acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

Ronald Tögl; Martin Pirker; Michael Gissing

doi:10.1007/978-3-642-25283-9_22

acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

Ronald Tögl, Martin Pirker, Michael Gissing

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.

In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.

Originalsprache	englisch
Titel	Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers
Erscheinungsort	Berlin; Heidelberg
Herausgeber (Verlag)	Springer Verlag
Seiten	326-345
Band	6802
ISBN (Print)	978-3-642-25282-2
DOIs	https://doi.org/10.1007/978-3-642-25283-9_22
Publikationsstatus	Angenommen/In Druck - 2011
Veranstaltung	International Conference on Trusted Systems - Beijing, China Dauer: 13 Dez. 2010 → 15 Dez. 2010

Publikationsreihe

Name	Lecture Notes in Computer Science
Herausgeber (Verlag)	Springer Verlag
Band	6802

Konferenz

Konferenz	International Conference on Trusted Systems
Land/Gebiet	China
Ort	Beijing
Zeitraum	13/12/10 → 15/12/10

Fields of Expertise

Information, Communication & Computing

Treatment code (Nähere Zuordnung)

Application
Experimental

Zugriff auf Dokument

10.1007/978-3-642-25283-9_22

INTRUST2010_final_proceedings_INTRUST2010.pdfAkzeptiertes Autorenmanuskript, 2,03 MB

acTVsM! - Advanced Cryptographic Trusted Virtual Security Module
Tögl, R., Pirker, M., Niederl, A. & Bloem, R.
1/04/09 → 31/03/11
Projekt: Forschungsprojekt
Trusted Computing
Niederl, A., Lipp, P., Hein, D., Vejda, T., Podesser, S., Tögl, R., Dietrich, K., Bratko, H., Winter, J. & Pirker, M.
1/10/05 → 15/07/19
Projekt: Arbeitsgebiet

Dieses zitieren

Tögl, R., Pirker, M., & Gissing, M. (Angenommen/Im Druck). acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. in Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers (Band 6802, S. 326-345). (Lecture Notes in Computer Science; Band 6802). Springer Verlag. https://doi.org/10.1007/978-3-642-25283-9_22

acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. / Tögl, Ronald; Pirker, Martin; Gissing, Michael.
Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers. Band 6802 Berlin; Heidelberg: Springer Verlag, 2011. S. 326-345 (Lecture Notes in Computer Science; Band 6802).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Tögl, R, Pirker, M & Gissing, M 2011, acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. in Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers. Bd. 6802, Lecture Notes in Computer Science, Bd. 6802, Springer Verlag, Berlin; Heidelberg, S. 326-345, International Conference on Trusted Systems, Beijing, China, 13/12/10. https://doi.org/10.1007/978-3-642-25283-9_22

Tögl R, Pirker M, Gissing M. acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity. in Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers. Band 6802. Berlin; Heidelberg: Springer Verlag. 2011. S. 326-345. (Lecture Notes in Computer Science). doi: 10.1007/978-3-642-25283-9_22

@inproceedings{ea3e4b00e7a64324817ea87242991875,

title = "acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity",

abstract = "Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.",

author = "Ronald T{\"o}gl and Martin Pirker and Michael Gissing",

note = "International Conference on Trusted Systems (INTRUST); International Conference on Trusted Systems ; Conference date: 13-12-2010 Through 15-12-2010",

year = "2011",

doi = "10.1007/978-3-642-25283-9_22",

language = "English",

isbn = "978-3-642-25282-2",

volume = "6802",

series = "Lecture Notes in Computer Science",

publisher = "Springer Verlag",

pages = "326--345",

booktitle = "Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers",

address = "Germany",

}

TY - GEN

T1 - acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

AU - Tögl, Ronald

AU - Pirker, Martin

AU - Gissing, Michael

N1 - International Conference on Trusted Systems (INTRUST)

PY - 2011

Y1 - 2011

N2 - Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.

AB - Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.

U2 - 10.1007/978-3-642-25283-9_22

DO - 10.1007/978-3-642-25283-9_22

M3 - Conference paper

SN - 978-3-642-25282-2

VL - 6802

T3 - Lecture Notes in Computer Science

SP - 326

EP - 345

BT - Trusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers

PB - Springer Verlag

CY - Berlin; Heidelberg

T2 - International Conference on Trusted Systems

Y2 - 13 December 2010 through 15 December 2010

ER -

acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

Abstract

Publikationsreihe

Konferenz

Fields of Expertise

Treatment code (Nähere Zuordnung)

Zugriff auf Dokument

Fingerprint

Projekte

acTVsM! - Advanced Cryptographic Trusted Virtual Security Module

Trusted Computing

Dieses zitieren