Scalable integrity monitoring in virtualized environments

Abstract

Use of trusted computing to achieve integrity guarantees remains limited due to the complexity of monitoring a large set of systems, the required changes to guest operating systems, and, e.g., relay attacks or time of measurement to time of reporting attacks. Datacenters with virtualization must scale to manage large numbers of virtual machines. We suggest an extension to virtualized trusted platform modules that significantly reduces the complexity of software attestation. It enables efficient event-based monitoring of a large number of virtual machines and eliminates attacks on the currently used attestation protocol. It targets patch and configuration management and audit. The virtual TPM extension requires only 700 lines of additional code. Our experiments confirm that this approach has very low performance overhead and is comparable to other resource monitoring tools.