Towards a Virtual Trusted Platform

The advances and adoption of Trusted Computing and hardware assisted virtualisation technologies in standard PC platforms promise new approaches in building a robust virtualisation platform for security sensitive software modules. The amalgam of these technologies allows an attractive off-the-shelf environment, capable of supporting security levels potentially higher than commonly deployed today. This article proposes a practical approach of combining technology elements available today to create such a platform using available components. The design supports operating high-security and low-security compartments side by side. The high security compartment is able to use the functionality of the Trusted Platform Module. The low security compartment is isolated through hardware-assisted virtualisation. The platform boots via Intel Trusted Execution Technology to resist manipulation. We discuss the building blocks of the architecture and present a number of open research challenges.