Property-Based TPM Virtualization

This is the title of paper I have written together with Ahmad-Reza Sadeghi and Christian Stüble. We will present it at the 11th Information Security Conference (ISC 2008) in Taipei, Taiwan. I will also give a presentation about it at the HGI Seminar at Ruhr-University Bochum on 10th July 2008.

Virtualization and hypervisors enable useful and cost-efficient means to manage IT infrastructure, especially migration of virtual machines (VMs) between hardware platforms. A challenge in this context is the virtualization of
hardware security modules like the Trusted Platform Module (TPM) since the intended purpose of TPMs is to securely link software and the underlying hardware. Existing solutions for TPM virtualization, however, have various
shortcomings that hinder the deployment to a wide range of useful scenarios. In our paper, we address these shortcomings by presenting a flexible and privacy-preserving design of a virtual TPM that in contrast to existing
solutions supports different approaches for measuring the platform's state and for key generation, and uses property-based attestation mechanisms to support software updates and VM migration. Our solution improves the maintainability and applicability of hypervisors supporting hardware security modules like the TPM. The following figure shows the design.

For each VM that needs a vTPM, there is a separate vTPM instance. We assume the underlying hypervisor to protect the internal state and operations of each vTPM from any unauthorized access. The main building blocks of our vTPM are the following: PropertyManagement represents the virtual PCRs and manages different mechanisms to store and read measurement values; KeyManagement is responsible for creating and loading keys; vTPMPolicy holds the user-defined policy of the vTPM instance, defining which properties are going to be revealed during an attestation operation; CryptographicFunctions provide monotonic counters, random number generation, hashing, etc.; MigrationController is responsible for migrating the vTPM to another platform.

To improve flexible migration and to preserve the availability of sealed data after migration or software updates, an essential step is to support other measurement strategies. Applying property-based measurement and attestation to a vTPM allows much more flexibility in the choice of the hypervisor and for easier updates of applications -- a VM can still use sealed data or run attestation procedures if the properties of the programs remain the same.

Our vTPM design is based on a plug-in-like architecture for various vPCR extension strategies. Each extension strategy is realized by a PropertyProvider module implementing different translation functions. A translation function translates measurements (i.e., hash values of program binaries) into property representations. Each PropertyProvider has its own vector of virtual PCRs. Thus there is a matrix of vPCR values for each vTPM. This allows us to choose, according to the vTPM policy, which PropertyProvider to use on particular sealing or attestation operations.

Depending on the implementation of the PropertyProvider, we can realize property-based sealing and property-based attestation without any change to the interface of the vTPM from the perspective of the associated VM. This enables the availability of protected data and cryptographic keys of the vTPM after migrating to another platform that provides the same security properties but may have a different binary implementation. TPM-enabled applications executed in a VM can directly profit from this flexibility without the need for modification.



Tools for Maintaining a Personal Research Journal

To keep a journal of research activities, especially when studying for a PhD, is generally considered a good idea (see for example desJardins' guide How to Succeed in Graduate School). Such a journal helps to organize ideas, to record the progress of research, and to leverage building new ideas. On the web, you can find also other guidelines which give more examples what to include in the journal, e.g., Notes on the Personal Research Notebook / Journal.

While I used such a journal concept intuitively during my diploma thesis, I wrote it on separate sheets of papers which I transformed later into the written thesis. This worked out very well at that time and on that project. However, now I want to use a tool which can automate those time-consuming things like searching and copy&paste. Today, I have several subprojects and small parts which are sometimes (at least at the beginning) very unrelated. Using a paper notebook as a journal would not be very efficient. So, I wondered which software tools would work out as a research journal for a PhD.
I have tried out several tools, starting from simple text files to journal and todo list functions in KDE Kontact. But the information is still scattered throughout several files on my disk in several different formats (text files, LaTeX files, OpenOffice files, pictures, etc.). I need something that can combine everything and provides a fast search and kind of sorting function (like tagging in Web 2.0 applications).

Finally, I have found two applications which are suiteable for this task: Journler for Mac OS X. This is exactly what I needed. You can enter journal entries in chronological order, add tags, pictures, URLs, PDFs, whatever. When you click on a tag, Journler automatically shows up a list of all entries with this tag. And of course, it makes use of the fast search engines of Leopard to quickly scan your entries for keywords. This is great!

Unfortunately, I have to work on a PC laptop at work. So I can't use Journler there. But I have something similar: BasKet Note Pads for KDE on Linux. It has similar functionalities, and I have started to use it. One good feature I noticed: you can import notes from KNotes and simple text files (now it pays back to have used text files!*g*).