Trusted virtual containers on demand

Abstract

TPM-based trusted computing aspires to use hardware and cryptography to provide a remote relying party with assurances about the trustworthiness of a computing environment. However, standard approaches to trusted computing are hampered in the areas of scalability, expressiveness, and flexibility. This paper reports on our research project to address these limitations by using TPMs inside OpenSolaris: our kernel creates lightweight containers on demand, and uses DTrace and other tools to extend attestation to more nuanced runtime properties. We illustrate this work with prototype application scenarios from cyber infrastructure operating the U.S. power grid.