ODLV: On-Demand Lightweight Virtualization Based Trusted Network Connect Endpoint

Author

Ge Cheng ; Cong Li ; Qiang Li

Author_Institution

Sch. of Math. & Comput. Sci., Xiangtan Univ., Xiangtan, China

fYear

2013

fDate

1-3 Nov. 2013

Firstpage

131

Lastpage

134

Abstract

We present ODLV: an on-demand lightweight virtualization mechanism to solve the "lying endpoint problem" in TCG-TNC. ODLV utilizes dynamic root of trust and virtualization technologies of new commodity processors from Intel and AMD to dynamically establish a chain of trust and to insert a Lightweight Virtual Machine Manager (LVMM) under commodity Operating System (OS). The LVMM protects itself and some Trusted Network Connect (TNC) components from the influence of the OS environment. Compared with the existing architectures, ODLV measures the endpoint with very small overhead and no modification to guest OS. In addition, ODLV has a very small Trusted Computing Base (TCB) and provides run-time measurement rather than the load-time measurement. We implement ODLV in Linux and our analysis and evaluation demonstrate that ODLV is effective and practical.

Keywords

Linux; trusted computing; virtual machines; virtualisation; AMD; Intel; LVMM; Linux; ODLV; OS environment; TCB; TCG-TNC; TNC components; commodity operating system; commodity processors; lightweight virtual machine manager; load-time measurement; lying endpoint problem; on-demand lightweight virtualization; run-time measurement; trusted computing base; trusted network connect endpoint; virtualization technologies; Computer architecture; Kernel; Linux; Program processors; Security; Virtualization; DRTM; Lightweight; On-demand vitualization; TNC;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Networks and Intelligent Systems (ICINIS), 2013 6th International Conference on

Conference_Location

Shenyang

Print_ISBN

978-1-4799-2808-8

Type

conf

DOI

10.1109/ICINIS.2013.40

Filename

6754689