Trusted virtual domains – design, implementation and lessons learned

Authors:
Luigi Catuogno;Alexandra Dmitrienko;Konrad Eriksson;Dirk Kuhlmann;Gianluca Ramunno;Ahmad-Reza Sadeghi;Steffen Schulz;Matthias Schunter;Marcel Winandy;Jing Zhan
Affiliations:
Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany;IBM Research, Zurich, Switzerland;Hewlett Packard Laboratories, Bristol, England;Dip. di Automatica e Informatica, Politecnico di Torino, Italy;Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany;Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany;IBM Research, Zurich, Switzerland;Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany;,Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany
Venue:
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Year:
2009

Citing 20
Cited 8

Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Building a MAC-Based Security Architecture for the Xen Open-Source Hypervisor

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Lazy Revocation in Cryptographic File Systems

SISW '05 Proceedings of the Third IEEE International Security in Storage Workshop
Linking remote attestation to secure tunnel endpoints

Proceedings of the first ACM workshop on Scalable trusted computing
Copilot - a coprocessor-based kernel runtime integrity monitor

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
vTPM: virtualizing the trusted platform module

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Linux kernel integrity measurement using contextual inspection

Proceedings of the 2007 ACM workshop on Scalable trusted computing
Towards automated provisioning of secure virtualized networks

Proceedings of the 14th ACM conference on Computer and communications security
TVDc: managing security in the trusted virtual datacenter

ACM SIGOPS Operating Systems Review
Para-Virtualized TPM Sharing

Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Property-Based TPM Virtualization

ISC '08 Proceedings of the 11th international conference on Information Security
An efficient implementation of trusted channels based on openssl

Proceedings of the 3rd ACM workshop on Scalable trusted computing
Flexible and secure enterprise rights management based on trusted virtual domains

Proceedings of the 3rd ACM workshop on Scalable trusted computing
Trusted Privacy Domains --- Challenges for Trusted Computing in Privacy-Protecting Information Sharing

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Towards automated security policy enforcement in multi-tenant virtual data centers

Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Security for the cloud infrastructure: trusted virtual data center implementation

IBM Journal of Research and Development
Transparent mobile storage protection in trusted virtual domains

LISA'09 Proceedings of the 23rd conference on Large installation system administration
Trusted virtual domains: toward secure distributed services

HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Secure key-updating for lazy revocation

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Enabling fairer digital rights management with trusted computing

ISC'07 Proceedings of the 10th international conference on Information Security

Trusted virtual domains on OpenSolaris: usable secure desktop environments

Proceedings of the fifth ACM workshop on Scalable trusted computing
Securing the e-health cloud

Proceedings of the 1st ACM International Health Informatics Symposium
Attestation of integrity of overlay networks

Journal of Systems Architecture: the EUROMICRO Journal
Trusted virtual domains on OKL4: secure information sharing on smartphones

Proceedings of the sixth ACM workshop on Scalable trusted computing
acTvSM: a dynamic virtualization platform for enforcement of application integrity

INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Virtualization: Issues, security threats, and solutions

ACM Computing Surveys (CSUR)
Client-controlled cryptography-as-a-service in the cloud

ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Flying over Mobile Clouds with Security Planes: Select Your Class of SLA for End-to-End Security

UCC '13 Proceedings of the 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

A Trusted Virtual Domain (TVD) is a coalition of virtual machines and resources (e.g., network, storage) that are distributed over multiple physical platforms and share a common security policy. The concept of TVDs and their usage scenarios have been studied extensively. However, details on certain implementation aspects have not been explored in depth yet, such as secure policy deployment and integration of heterogeneous virtualization and trusted computing technologies. In this paper, we present implementation aspects of the life cycle management of TVDs. We describe the components and protocols necessary to realize the TVD design on a cross-platform architecture and present our prototype implementation for the Xen and L4 microkernel platforms. In particular, we discuss the need for and the realization of intra-TVD access control, a hypervisor abstraction layer for simplified TVD management, necessary components of a TVD policy and revocation issues. We believe that these integration details are essential and helpful inputs for any large-scale real-world deployment of TVD.