TPM Virtualization: Building a General Framework Export

@incollection{SRWGV2007, abstract = {Trusted Computing has been widely recognized as a useful and necessary extension of more traditional security mechanisms. In today's complex multi-device environment, it is essential to be assured that devices participating in transactions can be trusted. The Trusted Computing Group (TCG) has created a set of specifications and accompanying infrastructure defining means of assurance to build a trusted environment. Continuing interest in virtualization as a way to extend flexibility in diverse computing environments while addressing issues of underutilization of equipment and energy consumption brings additional complexities to current and future models of trusted computing. This chapter is a research paper, rather than a discussion of issues for a practical implementation. We talk about today's trusted computing environment by briefly describing Intel Trusted Execution Technology (formerly LaGrande Technology) as an example implementation of a trusted platform. We dedicate a few sections to the basics of Trusted Platform Modules (TPMs) as defined in TCG specifications, before moving to focus primarily on describing a generalized framework for TPM virtualization. A Virtual TPM (VTPM) framework provides a set of services for trustworthy Virtual TPMs or proprietary TPM-like software. This framework allows multiple mutually distrustful and unaware guests to share a TPM without requiring modifications to guest operating systems or applications that they are running. Additionally, the framework supports the custom cryptographic subsystems with enhanced proprietary functionality that can be adapted to multiple use models. The proposed framework leverages the TPM to ensure that the trustworthiness of the VTPM is rooted in hardware. The proposed framework can be used to design VTPMs with varying security and performance profiles. TPM features optimizing the performance or security in the framework are discussed at the end of the chapter followed by conclusions.}, author = {Scarlata, Vincent and Rozas, Carlos and Wiseman, Monty and Grawrock, David and Vishik, Claire}, booktitle = {Trusted Computing}, citeulike-article-id = {2586659}, citeulike-linkout-0 = {http://dx.doi.org/10.1007/978-3-8348-9452-6_4}, doi = {10.1007/978-3-8348-9452-6_4}, editor = {Pohlmann, Norbert and Reimer, Helmut}, keywords = {security, trusted-computing, vtpm}, pages = {43--56}, posted-at = {2008-03-25 17:31:27}, priority = {5}, publisher = {Vieweg}, title = {TPM Virtualization: Building a General Framework}, url = {http://dx.doi.org/10.1007/978-3-8348-9452-6_4}, year = {2007} }

TY - CHAP ID - SRWGV2007 L3 - citeulike-article-id:2586659 N2 - Trusted Computing has been widely recognized as a useful and necessary extension of more traditional security mechanisms. In today's complex multi-device environment, it is essential to be assured that devices participating in transactions can be trusted. The Trusted Computing Group (TCG) has created a set of specifications and accompanying infrastructure defining means of assurance to build a trusted environment. Continuing interest in virtualization as a way to extend flexibility in diverse computing environments while addressing issues of underutilization of equipment and energy consumption brings additional complexities to current and future models of trusted computing. This chapter is a research paper, rather than a discussion of issues for a practical implementation. We talk about today's trusted computing environment by briefly describing Intel Trusted Execution Technology (formerly LaGrande Technology) as an example implementation of a trusted platform. We dedicate a few sections to the basics of Trusted Platform Modules (TPMs) as defined in TCG specifications, before moving to focus primarily on describing a generalized framework for TPM virtualization. A Virtual TPM (VTPM) framework provides a set of services for trustworthy Virtual TPMs or proprietary TPM-like software. This framework allows multiple mutually distrustful and unaware guests to share a TPM without requiring modifications to guest operating systems or applications that they are running. Additionally, the framework supports the custom cryptographic subsystems with enhanced proprietary functionality that can be adapted to multiple use models. The proposed framework leverages the TPM to ensure that the trustworthiness of the VTPM is rooted in hardware. The proposed framework can be used to design VTPMs with varying security and performance profiles. TPM features optimizing the performance or security in the framework are discussed at the end of the chapter followed by conclusions. EP - 56 TI - TPM Virtualization: Building a General Framework PB - Vieweg T2 - Trusted Computing SP - 43 KW - security KW - trusted-computing KW - vtpm AU - Scarlata, Vincent AU - Rozas, Carlos AU - Wiseman, Monty AU - Grawrock, David AU - Vishik, Claire A2 - Pohlmann, Norbert A2 - Reimer, Helmut PY - 2007/// UR - http://dx.doi.org/10.1007/978-3-8348-9452-6_4 ER -