TPM Virtualization: Building a General Framework

Abstract

Trusted Computing has been widely recognized as a useful and necessary extension of more traditional security mechanisms. In today's complex multi-device environment, it is essential to be assured that devices participating in transactions can be trusted. The Trusted Computing Group (TCG) has created a set of specifications and accompanying infrastructure defining means of assurance to build a trusted environment. Continuing interest in virtualization as a way to extend flexibility in diverse computing environments while addressing issues of underutilization of equipment and energy consumption brings additional complexities to current and future models of trusted computing. This chapter is a research paper, rather than a discussion of issues for a practical implementation. We talk about today's trusted computing environment by briefly describing Intel Trusted Execution Technology (formerly LaGrande Technology) as an example implementation of a trusted platform. We dedicate a few sections to the basics of Trusted Platform Modules (TPMs) as defined in TCG specifications, before moving to focus primarily on describing a generalized framework for TPM virtualization. A Virtual TPM (VTPM) framework provides a set of services for trustworthy Virtual TPMs or proprietary TPM-like software. This framework allows multiple mutually distrustful and unaware guests to share a TPM without requiring modifications to guest operating systems or applications that they are running. Additionally, the framework supports the custom cryptographic subsystems with enhanced proprietary functionality that can be adapted to multiple use models. The proposed framework leverages the TPM to ensure that the trustworthiness of the VTPM is rooted in hardware. The proposed framework can be used to design VTPMs with varying security and performance profiles. TPM features optimizing the performance or security in the framework are discussed at the end of the chapter followed by conclusions.