1,757
views
0
recommends
+1 Recommend
1 collections
    0
    shares

      Studying business & IT? Drive your professional career forwards with BCS books - for a 20% discount click here: shop.bcs.org

      scite_
       
      • Record: found
      • Abstract: found
      • Conference Proceedings: found
      Is Open Access

      Trusted Virtual Machine Management for Virtualization in Critical Environments

      Published
      proceedings-article
      , ,
      1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013) (ICSCSR)
      ICS & SCADA Cyber Security Research 2013
      16-17 September 2013
      Trusted computing, Virtual machine integrity, Security architectures
      Bookmark

            Abstract

            Service providers use virtualization technology to better serve their remote customers and to efficiently use their resources. In particular when virtualization is used within critical infrastructures such as industrial control systems security of the virtual machines is crucial. Creating fully secure systems based on a verified small trusted computing base (TCB) is desirable to minimize the attack surface of the host system. However, attacks can still occur, and sometimes it is not practically possible to provide a small TCB or to completely replace a running system to enforce security. Thus, remote monitoring of the integrity of VMs is desired to confirm their trusted state. In general, it is a complex task to incorporate on-demand system integrity verification into the existing host system to measure a hosted virtual machine (VM) at runtime and to switch back at runtime to the trusted state whenever a change or a manipulation is detected. Also it is necessary to provide the host machine’s integrity information along with the VM to remote customers when such status are seeked. In this paper, we address the problem of securing an existing or new host machine with on-demand integrity measurement solution to offer a fresh and trusted VM whenever some illegitimate changes are detected in the current VM. The solution is targeted at smaller devices with a limited number of VMs and customers per device. It also assumes VMs to be rather stable and does not use virtual TPMs. Thus, it focuses on secure virtualization in critical environments, automation, or industry control systems.

            Content

            Author and article information

            Contributors
            Conference
            September 2013
            September 2013
            : 48-55
            Affiliations
            [0001]Fraunhofer SIT

            Rheinstraße 75

            64295 Darmstadt

            Germany

            www.sit.fraunhofer.de
            Article
            10.14236/ewic/ICSCSR2013.6
            f17ef534-2957-4d7f-9eb0-db0881f8d5ca
            © Khan Ferdous Wahid et al. Published by BCS Learning and Development Ltd. 1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), Leicester, UK

            This work is licensed under a Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/

            1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013)
            ICSCSR
            1
            Leicester, UK
            16-17 September 2013
            Electronic Workshops in Computing (eWiC)
            ICS & SCADA Cyber Security Research 2013
            History
            Product

            1477-9358 BCS Learning & Development

            Self URI (article page): https://www.scienceopen.com/hosted-document?doi=10.14236/ewic/ICSCSR2013.6
            Self URI (journal page): https://ewic.bcs.org/
            Categories
            Electronic Workshops in Computing

            Applied computer science,Computer science,Security & Cryptology,Graphics & Multimedia design,General computer science,Human-computer-interaction
            Trusted computing,Security architectures,Virtual machine integrity

            Comments

            Comment on this article