Presentation is loading. Please wait.

Presentation is loading. Please wait.

Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department.

Published byAllyson Norton Modified over 9 years ago

Similar presentations

Presentation on theme: "Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department."— Presentation transcript:

1 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA 1 vTPM: Virtualizing the Trusted Platform Module Joshua Schiffman

2 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 2 It could happen to you… Computers offer no implicit reason to trust them ‣ Key Loggers, root kits, spy ware Do you know of anyone who has fallen victim to one of these? What can we do?

3 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 3 Trusted Computing The Trusted Computing Group suggests we: ‣ Deploy a Trusted Platform Module (TPM) in all systems ‣ And an infrastructure to support their use Shamon? TPMs allow a system to: ‣ Gather and attest system state ‣ Store and generate cryptographic data ‣ Prove platform identity

4 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 4 Virtual Trust? Unfortunately, your computer might be an illusion… Advances in hardware virtualization ‣ Improve system utilization ‣ Saves money ‣ Gives the illusion of an independent system A Virtual Machine Monitor (Hypervisor) could control what data is measured by the TPM

5 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 5 Virtualize the TPM Cannot have multiple users per TPM Why don’t we just virtualize the TPM? ‣ It would violate its security properties Trust rooted in hardware VMs support unique lifecycles ‣ Suspend and Resume on different platforms How do you trust a transient environment?

6 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 6 Requirements Authors identify four requirements for vTPMs: ‣ Same usage model and command set ‣ Strong association between VM and its vTPM instance ‣ Strong association between real TPM and vTPM ‣ Easy to distinguish between real and virtual TPM

7 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 7 The vTPM Model Similar to Xen, Dom-0: ‣ Contains access to the hardware TPM ‣ Control of vTPM instances ‣ Can spawn vTPMs Client-side driver request are routed to the server-side drivers

8 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 8 Secure Coprocessor The vTPM design was made to be modular PCI-X Cryptographic Coprocessor ‣ Accelerated cryptographic engine ‣ Tamper-Responsive Not all TPMs have this support ‣ Expensive

9 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 9 Xend is your Friend Implementation modified Xen to support the vTPM ‣ Xen Management tool parses config file ‣ Xend determines where the vTPM manager is located Xenstore, frontend, backend, hotplug scripts ‣ A table of VM to vTPMs is also maintained Absence of mapping = create new instance Presence of mapping = resume vTPM

10 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 10 Driver Considerations Existing TPM protocol assumes ‣ Reliable bus ‣ Must ensure a response is given to the last message before suspending the OS Shared memory (grant tables) is used to communicate between Front and Backends Concurrent access

11 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 11 Interesting Issues VM migration Associating vTPM with underlying system Key management Trust Management

12 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 12 VM Migration Created extensions to TPM 1.2 command set ‣ vTPM Management / Migration / Utility commands Migration is rather straightforward: ‣ Create instance with associated nonce ‣ Lock source with nonce and encrypt with key Wrapped with parent TPM instance SRK ‣ Serialize and update message digest ‣ Migrate data, digest and verify

13 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 13 Associating the Real TPM The TPM has security properties that makes it different from most hardware ‣ Virturalized TPMs cannot be totally transparent ‣ Must have knowledge of the underlying system Solution: Divide the PCRs into localities ‣ Lower set used for system ‣ Upper set for the vTPM instance Issues with nested VMs?

14 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 14 Key Hierarchy Root keys stored inside the TPM to prevent leakage ‣ Endorsement Key (EK) to identify the platform Manufacture certificates not so common as once prescribed ‣ Storage Root Key (SRK) to seal (encrypt) data / keys vTPMs are too ephemeral to bind to hardware TPM ‣ They are kept independent of the platform ‣ Speeds key creation ‣ Persistent store emulated with real TPM

15 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 15 Trust Management AIKs and SKs follows a chain of keys rooted hardware Programs rely on these keys (TSS, User PS) ‣ Migrating VMs will change their host TPM EK ‣ vTPM EKs are freshly generated for each VM ‣ How can we identify a vTPM EK? Some VMs may not want to be on certain machines

16 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 16 Suggestions Create EK’ for each vTPM Create an AIK’ for all vTPMs Use a local authority to verify the vTPM Use a secure coprocessor

17 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 17 Create an EK

18 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 18 Create AIK

19 Systems and Internet Infrastructure Security (SIIS) LaboratoryPage 19 Take Away Virtualizing a TPM is not as easy as normal hardware ‣ Security and trust must be addressed It is not clear how to establish trust in a transient TPM identity ‣ We can compromise

Download ppt "Systems and Internet Infrastructure Security (SIIS) LaboratoryPage Systems and Internet Infrastructure Security Network and Security Research Center Department."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Vpn-info.com.

Vpn-info.com.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.

1 Trusted Systems in Networking Infrastructure Rafael Mantilla Montalvo Cisco Systems June 2013.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.
 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.

 Max Planck Institute for Software Systems Towards trusted cloud computing Nuno Santos, Krishna P. Gummadi, and Rodrigo Rodrigues MPI-SWS.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.

Trusted Disk Loading in the Emulab Network Testbed Cody Cutler, Mike Hibler, Eric Eide, Rob Ricci 1.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture notes.
Virtualization Ryan Cahoon Timothy Farkas Christopher Garcia Jeremy Slovak.

Virtualization Ryan Cahoon Timothy Farkas Christopher Garcia Jeremy Slovak.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS

Similar presentations

Ads by Google