This paper presents the Credo architecture to enable

trustworthy virtualization based cloud computing platforms.

A key feature of Credo is a small platform Trusted Computing

Base (TCB) for a customer VM that consists only of a

securely launched hypervisor and minimal hardware components,

without any privileged partitions and their administrators.

Credo achieves this reduction in TCB via emancipation,

a mechanism that provides VMs enhanced secrecy

and integrity protection guarantees from privileged partitions.

Trust in an emancipated VM is established via its measured

launch by the hypervisor and an attestation of a dynamically

established trust chain rooted in the Trusted Platform

Module (TPM). Experimental results from a prototype

implementation based on Hyper-V demonstrate that Credo

provides enhanced security guarantees to emancipated VMs

at a modest cost, most of which is a one-time startup cost

from a VM’s perspective, while adding only a small amount

of code to a VM’s TCB.

PDF file

Details