Trusted Virtual Domains - Design, Implementation and Lessons Learned

A Trusted Virtual Domain (TVD) is a coalition of virtual machines and resources (e.g., network, storage) that are distributed over multiple physical platforms and share a common security policy. The concept of TVDs and their usage scenarios have been studied extensively. However, details on certain implementation aspects have not been explored in depth yet, such as secure policy deployment and integration of heterogeneous virtualization and trusted computing technologies. In this paper, we present implementation aspects of the life cycle management of TVDs. We describe the components and protocols necessary to realize the TVD design on a cross-platform architecture and present our prototype implementation for the Xen and L4 microkernel platforms. In particular, we discuss the need for and the realization of intra-TVD access control, a hypervisor abstraction layer for simplified TVD management, necessary components of a TVD policy and revocation issues. We believe that these integration details are essential and helpful inputs for any large-scale real-world deployment of TVD.