An approach to a trustworthy system architecture using virtualization

Authors:
Frederic Stumpf;Michael Benz;Martin Hermanowski;Claudia Eckert
Affiliations:
Department of Computer Science, Darmstadt University of Technology, Darmstadt, Germany;Department of Computer Science, Darmstadt University of Technology, Darmstadt, Germany;Department of Computer Science, Darmstadt University of Technology, Darmstadt, Germany;Department of Computer Science, Darmstadt University of Technology, Darmstadt, Germany
Venue:
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
Year:
2007

Citing 11
Cited 5

A Retrospective on the VAX VMM Security Kernel

IEEE Transactions on Software Engineering
On micro-kernel construction

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Exokernel: an operating system architecture for application-level resource management

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
Application and analysis of the virtual machine approach to information system security and isolation

Proceedings of the workshop on virtual computer systems
Xen and the art of virtualization

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing

SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Direct anonymous attestation

Proceedings of the 11th ACM conference on Computer and communications security
Virtual Machine Monitors: Current Technology and Future Trends

Computer
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
vTPM: virtualizing the trusted platform module

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
New directions in cryptography

IEEE Transactions on Information Theory

Improving the scalability of platform attestation

Proceedings of the 3rd ACM workshop on Scalable trusted computing
An architecture providing virtualization-based protection mechanisms against insider attacks

WISA'07 Proceedings of the 8th international conference on Information security applications
Managing application whitelists in trusted distributed systems

Future Generation Computer Systems
Specification and Standardization of a Java Trusted Computing API

Software—Practice & Experience
On-demand software licence provisioning in grid and cloud computing

International Journal of Grid and Utility Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a system architecture for trusted transactions in highly sensitive environments. This architecture takes advantage of techniques provided by the Trusted Computing Group (TCG) to attest the system state of the communication partners, to guarantee that the system is free of malware and that its software has not been tampered with. To achieve meaningful attestation, virtualization is used to establish several different execution environments. The attestation process is limited to a fragment of the software running on the platform, more specifically, to the part requesting access to sensitive data. The Trusted Platform Module (TPM) is virtualized, in order to make it accessible for an execution environment with a higher trust level.