vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
SecVisor: a tiny hypervisor to provide lifetime kernel code integrity for commodity OSes
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Lares: An Architecture for Secure Active Monitoring Using Virtualization
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
A Software-Based Trusted Platform Module Emulator
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Property-Based TPM Virtualization
ISC '08 Proceedings of the 11th international conference on Information Security
Enhancing Trusted Platform Modules with Hardware-Based Virtualization Techniques
SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Hypervisor support for identifying covertly executing binaries
SS'08 Proceedings of the 17th conference on Security symposium
BitVisor: a thin hypervisor for enforcing i/o device security
Proceedings of the 2009 ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Secure in-VM monitoring using hardware virtualization
Proceedings of the 16th ACM conference on Computer and communications security
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
TEE: a virtual DRTM based execution environment for secure cloud-end computing
Proceedings of the 17th ACM conference on Computer and communications security
Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Proceedings of the 18th ACM conference on Computer and communications security
SICE: a hardware-level strongly isolated computing environment for x86 multi-core platforms
Proceedings of the 18th ACM conference on Computer and communications security
Eliminating the hypervisor attack surface for a more secure cloud
Proceedings of the 18th ACM conference on Computer and communications security
Lockdown: towards a safe and practical architecture for security applications on commodity platforms
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM conference on Computer and communications security
Secure and robust monitoring of virtual machines through guest-assisted introspection
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Innovative instructions and software model for isolated execution
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
Using innovative instructions to create trustworthy software solutions
Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy
| Hi-index | 0.00 |
We propose an architecture that enables the creation and management of multiple, concurrent secure execution environments on multi-core systems. Our architecture is suitable for use in cloud settings where each user may require an independent secure environment within which he can run his sensitive applications. Our solution effectively scales architectures like Intel TXT which, both on single- and multi-core platforms, support the creation of only one secure environment. Unlike existing solutions that require significant hypervisor participation, our architecture relies on light-weight processor extensions and a novel hardware-based virtualized TPM that supports multiple, concurrent dynamic root of trust requests from different VMs. This, together with the virtualization extensions in modern processors, allows the use of a disengaged hypervisor that is only responsible for VM management (i.e., creation, deletion, startup, shutdown) and is not involved in the creation or management of secure execution environments. Such disengagement not only reduces hypervisor complexity but also its interaction with guest VMs and hence, the risk of system compromise. We show that our architecture provides guest applications independent secure environments within which they can concurrently execute, and protects them against other compromised system components including malicious VMs and peripherals. We also demonstrate the feasibility of realizing our architecture by emulating and testing it using QEMU.