Leveraging Intel virtualisation to realise trusted computing

Posted by Ken Y-N on June 19th, 2008 at 11:08pm

The official Intel research blog recently had a rather interesting article from Ravi Sahita regarding how to use Intel’s technology to build a more secure software environment. The article is a bit heavy on Intel tech buzzwords as one might expect, but the content is nonetheless worth reading.

The premise of the article is how to protect against attacks from malicious software, but up to now most of the defense methods have focused on post-infection detection, and such anti-virus software is itself subject to attack. So, to defend against contemporary threats, a virtual machine environment, using for instance the Intel VT extensions, can virtualise OS page table.

Their research prototype uses what they have called VT Integrity Services, and as well as just ensuring that applications run correctly locally, remote attestation can be performed. One very interesting aspect they are working on is launching the security visor on demand (on a trusted demand of course) so that application protection will only be active when needed, an important process for reducing the power consumption of portable devices.

A rather promising piece of research I think, and more information may be found here.

Tags: intel, ravi sahita, Virtualisation