Hagen Lauer
ABSTRACT
The Trusted Platform Module (TPM) can be used to establish trust in the software configuration of a computer. Virtualizing the TPM is a logical next step towards building trusted cloud environments and providing a virtual TPM to a virtual machine promises a continuation of trusted computing concepts. The association between a virtual TPM and a virtual machine is a critical concern. We show that a "trusted'' virtualized platform may fall victim to a Goldeneye attack. In this work, we put forward a formal model for virtualization systems and trusted virtualized platforms. We pair this with a model for establishing trust in a virtualized platform following conventional reasoning over trusted computing systems. We show that if a Goldeneye attack is successful, it would allow a verifier to establish trust in an untrustworthy platform. We discuss attack vectors and possible solutions which would mitigate Goldeneye.
- A. M. Azab, P. Ning , E. C. Sezer, and X. Zhang. 2009. HIMA: A Hypervisor-Based Integrity Measurement Agent. In 2009 Annual Computer Security Applications Conference. ACSA, San Juan, USA, 461--470. https://doi.org/10.1109/ACSAC.2009.50Google Scholar
- Paul Barham et almbox. 2003. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP '03). ACM, New York, NY, USA, 164--177. https://doi.org/10.1145/945445.945462Google Scholar
- Stefan Berger et almbox. 2006. vTPM: Virtualizing the Trusted Platform Module. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15 (USENIX-SS'06). USENIX Association, Berkeley, CA, USA, Article 21. http://dl.acm.org/citation.cfm?id=1267336.1267357Google Scholar
- Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct Anonymous Attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04). ACM, New York, NY, USA, 132--145. https://doi.org/10.1145/1030083.1030103Google ScholarDigital Library
- Giovanni Conforti et almbox. 2005. Spatial Logics for Bigraphs. In Automata, Languages and Programming . Springer Berlin Heidelberg, Berlin, Heidelberg, 766--778.Google Scholar
- Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 857--874. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costanGoogle ScholarDigital Library
- Boris Danev, Ramya Jayaram Masti, Ghassan O. Karame, and Srdjan Capkun. 2011. Enabling Secure VM-vTPM Migration in Private Clouds. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11). ACM, New York, NY, USA, 187--196. https://doi.org/10.1145/2076732.2076759Google ScholarDigital Library
- Trusted Computing Group. 2011. Virtualized Trusted Platform Architecture Specification. Trusted Computing Group. Rev. 1.26.Google Scholar
- Trusted Computing Group. 2014. TCG EK Credential Profile. Accessed: 2019-05-01.Google Scholar
- ISO. 2015. Trusted Platform Module Library . ISO ISO/IEC 11889--1:2015. International Organization for Standardization, Geneva, Switzerland.Google Scholar
- ISO. 2018. ISO/IEC NP 27070 Information Technology -- Security Techniques -- Security requirements for establishing virtualized roots of trust. https://www.iso.org/standard/56571.html. Accessed: 2018-10-31.Google Scholar
- Eric Jonas et almbox. 2019. Cloud Programming Simplified: A Berkeley View on Serverless Computing. arXiv e-prints, Article arXiv:1902.03383 (Feb 2019), pages arXiv:1902.03383 pages. arxiv: cs.OS/1902.03383Google Scholar
- Gerwin Klein et almbox. 2009. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (SOSP '09). ACM, New York, NY, USA, 207--220. https://doi.org/10.1145/1629575.1629596Google Scholar
- H. Lauer et almbox. 2019. A Logic for Secure Stratified Systems and its Application to Containerized Systems. In 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications. IEEE, Rotorua, New Zealand, 1--8. https://doi.org/tbaGoogle ScholarCross Ref
- H. Lauer and N. Kuntze. 2016. Hypervisor-Based Attestation of Virtual Environments. In Advanced and Trusted Computing (ATC), 2016 Intl IEEE Conferences. IEEE, IEEE, Toulouse, 333--340.Google Scholar
- Andrew Martin. 2008. The ten-page introduction to Trusted Computing.Google Scholar
- Robin Milner. 2009. The Space and Motion of Communicating Agents 1st ed.). Cambridge University Press, New York, NY, USA.Google Scholar
- Bryan Parno. 2008. Bootstrapping Trust in a "Trusted" Platform. In Proceedings of the 3rd Conference on Hot Topics in Security (HOTSEC'08). USENIX Association, Berkeley, CA, USA, Article 9, pages 6 pages. http://dl.acm.org/citation.cfm?id=1496671.1496680Google ScholarDigital Library
- Ali Raza et almbox. 2019. Unikernels: The Next Stage of Linux's Dominance. In Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS '19). ACM, New York, NY, USA, 7--13. https://doi.org/10.1145/3317550.3321445Google Scholar
- Andre Rein. 2017. DRIVE: Dynamic Runtime Integrity Verification and Evaluation. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 728--742. https://doi.org/10.1145/3052973.3052975Google ScholarDigital Library
- Mark D. Ryan. 2013. Cloud Computing Security. J. Syst. Softw., Vol. 86, 9 (Sept. 2013), 2263--2268. https://doi.org/10.1016/j.jss.2012.12.025Google ScholarDigital Library
- Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (SSYM'04). USENIX Association, Berkeley, CA, USA, 16--16. http://dl.acm.org/citation.cfm?id=1251375.1251391Google ScholarDigital Library
- Nabil Schear, Patrick T. Cable, II, Thomas M. Moyer, Bryan Richard, and Robert Rudd. 2016. Bootstrapping and Maintaining Trust in the Cloud. In Proceedings of the 32Nd Annual Conference on Computer Security Applications (ACSAC '16). ACM, New York, NY, USA, 65--77. https://doi.org/10.1145/2991079.2991104Google ScholarDigital Library
- Juhyung Son et almbox. 2017. Quantitative Analysis of Measurement Overhead for Integrity Verification. In Proceedings of the Symposium on Applied Computing (SAC '17). ACM, New York, NY, USA, 1528--1533. https://doi.org/10.1145/3019612.3019738Google Scholar
Index Terms
- Bootstrapping Trust in a "Trusted" Virtualized Platform
Recommendations
Research on Trust Evaluation Model Based on TPM
FCST '09: Proceedings of the 2009 Fourth International Conference on Frontier of Computer Science and TechnologyTrusted computing is an important research field in information security and trust evaluation for trust model is the key issue to be resolved. It is great significance for ensuring security of trust model for trusted computing to analyze normally and ...
A Trust Model for Heterogeneous Trusted Computing Architectures
NSWCTC '09: Proceedings of the 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 02Chinese specification for trusted computing has adopted a different cryptography scheme from specifications released by trusted computing group (TCG). Although the two sets of specifications are functional compatible, it is hard for different platforms ...
A General Trust Model Based on Trust Algebra
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 01The growing importance of Trust in the realm of open network environment introduces further research on it, due to the special significance of trust to whole system. We view trust as a relation among entities that participate in an action meeting the ...
Comments