Text size
  • Small
  • Medium
  • Large
Contrast
  • Standard
  • Blue text on blue
  • High contrast (Yellow text on black)
  • Blue text on beige

    Trusted Virtual Machine Management for Virtualization in Critical Environments

    1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013)

    Leicester, UK, 16-17 September 2013

    AUTHORS

    Khan Ferdous Wahid, Nicolai Kuntze & Carsten Rudolph

    ABSTRACT

    Service providers use virtualization technology to better serve their remote customers and to efficiently use their resources. In particular when virtualization is used within critical infrastructures such as industrial control systems security of the virtual machines is crucial. Creating fully secure systems based on a verified small trusted computing base (TCB) is desirable to minimize the attack surface of the host system. However, attacks can still occur, and sometimes it is not practically possible to provide a small TCB or to completely replace a running system to enforce security.

    Thus, remote monitoring of the integrity of VMs is desired to confirm their trusted state. In general, it is a complex task to incorporate on-demand system integrity verification into the existing host system to measure a hosted virtual machine (VM) at runtime and to switch back at runtime to the trusted state whenever a change or a manipulation is detected. Also it is necessary to provide the host machine’s integrity information along with the VM to remote customers when such status are seeked.

    In this paper, we address the problem of securing an existing or new host machine with on-demand integrity measurement solution to offer a fresh and trusted VM whenever some illegitimate changes are detected in the current VM. The solution is targeted at smaller devices with a limited number of VMs and customers per device. It also assumes VMs to be rather stable and does not use virtual TPMs. Thus, it focuses on secure virtualization in critical environments, automation, or industry control systems.

    PAPER FORMATS

    PDF file PDF Version of this Paper 364(kb)

    1st International Symposium for ICS & SCADA Cyber Security Research 2013 cover

    Print copies of ICS-CSR
    ISBN 978-1-780172-32-3
    RRP £85

    Available from the BCS bookshop