Property-based attestation for computing platforms: caring about properties, not mechanisms
NSPW '04 Proceedings of the 2004 workshop on New security paradigms
Trusted Computing Platforms: TCPA Technology in Context
Trusted Computing Platforms: TCPA Technology in Context
SubVirt: Implementing malware with virtual machines
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A Software-Based Trusted Platform Module Emulator
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Practical Techniques for Operating System Attestation
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Measuring Semantic Integrity for Remote Attestation
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
A generic proxy for secure smart card-enabled web applications
ICWE'10 Proceedings of the 10th international conference on Web engineering
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Enabling secure VM-vTPM migration in private clouds
Proceedings of the 27th Annual Computer Security Applications Conference
CheapBFT: resource-efficient byzantine fault tolerance
Proceedings of the 7th ACM european conference on Computer Systems
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Enforcing sticky policies with TPM and virtualization
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
An architecture for concurrent execution of secure environments in clouds
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Hi-index | 0.00 |
We introduce a technique that allows a hypervisor to safely share a TPM among its guest operating systems. The design allows guests full use of the TPM in legacy-compliant or functionally equivalent form. The design also allows guests to use the authenticated-operation facilities of the TPM (attestation, sealed storage) to authenticate themselves and their hosting environment. Finally, our design and implementation makes use of the hardware TPM wherever possible, which means that guests can enjoy the hardware key protection offered by a physical TPM. In addition to superior protection for cryptographic keys our technique is also much simpler than a full soft-TPM implementation.An important contribution of this paper is to show that a current TCG TPM 1.2 compliant TPM can be multiplexed easily and safely between multiple guest operating systems. However, the peculiar characteristics of the TPM mean that certain features (in particular those that involve PCRs) cannot be exposed unmodified, but instead need to be exposed in a functionally equivalent para-virtualized form. In such cases we provide an analysis of our reasoning on the right balance between the accuracy of virtualization, and the complexity of the resulting implementation.