Introduction to Trusted Virtual Client

861 views

Published on

Brief introduction to trusted virtual clients

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
861
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Introduction to Trusted Virtual Client

  1. 1. Introduction to Trusted Virtual Client Gustavo de Paula – gep@cesar.org.br / gustavo.eliano@gmail.com
  2. 2. Why we are here • Computer Virus are a big problem is the computer industry (REF1, REF2) – Approximately 700K virus identified in 2008 – Approximately 30% of the computers were infected with a computer virus – Costs of 55 billion dollars a year in US • It would be great to let my son use my work laptop without worrying that something would just break!
  3. 3. How a Computer Virus Work • Different types of virus exists • Compromise operating system or some specific application Hardware Operating system Applications Virus • Biggest problem is on the operating system infection • Once the OS is infected, the whole computer will be affected
  4. 4. Is there a light at the of the tunnel? Yes!!! Virtualization
  5. 5. What is Virtualization? • Layer between the user OS and the hardware • User OS can be infected but not the virtualization layer • Hardware is protected Source: http://www.cornerstone.it/solutions_server.php
  6. 6. Is virtualization the answer to all problems? No  Hardware Virtualization Layer OS 1 OS 2 App 1.1 App 1.2 App 2.1 App 2.2 • Pros.: each VM is isolated • Infection in one VM will not affect the other VMs • Cons.: Infected VM might compromise important App data
  7. 7. How can we check if the software components installed in a computer were not infected?
  8. 8. • Not-for-profit organization • Develop, define and promote industry standards for trusted computing building blocks Trusted Computing • Computer always behave as expected • Allow an external entity to remotely verify that only authorized code is executed • Remote Device Attestation
  9. 9. Remote Device Attestation • Everything starts with a TPM (Trusted Platform Module) • TPM is used to measure all software components • If the software components was changed its measure will be different
  10. 10. Remote Device Attestation • Challenger can request an attestation • Attestator generates its measures and send to challenger • Challenger can validate if the measurements are correct
  11. 11. And what about Trusted Virtual Client???
  12. 12. TVC Virtualization Trusted Computing • Combine Virtualization and TCG technologies • Make sure all VMs work as expected • Allow that security policies are configured outside each VM and are enforced by the virtualization layer
  13. 13. Hardware Virtualization Layer (OS) Work VM Personal VM Network Storage Management • Virtualization Layer is executed on boot • Management VM is the main controller • Other VMs are started from the management VM • All hardware access goes through the virtualization layer – Access policies controlled
  14. 14. Access Control Defined & Enforced in Virtualization Layer • Runtime == Virtualization Layer • Same approach of used by VMs (Java, .NET) • Each App is associated to a access policy • Runtime enforce policies • Apps have NO direct access to access control policies
  15. 15. Current TVC Status • Virtualization is widely used in the server side – Still starting in the client side • There are already a lot of prototypes out there – Citrix – Qubes • Most of them are based on Xen virtualization layer • TVC is a strong research topic in companies such as IBM, HP and Oracle
  16. 16. Where to get more information • Trusted Computing Group • Xen • Citrix Xen Client • Trusted Computing: TCG proposals • OpenTC Prototype • http://en.wikipedia.org/wiki/Computer_virus • http://technology.timesonline.co.uk/tol/news/tech_and_web/article37 21556.ece • http://answers.google.com/answers/threadview/id/749071.html • Trusted Virtual Platforms: A Key Enabler for Converged Client Devices, Chris I Dalton, David Plaquin, Wolfgang Weidner, Dirk Kuhlmann, Boris Balacheff, Richard Brown. HP Laboratories, Filton Road, Bristol
  17. 17. Thanks!

×