SHAMON - ESTABLISHING TRUST IN DISTRIBUTED VIRTUALIZED ENVIRONMENTS
Open Access
- Author:
- St.Clair, Luke
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Master of Science
- Document Type:
- Master Thesis
- Date of Defense:
- July 01, 2008
- Committee Members:
- Patrick Drew Mcdaniel, Thesis Advisor/Co-Advisor
Trent Ray Jaeger, Thesis Advisor/Co-Advisor - Keywords:
- trusted virtualization
virtualization
trusted computing
formal validation - Abstract:
- Distributed applications often require complex trust relationships between remote parties in order to enable a wide range of complex functionality. Unfortunately, it is difficult to achieve useful guarantees when interacting with remote systems in the face of an attacker with physical access. Specifically, we need a solution that is both comprehensive and usable for a wide variety of trustworthy distributed applications. This thesis presents such a solution, comprised of two main parts: a secure trusted computing base (sCore) using secure hardware on which applications run in virtual machines and a control infrastructure to manage the virtual machines (TVMI). We use virtualization to separate programs and trusted computing to verify the software stack on which they run. This enables us securely form groups of applications which utilize the separation and trust established by the sCore. In order to do this, we build a secure core of software (sCore), which establish mutual trust with each other to build a distributed reference monitor with strong security guarantees. Using this trustworthy platform, we create an infrastructure for managing coalitions of virtual machines. This enables groups of applications capable of entering well-founded trust relationships with each other. We then use formal verification to prove relevant security properties of the virtual machine control infrastructure which runs on the trusted computing base. We build our sCore and TVMI in order to demonstrate that our solutions are feasible in a realistic setting, deliver acceptable performance, and provide security properties that were not previously available. Additionally, our formal verification demonstrates that the critical properties the TVMI purports to enforce are met by our design. This helps to demonstrate the important problems in distributed, secure virtualization that are not being handled today, and gives a framework for their evaluation and operation.