Towards Trustworthy Virtualisation: Improving the Trusted
Virtual Infrastructure

by Carl Gebhardt

RHUL-MA-2011-10

Abstract:

Modern commodity platforms have become easy targets, which are
increasingly plagued by malware exploiting legacy design
weaknesses. Malware often abuses the large and feature-rich
computing base, which forms the basis of modern commodity
systems and inherently has to be trusted. In recent years,
research has suggested employing machine virtualisation
technology to provide isolation where commodity systems fail to
do so. On one hand, hardware machine virtualisation support on
commodity systems is a very recent technology, and with its
novel technology allows for new creative security solutions. On
the other hand, machine virtualisation changes many previous
security assumptions about a platform and therefore creates new
challenges itself.

This thesis investigates machine virtualisation and trusted
computing technology and outlines how those technologies could
be utilised to move towards a more trustworthy virtualisation
infrastructure.

To achieve this, the thesis has been divided into three main
parts. In the first part of this thesis, we describe how the
hypervisor's Trusted Computing Base could be reduced and, with
new hardware advances, could be further strengthened. To
achieve this, we reassess the definition of the Trusted
Computing Base and illustrate how segregation of different code
blocks could be enforced by hardware protection mechanisms.

In the second part, we propose a novel scheme to protect the
integrity and confidentiality of storage in a virtualised
infrastructure. We discuss the implementation of a prototype
for a secure, flexible and transparent virtual disk image. We
base our concepts on trusted computing, utilising the Trusted
Platform Module to efficiently deliver integrity assurance to
virtual disk images, as well as enabling the owner to retain
control over the disk image throughout its life-cycle.

In the third part, we present a flexible architecture that
enables a platform user to benefit from the advantages of a
fast booting system and a full-featured mainstream Operating
System at the same time. The prototype builds on newly
available machine virtualisation and trusted hardware features
increasingly available on commodity systems. Moreover, this
design enhances the concept of an instant-on system with
secure, trustworthy and policy enforced compartments.

In this thesis, we find that a sensible trusted virtualisation
layer requires more protection guarantees than simply the
combination of Trusted Computing and virtualisation building
blocks. We therefore start with the basic foundations to
increase the trustworthiness of the lower hypervisor level; in
the second part we build up on the previous layer to provide
trusted storage in a virtualised environment. The final part
embraces the preceding concepts and combines the latest
hardware machine virtualisation and trust technologies to
deliver a more robust virtualisation infrastructure.