Virtual Trusted Platform Module (vTPM) Migration in Cloud Environments (completed)

Starting Date: Summer 2019
Duration: 10-12 weeks
Time commitment: 20 hours a week
Prerequisites: Advanced level of C, Linux, System Programming

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate a computer platform. For instance, a TPM can be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments. In virtual environments, it is necessary to share the functionalities of the TPM across several virtual machines (VMs). To this end, virtual TPMs (vTPMs) have been introduced.

The first goal project is to verify whether the current QEMU/KVM implementation work, and how easy it can be extend/modified to support other functionalities (e.g., new crypto-primitives). The second goal is is to understand how to link the vTPM instances to a hardware TPM (or to a software TPM), e.g. platform/storage/endorsement keys, by considering different security vs. efficiency trade-offs. The third goal of the project is to extend the system to allow a VM-vTPM instance to be securely migrated to trusted node together with the keys, and support the association of VMs with different vTPM instances.

Some resources: