acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity

Ronald Tögl, Martin Pirker, Michael Gissing

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

Modern PC platforms offer hardware-based virtualization and advanced Trusted Computing mechanisms. Hardware primitives allow the measuring and reporting of software configurations, the separation of application execution environments into isolated partitions and the dynamic switch into a trusted CPU mode.

In this paper we present a practical system architecture which leverages hardware mechanisms found in mass-market off-the-shelf PCs to improve the security of commodity guest operating systems by enforcing the integrity of application images. We enable the platform administrator to freely and deterministically specify the configurations trusted. Furthermore, we describe a set of tools and operational procedures to allow flexible and dynamic configuration management and to guarantee the secure transition between trusted platform configurations. We present our prototype implementation which integrates well with established Linux distributions.
Original languageEnglish
Title of host publicationTrusted Systems, Second International Conference, INTRUST 2010, Beijing, China, December 13-15, 2010, Revised Selected Papers
Place of PublicationBerlin; Heidelberg
PublisherSpringer Verlag
Pages326-345
Volume6802
ISBN (Print)978-3-642-25282-2
DOIs
Publication statusAccepted/In press - 2011
EventInternational Conference on Trusted Systems - Beijing, China
Duration: 13 Dec 201015 Dec 2010

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Verlag
Volume6802

Conference

ConferenceInternational Conference on Trusted Systems
Country/TerritoryChina
CityBeijing
Period13/12/1015/12/10

Fields of Expertise

  • Information, Communication & Computing

Treatment code (Nähere Zuordnung)

  • Application
  • Experimental

Fingerprint

Dive into the research topics of 'acTvSM: A Dynamic Virtualization Platform for Enforcement of Application Integrity'. Together they form a unique fingerprint.

Cite this