Security in container-based virtualization through vTPM

Hosseinzadeh, Shohreh; Laurén, Samuel; Leppänen, Ville

doi:10.1145/2996890.3009903

Cited by 21 publications

(20 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…With the advent of cloud computing and virtualization, researchers started to look for alternatives to hardware TPMs in order to be more suitable for the hypervisor. This is because the hypervisor needs to make the TPM available, at the same time, to a plethora of VMs [64]. Software TPMs, also known as Virtual TPMs (vTPMs) were created to match these needs [64], [65].…”

Section: ) Virtual Trusted Platform Modules (Vtpm)mentioning

confidence: 99%

Container Security: Issues, Challenges, and the Road Ahead

2019

View full text Add to dashboard Cite

Containers emerged as a lightweight alternative to virtual machines (VMs) that offer better microservice architecture support. The value of the container market is expected to reach $2.7 billion in 2020 as compared to $762 million in 2016. Although they are considered the standardized method for microservices deployment, playing an important role in cloud computing emerging fields such as service meshes, market surveys show that container security is the main concern and adoption barrier for many companies. In this paper, we survey the literature on container security and solutions. We have derived four generalized use cases that should cover security requirements within the host-container threat landscape. The use cases include: (I) protecting a container from applications inside it, (II) inter-container protection, (III) protecting the host from containers, and (IV) protecting containers from a malicious or semi-honest host. We found that the first three use cases utilize a software-based solutions that mainly rely on Linux kernel features (e.g., namespaces, CGroups, capabilities, and seccomp) and Linux security modules (e.g., AppArmor). The last use case relies on hardware-based solutions such as trusted platform modules (TPMs) and trusted platform support (e.g., Intel SGX). We hope that our analysis will help researchers understand container security requirements and obtain a clearer picture of possible vulnerabilities and attacks. Finally, we highlight open research problems and future research directions that may spawn further research in this area.

show abstract

Section: ) Virtual Trusted Platform Modules (Vtpm)mentioning

confidence: 99%

Container Security: Issues, Challenges, and the Road Ahead

2019

View full text Add to dashboard Cite

show abstract

“…Trustable containers can be realised in a number of ways -e.g. using Virtual Trusted Platform Modules (vTPM) [25] and Intel Software Guard Extensions (SGX) [26] that protect containers from an untrusted host. These approaches make use of trusted hardware to protect containers from side channel attacks initiated by the hosting platform.…”

Section: Definitionmentioning

confidence: 99%

Tracking GDPR Compliance in Cloud-Based Service Delivery

Barati

Rana

2022

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

The European General Data Protection Regulation (GDPR) has had a far-reaching impact on data privacy and compliance for cloud providers. GDPR influences access to, storage, processing and transmission of personal data, requiring these operations to be verified by a cloud user through explicit consent prior to execution. GDPR rules implemented for such operations can be ambiguous and often open to interpretation, making manual verification a time consuming and error prone process for cloud providers. An encoding of GDPR rules is described, with each operation carried out using these rules recorded into a Blockchain for auditing purposes. Specifically, this work shows how some GDPR rules can appear as opcodes in smart contracts to verify the operations of providers on user data in a transparent and automatic way. An abstract model is designed to demonstrate how cloud providers can access and deploy such smart contracts through a Blockchain-based virtual machine. A case study is used to demonstrate how this approach can be used in practice. The case study uses a collection of design patterns and smart contracts to verify provider operations, including read, write, execution and transfer on user data. Validation is undertaken by deploying the smart contracts in a Blockchain test network to investigate the execution costs of GDPR compliance checking.

show abstract

“…This chain of trust then extends to bootloaders, the OS kernel, and the OS components to enable cryptographic verification of boot mechanisms, system images, container runtimes, and container images. The technical solutions for implementing a trusted platform module (TPM) for a containerized host are outlined in [7]. Two such approaches are discussed in this document as well as the security assurance required for each solution.…”

Section: Hardware-based Security Solutions For Containersmentioning

confidence: 99%

“…In an architectural approach suggested in [7], a software-based module called vTPM (virtual TPM) is placed into the OS kernel. To make this module available to several containers, it needs to be virtualized.…”

Section: Vtpm In the Host Os Kernel -Security Assurance Requirementsmentioning

confidence: 99%

“…The host OS is not completely trusted, and independent trust is needed on vTPM: To implement trust on vTPM, a scheme using the same mechanism used for establishing hardware TPM (physical TPM) trust has been referred to in [7]. In the physical TPM, the hardware platform provider signs an endorsement key (EK) stating that the TPM is trustworthy.…”

Section: Figure 2 -Vtpm Implemented In a Kernel Modulementioning

confidence: 99%

See 1 more Smart Citation

Security assurance requirements for linux application container deployments

Chandramouli¹

2017

View full text Add to dashboard Cite

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation's measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof-of-concept implementations, and technical analyses to advance the development and productive use of information technology. ITL's responsibilities include the development of management, administrative, technical, and physical standards and guidelines for the cost-effective security and privacy of other than national security-related information in federal information systems. AbstractApplication Containers are slowly finding adoption in enterprise IT infrastructures. Security guidelines and countermeasures have been proposed to address security concerns associated with the deployment of application container platforms. To assess the effectiveness of the security solutions implemented based on these recommendations, it is necessary to analyze those solutions and outline the security assurance requirements they must satisfy to meet their intended objectives. This is the contribution of this document. The focus is on application containers on a Linux platform.

show abstract

Security in container-based virtualization through vTPM

Cited by 21 publications

References 15 publications

Container Security: Issues, Challenges, and the Road Ahead

Container Security: Issues, Challenges, and the Road Ahead

Tracking GDPR Compliance in Cloud-Based Service Delivery

Security assurance requirements for linux application container deployments

Contact Info

Product

Resources

About