vCerberus: A DRTM system based on virtualization technology

This paper presents vCerberus, a novel hypervisor to provide trusted and isolated code execution within virtual domains. vCerberus is considerably tiny, while allowing secure sensitive codes to be executed in an isolated circumstance from the virtual domain, and can be attested by a remote party in an efficient way. These properties will be guaranteed even if the guest operating system is malicious. This protects the secure sensitive codes against the malicious codes in the Guest OS, e.g., the kernel rootkits. We present an approach to dynamically measure and isolate the launch environment on the virtual machines based on the para-virtualization technology and a novel virtualization of trusted platform module (TPM). Our performance experiment result shows that the overhead introduced by vCerberus is minimized; the performance of the launch environment in vCerberus is as competitive as the guest OS running on mainstream hypervisors.