Introduction to Trusted
Virtual Client
Gustavo de Paula – gep@cesar.org.br /
gustavo.eliano@gmail.com
Why we are here
• Computer Virus are a big problem is the
computer industry (REF1, REF2)
– Approximately 700K virus identi...
How a Computer Virus Work
• Different types of virus
exists
• Compromise operating
system or some specific
application Har...
Is there a light at the of the tunnel?
Yes!!! Virtualization
What is Virtualization?
• Layer between the user
OS and the hardware
• User OS can be infected
but not the virtualization
...
Is virtualization the answer to all
problems?
No 
Hardware
Virtualization Layer
OS 1 OS 2
App
1.1
App
1.2
App
2.1
App
2.2...
How can we check if the software
components installed in a computer
were not infected?
• Not-for-profit organization
• Develop, define and
promote industry standards
for trusted computing
building blocks
Trust...
Remote Device Attestation
• Everything starts with a TPM (Trusted Platform Module)
• TPM is used to measure all software c...
Remote Device Attestation
• Challenger can
request an attestation
• Attestator generates
its measures and
send to challeng...
And what about Trusted Virtual
Client???
TVC
Virtualization
Trusted
Computing
• Combine Virtualization and TCG technologies
• Make sure all VMs work as expected
• ...
Hardware
Virtualization Layer (OS)
Work VM Personal VM Network Storage Management
• Virtualization Layer
is executed on bo...
Access Control Defined & Enforced in
Virtualization Layer
• Runtime == Virtualization Layer
• Same approach of used by VMs...
Current TVC Status
• Virtualization is widely used in the server side
– Still starting in the client side
• There are alre...
Where to get more information
• Trusted Computing Group
• Xen
• Citrix Xen Client
• Trusted Computing: TCG proposals
• Ope...
Thanks!
Upcoming SlideShare
Loading in …5
×

Introduction to Trusted Virtual Client

687
-1

Published on

Brief introduction to trusted virtual clients

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
687
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Introduction to Trusted Virtual Client

  1. 1. Introduction to Trusted Virtual Client Gustavo de Paula – gep@cesar.org.br / gustavo.eliano@gmail.com
  2. 2. Why we are here • Computer Virus are a big problem is the computer industry (REF1, REF2) – Approximately 700K virus identified in 2008 – Approximately 30% of the computers were infected with a computer virus – Costs of 55 billion dollars a year in US • It would be great to let my son use my work laptop without worrying that something would just break!
  3. 3. How a Computer Virus Work • Different types of virus exists • Compromise operating system or some specific application Hardware Operating system Applications Virus • Biggest problem is on the operating system infection • Once the OS is infected, the whole computer will be affected
  4. 4. Is there a light at the of the tunnel? Yes!!! Virtualization
  5. 5. What is Virtualization? • Layer between the user OS and the hardware • User OS can be infected but not the virtualization layer • Hardware is protected Source: http://www.cornerstone.it/solutions_server.php
  6. 6. Is virtualization the answer to all problems? No  Hardware Virtualization Layer OS 1 OS 2 App 1.1 App 1.2 App 2.1 App 2.2 • Pros.: each VM is isolated • Infection in one VM will not affect the other VMs • Cons.: Infected VM might compromise important App data
  7. 7. How can we check if the software components installed in a computer were not infected?
  8. 8. • Not-for-profit organization • Develop, define and promote industry standards for trusted computing building blocks Trusted Computing • Computer always behave as expected • Allow an external entity to remotely verify that only authorized code is executed • Remote Device Attestation
  9. 9. Remote Device Attestation • Everything starts with a TPM (Trusted Platform Module) • TPM is used to measure all software components • If the software components was changed its measure will be different
  10. 10. Remote Device Attestation • Challenger can request an attestation • Attestator generates its measures and send to challenger • Challenger can validate if the measurements are correct
  11. 11. And what about Trusted Virtual Client???
  12. 12. TVC Virtualization Trusted Computing • Combine Virtualization and TCG technologies • Make sure all VMs work as expected • Allow that security policies are configured outside each VM and are enforced by the virtualization layer
  13. 13. Hardware Virtualization Layer (OS) Work VM Personal VM Network Storage Management • Virtualization Layer is executed on boot • Management VM is the main controller • Other VMs are started from the management VM • All hardware access goes through the virtualization layer – Access policies controlled
  14. 14. Access Control Defined & Enforced in Virtualization Layer • Runtime == Virtualization Layer • Same approach of used by VMs (Java, .NET) • Each App is associated to a access policy • Runtime enforce policies • Apps have NO direct access to access control policies
  15. 15. Current TVC Status • Virtualization is widely used in the server side – Still starting in the client side • There are already a lot of prototypes out there – Citrix – Qubes • Most of them are based on Xen virtualization layer • TVC is a strong research topic in companies such as IBM, HP and Oracle
  16. 16. Where to get more information • Trusted Computing Group • Xen • Citrix Xen Client • Trusted Computing: TCG proposals • OpenTC Prototype • http://en.wikipedia.org/wiki/Computer_virus • http://technology.timesonline.co.uk/tol/news/tech_and_web/article37 21556.ece • http://answers.google.com/answers/threadview/id/749071.html • Trusted Virtual Platforms: A Key Enabler for Converged Client Devices, Chris I Dalton, David Plaquin, Wolfgang Weidner, Dirk Kuhlmann, Boris Balacheff, Richard Brown. HP Laboratories, Filton Road, Bristol
  17. 17. Thanks!

×