Enabling secure VM-vTPM migration in private clouds

Boris Danev, Ramya Jayaram Masti, Ghassan O. Karame, Srdjan Capkun

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    The integration of Trusted Computing technologies into virtualized computing environments enables the hardware-based protection of private information and the detection of malicious software. Their use in virtual platforms, however, requires appropriate virtualization of their main component, the Trusted Platform Module (TPM) by means of virtual TPMs (vTPM). The challenge here is that the use of TPM virtualization should not impede classical platform processes such as virtual machine (VM) migration. In this work, we consider the problem of enabling secure migration of vTPM-based virtual machines in private clouds. We detail the requirements that a secure VM-vTPM migration solution should satisfy in private virtualized environments and propose a vTPM key structure suitable for VM-vTPM migration. We then leverage on this structure to construct a secure VM-vTPM migration protocol. We show that our protocol provides stronger security guarantees when compared to existing solutions for VM-vTPM migration. We evaluate the feasibility of our scheme via an implementation on the Xen hypervisor and we show that it can be directly integrated within existing hypervisors. Our Xenbased implementation can be downloaded as open-source software. Finally, we discuss how our scheme can be extended to support live-migration of vTPM-based VMs.

    Original languageEnglish
    Title of host publicationProceedings - 27th Annual Computer Security Applications Conference, ACSAC 2011
    Pages187-196
    Number of pages10
    DOIs
    Publication statusPublished - 2011
    Event27th Annual Computer Security Applications Conference, ACSAC 2011 - Orlando, FL, United States
    Duration: 5 Dec 20119 Dec 2011

    Other

    Other27th Annual Computer Security Applications Conference, ACSAC 2011
    Country/TerritoryUnited States
    CityOrlando, FL
    Period5/12/119/12/11

    Fingerprint

    Dive into the research topics of 'Enabling secure VM-vTPM migration in private clouds'. Together they form a unique fingerprint.

    Cite this