Team for Research in
Ubiquitous Secure Technology

TrustVisor: Efficient TCB Reduction and Attestation
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil D. Gligor, Adrian Perrig

Citation
Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam Datta, Virgil D. Gligor, Adrian Perrig. "TrustVisor: Efficient TCB Reduction and Attestation". Proceedings of IEEE Symposium on Security and Privacy (Oakland 2010), May, 2010.

Abstract
An important security challenge is to protect the execution of security-sensitive code on legacy systems from malware that may infect the OS, applications, or system devices. Prior work experienced a tradeoff between the level of security achieved and efficiency. In this work, we leverage the features of modern processors from AMD and Intel to overcome the tradeoff to simultaneously achieve a high level of security and high performance. We present TrustVisor, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application. TrustVisor achieves a high level of security, first because it can protect sensitive code at a very fine granularity, and second because it has a very small code base (only around 6K lines of code) that makes verification feasible. TrustVisor can also attest the existence of isolated execution to an external entity. We have implemented TrustVisor to protect security-sensitive code blocks while imposing less than 7% overhead on the legacy OS and its applications in the common case.

Electronic downloads

Citation formats  
  • HTML
    Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam
    Datta, Virgil D. Gligor, Adrian Perrig. <a
    href="http://www.truststc.org/pubs/750.html"
    >TrustVisor: Efficient TCB Reduction and
    Attestation</a>, Proceedings of IEEE Symposium on
    Security and Privacy (Oakland 2010), May, 2010.
  • Plain text
    Jonathan M. McCune, Yanlin Li, Ning Qu, Zongwei Zhou, Anupam
    Datta, Virgil D. Gligor, Adrian Perrig. "TrustVisor:
    Efficient TCB Reduction and Attestation". Proceedings
    of IEEE Symposium on Security and Privacy (Oakland 2010),
    May, 2010.
  • BibTeX
    @inproceedings{McCuneLiQuZhouDattaGligorPerrig10_TrustVisorEfficientTCBReductionAttestation,
        author = {Jonathan M. McCune and Yanlin Li and Ning Qu and
                  Zongwei Zhou and Anupam Datta and Virgil D. Gligor
                  and Adrian Perrig},
        title = {TrustVisor: Efficient TCB Reduction and Attestation},
        booktitle = {Proceedings of IEEE Symposium on Security and
                  Privacy (Oakland 2010)},
        month = {May},
        year = {2010},
        abstract = {An important security challenge is to protect the
                  execution of security-sensitive code on legacy
                  systems from malware that may infect the OS,
                  applications, or system devices. Prior work
                  experienced a tradeoff between the level of
                  security achieved and efficiency. In this work, we
                  leverage the features of modern processors from
                  AMD and Intel to overcome the tradeoff to
                  simultaneously achieve a high level of security
                  and high performance. We present TrustVisor, a
                  special-purpose hypervisor that provides code
                  integrity as well as data integrity and secrecy
                  for selected portions of an application.
                  TrustVisor achieves a high level of security,
                  first because it can protect sensitive code at a
                  very fine granularity, and second because it has a
                  very small code base (only around 6K lines of
                  code) that makes verification feasible. TrustVisor
                  can also attest the existence of isolated
                  execution to an external entity. We have
                  implemented TrustVisor to protect
                  security-sensitive code blocks while imposing less
                  than 7% overhead on the legacy OS and its
                  applications in the common case.},
        URL = {http://www.truststc.org/pubs/750.html}
    }
    

Posted by Jessica Gamble on 5 May 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.