Secure lazy provisioning of virtual desktops to a portable storage device

Abstract

It is the software and data stored on a 'personal computer' that makes it personal. These contents can be conveniently stored as a disk image on a server and made available on the users' personal storage as and when required through lazy provisioning. We describe a desktop virtualization system that allows users to securely execute virtual machines on untrusted physical machines. This system is enabled through a portable personal device which contains a bootloader in tamper-proof storage. The hypervisor and the virtual machines are securely provisioning from a trusted server. Blocks are cached on the local storage of the portable device after their first access through a copy-on-read driver. We show that a desktop OS can be started promptly using the system and that the subsequent user experience is close to that for a conventional machine.