Abstract
Service providers use virtualization technology to better serve their remote customers and to efficiently use their resources. In particular when virtualization is used within critical infrastructures such as industrial control systems security of the virtual machines is crucial. Creating fully secure systems based on a verified small trusted computing base (TCB) is desirable to minimize the attack surface of the host system. However, attacks can still occur, and sometimes it is not practically possible to provide a small TCB or to completely replace a running system to enforce security. Thus, remote monitoring of the integrity of VMs is desired to confirm their trusted state. In general, it is a complex task to incorporate on-demand system integrity verification into the existing host system to measure a hosted virtual machine (VM) at runtime and to switch back at runtime to the trusted state whenever a change or a manipulation is detected. Also it is necessary to provide the host machine’s integrity information along with the VM to remote customers when such status are seeked. In this paper, we address the problem of securing an existing or new host machine with on-demand integrity measurement solution to offer a fresh and trusted VM whenever some illegitimate changes are detected in the current VM. The solution is targeted at smaller devices with a limited number of VMs and customers per device. It also assumes VMs to be rather stable and does not use virtual TPMs. Thus, it focuses on secure virtualization in critical environments, automation, or industry control systems.
Highlights
The virtualization concept was initially introduced by IBM in mid 1960s Karger (2005)
We hope it will encourage many organizations to test their system for virtual machine (VM) suitability
The solution is targeted at smaller systems in critical environments
Summary
The virtualization concept was initially introduced by IBM in mid 1960s Karger (2005). To offer new services to customers, it is often necessary to utilize remote systems provided by third parties, where each third party can accommodate different virtual machines (VMs) from different service providers. These remote systems can already host different virtual machines from different service providers, so to integrate new security solutions that require modification of the host or guest operating system will significantly reduce our flexibility or make it impossible to deploy. A novel Trusted Virtual Machine Management solution inside a host machine that can be deployed in commodity computers (i.e., commodity hardware and software) without replacing the existing system is necessary. It should support easy installation on a new machine. Running prototypes use ARM architectures with a I2C trusted platform module
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
