{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:05:56Z","timestamp":1763967956558,"version":"3.41.0"},"reference-count":19,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGOPS Oper. Syst. Rev."],"published-print":{"date-parts":[[2008,1]]},"abstract":"Virtualization technology is becoming increasingly common in datacenters, since it allows for collocation of multiple workloads, consisting of operating systems, middleware and applications, in different virtual machines (VMs) on shared physical hardware platforms. However, when coupled with the ease of VM migration, this trend increases the potential surface for security attacks. Further, the simplified management of VMs, including creation, cloning and migration, makes it imperative to monitor and guarantee the integrity of software components running within VMs.<\/jats:p>\n This paper presents the IBM Trusted Virtual Datacenter (TVDc) technology developed to address the need for strong isolation and integrity guarantees, thus significantly enhancing security and systems management capabilities, in virtualized environments. It signifies the first effort to incorporate trusted computing technologies directly into virtualization and systems management software. We present and discuss various components that constitute TVDc: the Trusted Platform Module (TPM), the virtual TPM, the IBM hypervisor security architecture (sHype) and the associated systems management software.<\/jats:p>","DOI":"10.1145\/1341312.1341321","type":"journal-article","created":{"date-parts":[[2008,2,8]],"date-time":"2008-02-08T15:32:16Z","timestamp":1202484736000},"page":"40-47","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":94,"title":["TVDc"],"prefix":"10.1145","volume":"42","author":[{"given":"Stefan","family":"Berger","sequence":"first","affiliation":[{"name":"IBM T. J. Watson Research Center, Hawthorne, NY"}]},{"given":"Ram\u00f3n","family":"C\u00e1ceres","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Hawthorne, NY"}]},{"given":"Dimitrios","family":"Pendarakis","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Hawthorne, NY"}]},{"given":"Reiner","family":"Sailer","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Hawthorne, NY"}]},{"given":"Enriquillo","family":"Valdez","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Hawthorne, NY"}]},{"given":"Ronald","family":"Perez","sequence":"additional","affiliation":[{"name":"IBM T. J. Watson Research Center, Yorktown Heights, NY"}]},{"given":"Wayne","family":"Schildhauer","sequence":"additional","affiliation":[{"name":"IBM Systems & Technology Group, Research Triangle Park, NC"}]},{"given":"Deepa","family":"Srinivasan","sequence":"additional","affiliation":[{"name":"IBM Systems & Technology Group, Research Triangle Park, NC"}]}],"member":"320","published-online":{"date-parts":[[2008,1]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Hanscom AFB","author":"Anderson J. P.","year":"1972","unstructured":"J. P. Anderson . Computer Security Technology Planning Study. ESD-TR-73-51, Vols. I and II, Air Force Electronic Division Systems , Hanscom AFB , Bedford, MA , Oct. 1972 . J. P. Anderson. Computer Security Technology Planning Study. ESD-TR-73-51, Vols. I and II, Air Force Electronic Division Systems, Hanscom AFB, Bedford, MA, Oct. 1972."},{"key":"e_1_2_1_2_1","volume-title":"15th USENIX Security Symposium","author":"Berger S.","year":"2006","unstructured":"S. Berger , R. C\u00e1ceres , K. Goldman , R. Perez , R. Sailer , and L. van Doorn . vTPM : Virtualizing the Trusted Platform Module . 15th USENIX Security Symposium , July 2006 . S. Berger, R. C\u00e1ceres, K. Goldman, R. Perez, R. Sailer, and L. van Doorn. vTPM: Virtualizing the Trusted Platform Module. 15th USENIX Security Symposium, July 2006."},{"key":"e_1_2_1_3_1","volume-title":"8th National Computer Security Conference","author":"Boebert W. E.","year":"1985","unstructured":"W. E. Boebert and R. Y. Kain . A Practical Alternative to Hierarchical Integrity Policies . 8th National Computer Security Conference , 1985 . W. E. Boebert and R. Y. Kain. A Practical Alternative to Hierarchical Integrity Policies. 8th National Computer Security Conference, 1985."},{"key":"e_1_2_1_4_1","volume-title":"The Chinese Wall Security Policy. IEEE Symposium on Security and Privacy","author":"Brewer D. F. C.","year":"1989","unstructured":"D. F. C. Brewer and M. J. Nash . The Chinese Wall Security Policy. IEEE Symposium on Security and Privacy , May 1989 . D. F. C. Brewer and M. J. Nash. The Chinese Wall Security Policy. IEEE Symposium on Security and Privacy, May 1989."},{"key":"e_1_2_1_7_1","volume-title":"Trusted Virtual Domains: Toward Secure Distributed Services. 1st IEEE Workshop on Hot Topics in System Dependability","author":"Griffin J. L.","year":"2005","unstructured":"J. L. Griffin , T. Jaeger , R. Perez , R. Sailer , L. van Doorn , and R. C\u00e1ceres . Trusted Virtual Domains: Toward Secure Distributed Services. 1st IEEE Workshop on Hot Topics in System Dependability , June 2005 . J. L. Griffin, T. Jaeger, R. Perez, R. Sailer, L. van Doorn, and R. C\u00e1ceres. Trusted Virtual Domains: Toward Secure Distributed Services. 1st IEEE Workshop on Hot Topics in System Dependability, June 2005."},{"volume-title":"Virtual Bridged Local Area Networks","author":"Std IEEE","key":"e_1_2_1_8_1","unstructured":"IEEE Std . 802.1Q-2003 , Virtual Bridged Local Area Networks ; ISBN 0-7381-3662-X. IEEE Std. 802.1Q-2003, Virtual Bridged Local Area Networks; ISBN 0-7381-3662-X."},{"key":"e_1_2_1_9_1","volume-title":"August","author":"Intel Corporation","year":"2007","unstructured":"Intel Corporation . Trusted Execution Technology Preliminary Architecture Specification , August 2007 . URL :http:\/\/www.intel.com\/technology\/security\/downloads\/315168.htm Intel Corporation. Trusted Execution Technology Preliminary Architecture Specification, August 2007. URL:http:\/\/www.intel.com\/technology\/security\/downloads\/315168.htm"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1133058.1133063"},{"key":"e_1_2_1_11_1","volume-title":"June","author":"Mao W.","year":"2005","unstructured":"W. Mao , H. Jin , and A. Martin . Innovations for Grid Security from Trusted Computing. White paper , June 2005 . W. Mao, H. Jin, and A. Martin. Innovations for Grid Security from Trusted Computing. White paper, June 2005."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1179474.1179486"},{"key":"e_1_2_1_14_1","volume-title":"NetTop-Commercial Technology in High Assurance Applications","author":"Simard D.","year":"2000","unstructured":"Meushaw and D. Simard . NetTop-Commercial Technology in High Assurance Applications . National Security Agency Tech Trend Notes , Fall 2000 . Meushaw and D. Simard. NetTop-Commercial Technology in High Assurance Applications. National Security Agency Tech Trend Notes, Fall 2000."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.47"},{"key":"e_1_2_1_16_1","unstructured":"Open Trusted Computing. URL:http:\/\/www.opentc.net. Open Trusted Computing. URL:http:\/\/www.opentc.net."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.13"},{"key":"e_1_2_1_18_1","volume-title":"13th USENIX Security Symposium","author":"Sailer R.","year":"2004","unstructured":"R. Sailer , X. Zhang , T. Jaeger , and L. van Doorn . Design and Implementation of a TCG-based Integrity Measurement Architecture . 13th USENIX Security Symposium , August 2004 . R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and Implementation of a TCG-based Integrity Measurement Architecture. 13th USENIX Security Symposium, August 2004."},{"key":"e_1_2_1_19_1","unstructured":"Trusted Computing Group. URL:https\/\/www.trustedcomputinggroup.org. Trusted Computing Group. URL:https\/\/www.trustedcomputinggroup.org."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.43"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/11839569_22"},{"key":"e_1_2_1_22_1","unstructured":"Xen Users' Guide Chapter 10 for the Xen sHype\/Access Control Module: http:\/\/www.cl.cam.ac.uk\/research\/srg\/netos\/xen\/readmes\/user\/user.html Xen Users' Guide Chapter 10 for the Xen sHype\/Access Control Module: http:\/\/www.cl.cam.ac.uk\/research\/srg\/netos\/xen\/readmes\/user\/user.html"}],"container-title":["ACM SIGOPS Operating Systems Review"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341312.1341321","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1341312.1341321","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:39:14Z","timestamp":1750253954000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341312.1341321"}},"subtitle":["managing security in the trusted virtual datacenter"],"short-title":[],"issued":{"date-parts":[[2008,1]]},"references-count":19,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2008,1]]}},"alternative-id":["10.1145\/1341312.1341321"],"URL":"https:\/\/doi.org\/10.1145\/1341312.1341321","relation":{},"ISSN":["0163-5980"],"issn-type":[{"type":"print","value":"0163-5980"}],"subject":[],"published":{"date-parts":[[2008,1]]},"assertion":[{"value":"2008-01-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}