Administrative Domain: Security Enhancement for Virtual TPM
Trusted computing has been introduced into virtualization as an approach of providing trust in a computing platform. However, the primitive design of privileged domain menaces virtual TPMs with oversize of trusted computing base, leading to security vulnerabilities. This paper proposes a new administrative domain (Domain A), an architecture that prevents virtual TPMs from tampers. We port the VTPM components from the privileged domain to Domain A. We begin with reviewing the Xen virtual TPM architecture and depicting the attack in Xen. Then, the Domain A-based scheme is described with the design principle and implementation of porting virtual TPM manager and TPM drivers to Domain A. Finally, its security value is analyzed with evidences to prove validation and worth of the new architecture.
Virtual TPM Administrative domain VTPM manager Virtual Machine
Xin JIN Li-na WANG Rong-wei YU Peng KOU Cheng-lin SHEN
School of Computer, Wuhan University, Wuhan 430072, Hubei, China School of Computer, Wuhan University, Wuhan 430072, Hubei, China; Key Laboratory of Aerospace Inform
国际会议
南京
英文
767-771
2010-11-01(万方平台首次上网日期,不代表论文的发表时间)