Towards a virtual trusted platform

Abstract: The advances and adoption of Trusted Computing and hardware assisted virtualisation technologies in standard PC platforms promise new approaches in building a robust virtualisation platform for security sensitive software modules. The amalgam of these technologies allows an attractive off-the-shelf environment, capable of supporting security levels potentially higher than commonly deployed today. This article proposes a practical approach of combining technology elements available today to create such a platform using available components. The design supports operating high-security and low-security compartments side by side. The high security compartment is able to use the functionality of the Trusted Platform Module. The low security compartment is isolated through hardware-assisted virtualisation. The platform boots via Intel Trusted Execution Technology to resist manipulation. We discuss the building blocks of the architecture and present a number of open research challenges

Agent-Based Cloud Resource Management for Secure Cloud Infrastructures

The cloud offers clear benefits for computations as well as for storage for diverse application areas. Security concerns are by far the greatest barriers to the wider uptake of cloud computing, particularly for privacy-sensitive applications. The aim of this article is to propose an approach for establishing trust between users and providers of cloud infrastructures (IaaS model) based on certified trusted agents. Such approach would remove barriers that prevent security sensitive applications being moved to the cloud. The core technology encompasses a secure agent platform for providing the execution environment for agents and the secure attested software base which ensures the integrity of the host platform. In this article we describe the motivation, concept, design and initial implementation of these technologies

Framing Efficiency Optimization for DVB-S2 Systems with QoS Guarantees

This paper deals with the design, evaluation and performance comparison of smart framing strategies that complement the packet scheduler in DVB-S2 systems with Adaptive Coding and Modulation, when QoS guarantees are to be provided. User data packets are transmitted grouped in frames according to a scheduling algorithm. Each of these frames uses a selected modulation and coding setting (ModCod), the most efficient pair that provides sufficient robustness given the channel state experienced by the satellite terminals that will receive the data. This is promising for the achievement of highly efficient resource utilization; however, the inherent spectral efficiency of the selected ModCod can be cancelled by a poor framing efficiency, i.e. transmitting frames with large padding component. In this paper, an extension of the Group-efficient Scheduler [3] is proposed to support QoS guarantees. In addition, smart framing strategies are proposed, which optimize the total transmission efficiency by different flavors of trade-off between spectral efficiency and framing efficiency. Finally, the performances of the QoS extension of the Group-efficient Scheduler complemented by the aforementioned smart framing strategies are compared in terms of different QoS metrics

Framing Efficiency Optimization for DVB-S2 Systems

This paper deals with the design, evaluation and comparison of smart framing strategies that complement the packet scheduler in DVB-S2 systems with Adaptive Coding and Modulation. Provided that user data packets are transmitted grouped in frames, each of them using a modulation and coding setting (ModCod), the inherent spectral efficiency of the selected ModCod can be cancelled by a poor framing efficiency, i.e. transmitting frames with large padding component. For this reason, smart framing strategies are proposed in this paper, which optimize the framing efficiency

Towards Trust Services for Language-Based Virtual Machines for Grid Computing

Abstract. The concept of Trusted Computing (TC) promises a new approach to improve the security of computer systems. The core functionality, based on a hardware component known as Trusted Platform Module (TPM), is integrated into commonly available hardware. Still, only limited software support exists, especially in the context of grid computing. This paper discusses why platform independent virtual machines (VM) with their inherent security features are an ideal environment for trusted applications and services. Based on different TC architectures building a chain-of-trust, a VM can be executed in a secure way. This chain-of-trust can be extended at run-time by considering the identity of the application code and by deriving attestable properties from the VMs configuration. An interface to provide applications with TC services like sealing or remote attestation regardless of the underlying host architecture is discussed

Formal Analysis of a TPM-Based Secrets Distribution and Storage Scheme

Trusted computing introduces the Trusted Platform Module (TPM) as a root of trust on an otherwise untrusted computer. The TPM can be used to restrict the use of cryptographic keys to trusted states, i.e., to situations in which the computer runs trusted software. This allows for the distribution of intellectual property or secrets to a remote party with a reasonable security that such secrets will not be obtained by a malicious or compromised client. We model a specific protocol for the distribution of secrets proposed by Sevine et al. A formal analysis using the NuSMV model checker shows that the protocol allows an intruder to give the client an arbitrary secret, without the client noticing. We propose an alternative that prevents this scenario