Trusted Execution and Security Policy Enforcement in Virtualized Systems

There is a trend towards increased usage of virtualized ICT resources in so called “clouds”. One of the major security issues in these systems is that multiple parties, often with conflicting interests, must rely on the same virtualization platforms to protect their assets and enforce their policies. This puts unique assurance requirements on trustworthy virtualization platforms. Infrastructure providers, for example, need to closely monitor all external software (originating directly from or on behalf of their customers) to avoid attacks on the infrastructure itself and also to protect customers from one another; providers of virtual appliances or application bundles want to avoid unlicensed use of their intellectual property; service providers typically want to keep their business critical data and/or software confidential, and the end users want to preserve their privacy. Without protection, insider attacks at any party may cause great harm to any of the other parties’ business.

The goal of this project is to research new solutions that enable secure execution with respect to both policing and confidentiality in virtualized systems.