Credo: Trusted Computing for Guest VMs with a Commodity Hypervisor

This paper presents the Credo architecture to enable trustworthy virtualization based cloud computing platforms. A key feature of Credo is a small platform Trusted Computing Base (TCB) for a customer VM that consists only of a securely launched hypervisor and minimal hardware components, without any privileged partitions and their administrators. Credo achieves this reduction in TCB via emancipation, a mechanism that provides VMs enhanced secrecy and integrity protection guarantees from privileged partitions. Trust in an emancipated VM is established via its measured launch by the hypervisor and an attestation of a dynamically established trust chain rooted in the Trusted Platform Module (TPM). Experimental results from a prototype implementation based on Hyper-V demonstrate that Credo provides enhanced security guarantees to emancipated VMs at a modest cost, most of which is a one-time startup cost from a VM’s perspective, while adding only a small amount of code to a VM’s TCB.