About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Publication
CCS 2010
Workshop paper
Scalable integrity monitoring in virtualized environments
Abstract
Use of trusted computing to achieve integrity guarantees remains limited due to the complexity of monitoring a large set of systems, the required changes to guest operating systems, and, e.g., relay attacks or time of measurement to time of reporting attacks. Datacenters with virtualization must scale to manage large numbers of virtual machines. We suggest an extension to virtualized trusted platform modules that significantly reduces the complexity of software attestation. It enables efficient event-based monitoring of a large number of virtual machines and eliminates attacks on the currently used attestation protocol. It targets patch and configuration management and audit. The virtual TPM extension requires only 700 lines of additional code. Our experiments confirm that this approach has very low performance overhead and is comparable to other resource monitoring tools. © 2010 ACM.