An Open Trusted Computing Architecture — Secure Virtual Machines Enabling User-Defined Policy Enforcement

Virtualization of computers enables a wide variety of applications ranging from server consolidation to secure sandboxing of malicious content. Today, lack of security of virtual machines is a major obstacle for broad adoption of virtual machine technology. We address this obstacle by an open architecture that adds scalable trusted computing concepts to a virtual machine infrastructure. The platform has a layered system architecture, and from bottom to top consists of a Trusted Platform Module (TPM) specified by the Trusted Computing Group (TCG), a trusted virtualization layer with strong isolation properties (among virtual machines) and well-defined interfaces to the TPM, and security services (such as protected storage, security policy enforcement, and identity management). We describe the guiding principles and the overall architecture of the platform, and detail the advantages of such an architecture. The platform can be leveraged to significantly enhance the security and trust properties of the standard operating systems, middleware, and applications hosted atop the platform. We believe the platform has wide-ranging applicability particularly in the context of distributed scenarios with inherent, multilateral trust and security requirements. We give examples of such scenarios that would be enabled by the platform.

By: Dirk Kuhlmann; Rainer Landfermann; Hari V. Ramasamy; Matthias Schunter; Gianluca Ramunno; Davide Vernizzi

Published in: RZ3655 in 2006

LIMITED DISTRIBUTION NOTICE:

This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.

rz3655.pdf

Questions about this service can be mailed to reports@us.ibm.com .