research-article

Bootstrapping Trust in a "Trusted" Virtualized Platform

Authors:

Carsten Rudolph,

Surya NepalAuthors Info & Claims

CYSARM'19: Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race

Pages 11 - 22

https://doi.org/10.1145/3338511.3357347

Published: 15 November 2019 Publication History

Abstract

The Trusted Platform Module (TPM) can be used to establish trust in the software configuration of a computer. Virtualizing the TPM is a logical next step towards building trusted cloud environments and providing a virtual TPM to a virtual machine promises a continuation of trusted computing concepts. The association between a virtual TPM and a virtual machine is a critical concern. We show that a "trusted'' virtualized platform may fall victim to a Goldeneye attack. In this work, we put forward a formal model for virtualization systems and trusted virtualized platforms. We pair this with a model for establishing trust in a virtualized platform following conventional reasoning over trusted computing systems. We show that if a Goldeneye attack is successful, it would allow a verifier to establish trust in an untrustworthy platform. We discuss attack vectors and possible solutions which would mitigate Goldeneye.

References

[1]

A. M. Azab, P. Ning, E. C. Sezer, and X. Zhang. 2009. HIMA: A Hypervisor-Based Integrity Measurement Agent. In 2009 Annual Computer Security Applications Conference. ACSA, San Juan, USA, 461--470. https://doi.org/10.1109/ACSAC.2009.50

[2]

Paul Barham et almbox. 2003. Xen and the Art of Virtualization. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles (SOSP '03). ACM, New York, NY, USA, 164--177. https://doi.org/10.1145/945445.945462

[3]

Stefan Berger et almbox. 2006. vTPM: Virtualizing the Trusted Platform Module. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15 (USENIX-SS'06). USENIX Association, Berkeley, CA, USA, Article 21. http://dl.acm.org/citation.cfm?id=1267336.1267357

[4]

Ernie Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct Anonymous Attestation. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS '04). ACM, New York, NY, USA, 132--145. https://doi.org/10.1145/1030083.1030103

Digital Library

[5]

Giovanni Conforti et almbox. 2005. Spatial Logics for Bigraphs. In Automata, Languages and Programming . Springer Berlin Heidelberg, Berlin, Heidelberg, 766--778.

[6]

Victor Costan, Ilia Lebedev, and Srinivas Devadas. 2016. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 857--874. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/costan

Digital Library

[7]

Boris Danev, Ramya Jayaram Masti, Ghassan O. Karame, and Srdjan Capkun. 2011. Enabling Secure VM-vTPM Migration in Private Clouds. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11). ACM, New York, NY, USA, 187--196. https://doi.org/10.1145/2076732.2076759

Digital Library

[8]

Trusted Computing Group. 2011. Virtualized Trusted Platform Architecture Specification. Trusted Computing Group. Rev. 1.26.

[9]

Trusted Computing Group. 2014. TCG EK Credential Profile. Accessed: 2019-05-01.

[10]

ISO. 2015. Trusted Platform Module Library . ISO ISO/IEC 11889--1:2015. International Organization for Standardization, Geneva, Switzerland.

[11]

ISO. 2018. ISO/IEC NP 27070 Information Technology -- Security Techniques -- Security requirements for establishing virtualized roots of trust. https://www.iso.org/standard/56571.html. Accessed: 2018-10-31.

[12]

Eric Jonas et almbox. 2019. Cloud Programming Simplified: A Berkeley View on Serverless Computing. arXiv e-prints, Article arXiv:1902.03383 (Feb 2019), pages arXiv:1902.03383 pages. arxiv: cs.OS/1902.03383

[13]

Gerwin Klein et almbox. 2009. seL4: Formal Verification of an OS Kernel. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (SOSP '09). ACM, New York, NY, USA, 207--220. https://doi.org/10.1145/1629575.1629596

[14]

H. Lauer et almbox. 2019. A Logic for Secure Stratified Systems and its Application to Containerized Systems. In 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications. IEEE, Rotorua, New Zealand, 1--8. https://doi.org/tba

[15]

H. Lauer and N. Kuntze. 2016. Hypervisor-Based Attestation of Virtual Environments. In Advanced and Trusted Computing (ATC), 2016 Intl IEEE Conferences. IEEE, IEEE, Toulouse, 333--340.

[16]

Andrew Martin. 2008. The ten-page introduction to Trusted Computing.

[17]

Robin Milner. 2009. The Space and Motion of Communicating Agents 1st ed.). Cambridge University Press, New York, NY, USA.

[18]

Bryan Parno. 2008. Bootstrapping Trust in a "Trusted" Platform. In Proceedings of the 3rd Conference on Hot Topics in Security (HOTSEC'08). USENIX Association, Berkeley, CA, USA, Article 9, pages 6 pages. http://dl.acm.org/citation.cfm?id=1496671.1496680

Digital Library

[19]

Ali Raza et almbox. 2019. Unikernels: The Next Stage of Linux's Dominance. In Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS '19). ACM, New York, NY, USA, 7--13. https://doi.org/10.1145/3317550.3321445

[20]

Andre Rein. 2017. DRIVE: Dynamic Runtime Integrity Verification and Evaluation. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS '17). ACM, New York, NY, USA, 728--742. https://doi.org/10.1145/3052973.3052975

Digital Library

[21]

Mark D. Ryan. 2013. Cloud Computing Security. J. Syst. Softw., Vol. 86, 9 (Sept. 2013), 2263--2268. https://doi.org/10.1016/j.jss.2012.12.025

Digital Library

[22]

Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. 2004. Design and Implementation of a TCG-based Integrity Measurement Architecture. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (SSYM'04). USENIX Association, Berkeley, CA, USA, 16--16. http://dl.acm.org/citation.cfm?id=1251375.1251391

Digital Library

[23]

Nabil Schear, Patrick T. Cable, II, Thomas M. Moyer, Bryan Richard, and Robert Rudd. 2016. Bootstrapping and Maintaining Trust in the Cloud. In Proceedings of the 32Nd Annual Conference on Computer Security Applications (ACSAC '16). ACM, New York, NY, USA, 65--77. https://doi.org/10.1145/2991079.2991104

Digital Library

[24]

Juhyung Son et almbox. 2017. Quantitative Analysis of Measurement Overhead for Integrity Verification. In Proceedings of the Symposium on Applied Computing (SAC '17). ACM, New York, NY, USA, 1528--1533. https://doi.org/10.1145/3019612.3019738

Cited By

Pontes DSilva FMelo AFalcão EBrito A(2024)Interoperable node integrity verification for confidential machines based on AMD SEV-SNPJournal of Internet Services and Applications10.5753/jisa.2024.390515:1(179-193)Online publication date: 25-Jul-2024
https://doi.org/10.5753/jisa.2024.3905
Pontes DSilva FFalcão EBrito A(2023)Attesting AMD SEV-SNP Virtual Machines with SPIREProceedings of the 12th Latin-American Symposium on Dependable and Secure Computing10.1145/3615366.3615419(1-10)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3615366.3615419
Bradbury MPrince DMarcinkiewicz VWatson T(2022)Attributes and Dimensions of Trust in Secure SystemsProceedings of the 12th International Conference on the Internet of Things10.1145/3567445.3571105(179-186)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3567445.3571105
Show More Cited By

Index Terms

Bootstrapping Trust in a "Trusted" Virtualized Platform
1. Security and privacy
  1. Formal methods and theory of security
    1. Trust frameworks
  2. Systems security
    1. Operating systems security
      1. Trusted computing
      2. Virtualization and security

Recommendations

Research on Trust Evaluation Model Based on TPM
FCST '09: Proceedings of the 2009 Fourth International Conference on Frontier of Computer Science and Technology

Trusted computing is an important research field in information security and trust evaluation for trust model is the key issue to be resolved. It is great significance for ensuring security of trust model for trusted computing to analyze normally and ...
A Trust Model for Heterogeneous Trusted Computing Architectures
NSWCTC '09: Proceedings of the 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 02

Chinese specification for trusted computing has adopted a different cryptography scheme from specifications released by trusted computing group (TCG). Although the two sets of specifications are functional compatible, it is hard for different platforms ...
A General Trust Model Based on Trust Algebra
MINES '09: Proceedings of the 2009 International Conference on Multimedia Information Networking and Security - Volume 01

The growing importance of Trust in the realm of open network environment introduces further research on it, due to the special significance of trust to whole system. We view trust as a relation among entities that participate in an action meeting the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CYSARM'19: Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race

November 2019

59 pages

ISBN:9781450368407

DOI:10.1145/3338511

General Chairs:
Liqun Chen
University of Surrey, UK
,
Chris Mitchell
Royal Holloway, University of London, UK
,
Program Chairs:
Thanassis Giannetsos
Technical University of Denmark, DK
,
Daniele Sgandurra
Royal Holloway, University of London, UK

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 15, 2019

London, United Kingdom

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
307
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)1

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pontes DSilva FMelo AFalcão EBrito A(2024)Interoperable node integrity verification for confidential machines based on AMD SEV-SNPJournal of Internet Services and Applications10.5753/jisa.2024.390515:1(179-193)Online publication date: 25-Jul-2024
https://doi.org/10.5753/jisa.2024.3905
Pontes DSilva FFalcão EBrito A(2023)Attesting AMD SEV-SNP Virtual Machines with SPIREProceedings of the 12th Latin-American Symposium on Dependable and Secure Computing10.1145/3615366.3615419(1-10)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3615366.3615419
Bradbury MPrince DMarcinkiewicz VWatson T(2022)Attributes and Dimensions of Trust in Secure SystemsProceedings of the 12th International Conference on the Internet of Things10.1145/3567445.3571105(179-186)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3567445.3571105
Ozga WLe Quoc DFetzer C(2021)TRIGLAV: Remote Attestation of the Virtual Machine's Runtime Integrity in Public Clouds2021 IEEE 14th International Conference on Cloud Computing (CLOUD)10.1109/CLOUD53861.2021.00013(1-12)Online publication date: Sep-2021
https://doi.org/10.1109/CLOUD53861.2021.00013
Bursell M(2021)ReferencesTrust in Computer Systems and the Cloud10.1002/9781119695158.refs(309-319)Online publication date: 29-Oct-2021
https://doi.org/10.1002/9781119695158.refs
Suciu DMcLaughlin SSimon LSion RCapkun SRoesner F(2020)Horizontal privilege escalation in trusted applicationsProceedings of the 29th USENIX Conference on Security Symposium10.5555/3489212.3489259(825-840)Online publication date: 12-Aug-2020
https://dl.acm.org/doi/10.5555/3489212.3489259
Larsen BDebes HGiannetsos T(2020)CloudVaults: Integrating Trust Extensions into System Integrity Verification for Cloud-Based EnvironmentsComputer Security10.1007/978-3-030-66504-3_12(197-220)Online publication date: 24-Dec-2020
https://doi.org/10.1007/978-3-030-66504-3_12

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten