Property-Based TPM Virtualization
Ahmad-Reza Sadeghi, Christian Stüble, Marcel Winandy
Technical Report HGI-TR-2008-001, Horst Görtz Institute for IT-Security, Ruhr-University Bochum, 2008.
Today, virtualization technologies and hypervisors celebrate their rediscovery. Especially migration of virtual machines (VMs) between hardware platforms provides a useful and cost- e????ective means to manage complex IT infrastructures. A challenge in this context is the virtualization of hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization, however, have various shortcomings that hinder the deployment to a wide range of useful scenarios. In this paper, we address these shortcomings by presenting a ????exible and privacy-preserving design of a virtual TPM that in contrast to existing solutions supports di????erent approaches for measuring the platform's state and for key generation, and uses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like the TPM.[PDF]