]

R. Sailer, T. Jaeger, E. Valdez, R. Cáceres, R. Perez, S. Berger, J. L. Griffin, and L. van Doorn. Building a MAC-based Security Architecture for the Xen Opensource Hypervisor. 21st Annual Computer Security Applications Conference (ACSAC), December 2005.

Digital Library

[18]

R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. 13th USENIX Security Symposium, August 2004.

Digital Library

[19]

Trusted Computing Group. URL:https//www.trustedcomputinggroup.org.

[20]

E. Valdez, R. Sailer, and R. Perez: Retrofitting the IBM POWER Hypervisor to Support Mandatory Access Control. 23rd Annual Computer Security Applications Conference (ACSAC), December 2007 (Accepted for publication).

[21]

F. Yan, W. Quang, Z. Shen, C. Chen, H. Zhang, and D. Zou. Danoity: An Experience on Enhancing Grid Security by Trusted Computing Technology. ATC, volume 4158 of LNCS, Springer, 2006.

Digital Library

[22]

Xen Users' Guide Chapter 10 for the Xen sHype/Access Control Module: http://www.cl.cam.ac.uk/research/srg/netos/xen/readmes/user/user.html

Cited By

Oh TLim SChoi YRyoo J(2025)Security Implication in VirtualizationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_797(2293-2304)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_797
Alias Kashif UAli Memon ZAhmed Ghanghro SAhmed Channa WSoomro A(2023)Centralized Accessibility of VM for Distributed Trusted Cloud Computing2023 4th International Conference on Computing, Mathematics and Engineering Technologies (iCoMET)10.1109/iCoMET57998.2023.10099351(1-6)Online publication date: 17-Mar-2023
https://doi.org/10.1109/iCoMET57998.2023.10099351
Basu SKarmakar SBera D(2022)Securing Cloud Virtual Machine Image Using Ethereum BlockchainInternational Journal of Information Security and Privacy10.4018/IJISP.29586816:1(1-22)Online publication date: 1-Apr-2022
https://doi.org/10.4018/IJISP.295868
Show More Cited By

Index Terms

TVDc: managing security in the trusted virtual datacenter
1. Security and privacy

Recommendations

A Lightweight Security Isolation Approach for Virtual Machines Deployment
Information Security and Cryptology
Abstract
Cloud computing has changed the way of IT services; virtualization technology is the foundation of it, which directly affects the security and reliability of the cloud computing platform. From the point of virtualization technology security, we ...
Architectural support for hypervisor-secure virtualization
ASPLOS '12

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...
Architectural support for hypervisor-secure virtualization
ASPLOS XVII: Proceedings of the seventeenth international conference on Architectural Support for Programming Languages and Operating Systems

Virtualization has become a standard part of many computer systems. A key part of virtualization is the all-powerful hypervisor which manages the physical platform and can access all of its resources, including memory assigned to the guest virtual ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGOPS Operating Systems Review

ACM SIGOPS Operating Systems Review Volume 42, Issue 1

January 2008

133 pages

ISSN:0163-5980

DOI:10.1145/1341312

Issue’s Table of Contents

Copyright © 2008 Authors.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2008

Published in SIGOPS Volume 42, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

100
Total Citations
View Citations
1,561
Total Downloads

Downloads (Last 12 months)25
Downloads (Last 6 weeks)1

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Oh TLim SChoi YRyoo J(2025)Security Implication in VirtualizationEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_797(2293-2304)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_797
Alias Kashif UAli Memon ZAhmed Ghanghro SAhmed Channa WSoomro A(2023)Centralized Accessibility of VM for Distributed Trusted Cloud Computing2023 4th International Conference on Computing, Mathematics and Engineering Technologies (iCoMET)10.1109/iCoMET57998.2023.10099351(1-6)Online publication date: 17-Mar-2023
https://doi.org/10.1109/iCoMET57998.2023.10099351
Basu SKarmakar SBera D(2022)Securing Cloud Virtual Machine Image Using Ethereum BlockchainInternational Journal of Information Security and Privacy10.4018/IJISP.29586816:1(1-22)Online publication date: 1-Apr-2022
https://doi.org/10.4018/IJISP.295868
Salem AAl-Sayyed R(2022)Security Framework for Hosting Systems on the Cloud: Case Study of Jordan E-Government Websites2022 International Conference on Emerging Trends in Computing and Engineering Applications (ETCEA)10.1109/ETCEA57049.2022.10009803(1-6)Online publication date: Nov-2022
https://doi.org/10.1109/ETCEA57049.2022.10009803
Gebremariam YDuguma DPark HKim YKim BYou I(2021)5G and beyond telco cloud: architecture and cybersecurity challenges2021 World Automation Congress (WAC)10.23919/WAC50355.2021.9559450(1-6)Online publication date: 1-Aug-2021
https://doi.org/10.23919/WAC50355.2021.9559450
Ma WZhou QHu MWang X(2021)A Deep Learning-Based Trust Assessment Method for Cloud UsersSecurity and Communication Networks10.1155/2021/99372292021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/9937229
Bohling FMueller TEckel MLindemann JVolkamer MWressnegger C(2020)Subverting Linux' integrity measurement architectureProceedings of the 15th International Conference on Availability, Reliability and Security10.1145/3407023.3407058(1-10)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3407023.3407058
Kashif UMemon ZSiddiqui SBalouch ABatra R(2019)Architectural Design of Trusted Platform for IaaS Cloud ComputingCloud Security10.4018/978-1-5225-8176-5.ch019(393-411)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-8176-5.ch019
(2019)Security Flaws and Design Issues in Cloud InfrastructureDetection and Mitigation of Insider Attacks in a Cloud Infrastructure10.4018/978-1-5225-7924-3.ch004(52-61)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7924-3.ch004
KARABEY AKSAKALLI İ(2019)BULUT BİLİŞİMDE GÜVENLIK ZAFİYETLERİ, TEHDİTLERI VE BU TEHDİTLERE YÖNELİK GÜVENLİK ÖNERİLERİUluslararası Bilgi Güvenliği Mühendisliği Dergisi10.18640/ubgmd.5440545:1(8-34)Online publication date: 15-Jun-2019
https://doi.org/10.18640/ubgmd.544054
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents