Stefan Berger |
Ramón Cáceres |
Kenneth A. Goldman |
Ronald Perez |
Reiner Sailer |
Leendert van Doorn |
{stefanb, caceres, kgoldman, ronpz, sailer, leendert}@us.ibm.com
IBM T. J. Watson Research Center
We present the design and implementation of a system that enables
trusted computing for an unlimited number of virtual machines on a
single hardware platform.
To this end, we virtualized
the Trusted Platform Module (TPM).
As a result, the TPM's secure storage and
cryptographic functions are available to operating systems
and applications running in virtual machines.
Our new facility supports higher-level services
for establishing trust in virtualized environments,
for example remote attestation of software integrity.
We implemented the full TPM specification in software and added
functions to create and destroy virtual TPM instances.
We integrated our software TPM into a hypervisor environment to make
TPM functions available to virtual machines.
Our virtual TPM supports
suspend and resume operations, as well as migration of a virtual
TPM instance with its
respective virtual machine across platforms.
We present four designs for certificate chains to link the virtual TPM to a
hardware TPM, with security vs. efficiency trade-offs based on threat models.
Finally, we demonstrate a working system by layering an existing
integrity measurement application on top of our virtual TPM facility.