Enabling Secure VM-vTPM Migration in Private Clouds

The integration of Trusted Computing technologies into virtualized computing environments enables the hardware-based protection of private information and the detection of malicious software. Their use in virtual platforms, however, requires appropriate virtualization of their main component, the Trusted Platform Module (TPM) by means of virtual TPMs (vTPM). The, challenge here is that the use of TPM virtualization should not impede classical platform processes such as virtual machine (VM) migration. In this work, we consider the problem of enabling secure migration of vTPM-based virtual machines in private clouds. We detail the requirements that a secure VM-VrPM migration solution should satisfy in private virtualized environments and propose a vTPM key structure suitable for VM-vTPM. migration. We then leverage on this structure to construct a secure VM-vTPM migration protocol. We, show that our protocol provides stronger security guarantees when compared to existing solutions for VM-vTPM migration. We evaluate the feasibility of our scheme via an implementation OR the Xen hypervisor and we show that it can be directly integrated within existing hypervisors. Our Xen-based implementation can he downloaded as open-source software. Finally, we discuss how our scheme can be extended to support live-migration of vTPM-based VMs.