TU Darmstadt / ULB / TUbiblio

Property-Based TPM Virtualization

Sadeghi, Ahmad-Reza and Stüble, Christian and Winandy, Marcel (2008):
Property-Based TPM Virtualization.
In: Information Security, 11th International Conference (ISC 2008), In: LNCS, [Conference or Workshop Item]

Abstract

Today, virtualization technologies and hypervisors celebrate their rediscovery. Especially migration of virtual machines (VMs) between hardware platforms provides a useful and cost-effective means to manage complex IT infrastructures. A challenge in this context is the virtualization of hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization, however, have various shortcomings that hinder the deployment to a wide range of useful scenarios. In this paper, we address these shortcomings by presenting a flexible and privacy-preserving design of a virtual TPM that in contrast to existing solutions supports different approaches for measuring the platform's state and for key generation, and uses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like TPM.

Item Type: Conference or Workshop Item
Erschienen: 2008
Creators: Sadeghi, Ahmad-Reza and Stüble, Christian and Winandy, Marcel
Title: Property-Based TPM Virtualization
Language: German
Abstract:

Today, virtualization technologies and hypervisors celebrate their rediscovery. Especially migration of virtual machines (VMs) between hardware platforms provides a useful and cost-effective means to manage complex IT infrastructures. A challenge in this context is the virtualization of hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization, however, have various shortcomings that hinder the deployment to a wide range of useful scenarios. In this paper, we address these shortcomings by presenting a flexible and privacy-preserving design of a virtual TPM that in contrast to existing solutions supports different approaches for measuring the platform's state and for key generation, and uses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like TPM.

Title of Book: Information Security, 11th International Conference (ISC 2008)
Series Name: LNCS
Number: 5222
Uncontrolled Keywords: Secure Things;Property-Based Attestation, Virtual TPM
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 10 Mar 2016 10:18
Identification Number: TUD-CS-2008-11483
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item