Journal of the ACM (JACM)
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Semantic remote attestation: a virtual machine directed approach to trusted computing
VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Towards automated provisioning of secure virtualized networks
Proceedings of the 14th ACM conference on Computer and communications security
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Statistical secrecy and multibit commitments
IEEE Transactions on Information Theory
Extending virtualization services with trust guarantees via behavioral monitoring
Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems
Measuring Semantic Integrity for Remote Attestation
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Towards automated security policy enforcement in multi-tenant virtual data centers
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
Scheduler vulnerabilities and coordinated attacks in cloud computing
Journal of Computer Security
| Hi-index | 0.00 |
We address the problem of integrity management in a virtualized environment. We introduce a formal integrity model for managing the integrity of arbitrary aspects of a virtualized system. Based on the model, we describe an architecture called PEV, which stands for protection, enforcement, and verification. The architecture generalizes the integrity management functions of the Trusted Platform Module (TPM) to cover not just software binaries, but also VMs, virtual devices, and a wide range of security policies. The architecture enables the verification of security compliance and enforcement of security policies. We describe a prototype implementation of the architecture based on the Xen hypervisor. We demonstrate the policy enforcement and compliance checking capabilities of our prototype through multiple use cases.