Abstract
The integration of Trusted Computing technologies into virtualized computing environments enables the hardware-based protection of private information and the detection of malicious software. Their use in virtual platforms, however, requires appropriate virtualization of their main component, the Trusted Platform Module (TPM) by means of virtual TPMs (vTPM). The challenge here is that the use of TPM virtualization should not impede classical platform processes such as virtual machine (VM) migration. In this work, we consider the problem of enabling secure migration of vTPM-based virtual machines in private clouds. We detail the requirements that a secure VM-vTPM migration solution should satisfy in private virtualized environments and propose a vTPM key structure suitable for VM-vTPM migration. We then leverage on this structure to construct a secure VM-vTPM migration protocol. We show that our protocol provides stronger security guarantees when compared to existing solutions for VM-vTPM migration. We evaluate the feasibility of our scheme via an implementation on the Xen hypervisor and we show that it can be directly integrated within existing hypervisors. Our Xenbased implementation can be downloaded as open-source software. Finally, we discuss how our scheme can be extended to support live-migration of vTPM-based VMs.
Original language | English |
---|---|
Title of host publication | Proceedings - 27th Annual Computer Security Applications Conference, ACSAC 2011 |
Pages | 187-196 |
Number of pages | 10 |
DOIs | |
Publication status | Published - 2011 |
Event | 27th Annual Computer Security Applications Conference, ACSAC 2011 - Orlando, FL, United States Duration: 5 Dec 2011 → 9 Dec 2011 |
Other
Other | 27th Annual Computer Security Applications Conference, ACSAC 2011 |
---|---|
Country/Territory | United States |
City | Orlando, FL |
Period | 5/12/11 → 9/12/11 |