Jul,03

ISO IEC 27070 pdf – Information technology — Security techniques — Requirements for establishing virtualized roots of trust

ISO IEC 27070 pdf – Information technology — Security techniques — Requirements for establishing virtualized roots of trust

ISO IEC 27070 pdf – Information technology — Security techniques — Requirements for establishing virtualized roots of trust
baseline library: It provides capabilities of storing and maintaining some important data, such as the integrity measurement results, baseline values, etc;
-migration controller: It establishes a migration policy and instructs the migration engine to perform which operations.
The RA server, PCA and baseline library have no special functional or security features to support virtualized RoTs. Hence, this document only lists the functional and security requirements for migration controller in 5.5.2 and 5.5.3.
5.5.2 Functional requirements of key components
A migration controller shall provide the following functions.
一Determine the scenario when a vTM instance needs to be migrated to a new platform.
– – Instruct the migration engine to initiate the migration.
一Listen for notification of a vTM instance migration completion.
5.5.3 Security requirements of key components
A migration controller shall meet the following security requirements.
-The migration controller shall be authenticated by an external entity to ensure that it is trusted.
Ensure that migration controller is protected from network vulnerabilities and runs in anenvironment that is remotely verifiable.
The migration controller shall support polices allowing a vTM that is cryptographically protectedby an underlying TM to be moved to another platform.
The migration controller shall have access to information about the trustworthiness of each systemso it can optionally enforce restrictions on where the migration is allowed to occur.
6 Activity view
6.1 General
This clause describes how the functional components defined in Clause 5 are used to implementthe essential trusted computing activities such as transitive trust, integrity measurement, remoteattestation, data protection and vTM migration. These activities are required in the cloud computingenvironment supporting virtualized RoT. The logical relationship between the activity view and thefunctional view is illustrated in this document (see AnnexA).
6.2Transitive trust
6.2.1General
Transitive trust is a process that the RoT is used to establish the trust of an initial executable function,and trust in that function is then used to establish the trust of the hardware platform, OS, application,which extends a chain of trust to the entire computing system.
Iln this transitive trust activity, the CRTM measures the hardware layer as the start point. Afterthe hardware layer is measured, the chain of trust is extended to the VMM layer via measuring thecomponents of the VMM layer. After the VMM layer is measured, the chain of trust is extended to theVM layer. The measured values of hardware layer and VMM layer are extended into PCRs within theTM, and the measured values of VM layer are extended into vPCRs within the vTM.In this document,the PCR definitions are presented in Table 1. The vPCR definitions in the virtualization environmentare similar to the PCRs.
This transitive trust activity consists of three steps:- transitive trust in host;
– transitive trust in VMM;-transitive trust in VM.
6.2.2Transitive trust in host
– After the system is powered on, the CRTM measures the BlOS, and stores the measured result into
the PCR.
一 The BIOS measures the boot loader, and stores the measured result into the PCR.- The boot loader measures the OS kernel, and stores the measured result into the PCR.— The OS kernel measures the VMM, and stores the measured result into the PCR.6.2.3 Transitive trust in VMM
The VMM measures the vTM manager and other files, and stores these measured results into PCRs.6.2.4 Transitive trust in vM
The transitive trust chain in VM is built based on the vTM instance, which is similar to the transitivetrust in host.
NOTE The vCRTM implementation is out of scope.6.3 Integrity measurement
ln integrity measurement activity,the CRTM first measures a component and then generates ameasurement event. A measurement event consists of measured values and event description. Themeasured values are hash digests that represent the embedded data or program code in a component.The measured values are stored in PCRs and the event description is stored in a measurement log.Figure 4 shows the process of integrity measurement with two components.

Download
The previous

ISO IEC 27050-4 pdf - Information technology — Electronic discovery — Part 4: Technical readiness

The next

ISO IEC 27551 pdf - Information security, cybersecurity and privacy protection — Requirements for attribute-based unlinkable entity authentication

Related Standards

IEC 63245-1 pdf – Spatial wireless power transfer based on multiple magnetic resonances – Part 1: Requirements
Jul,05 323
IEC 63245-1 pdf – Spatial wireless power transfer based on multiple magnetic resonances – Part 1: Requirements
IEC 63252 pdf – Energy consumption of vending machines
Jul,05 390
IEC 63252 pdf – Energy consumption of vending machines
IEC Guide 115 pdf – Application of uncertainty of measurement to conformity assessment activities in the electrotechnical sector
Jul,05 402
IEC Guide 115 pdf – Application of uncertainty of measurement to conformity assessment activities in the electrotechnical sector
IEC IEEE 63113 pdf – Nuclear facilities – Instrumentation important to safety – Spent fuel pool instrumentation
Jul,05 433
IEC IEEE 63113 pdf – Nuclear facilities – Instrumentation important to safety – Spent fuel pool instrumentation
IEC PAS 61162-103 pdf – Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 103: Single talker and multiple listeners – New and amended sentences and Talker IDs
Jul,05 274
IEC PAS 61162-103 pdf – Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 103: Single talker and multiple listeners – New and amended sentences and Talker IDs
IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
Jul,05 272
IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
IEC SRD 63235 pdf – Smart city system – Methodology for concepts building
Jul,05 326
IEC SRD 63235 pdf – Smart city system – Methodology for concepts building
IEC TR 61188-8 pdf – Circuit boards and circuit board assemblies – Design and use – Part 8: 3D shape data for CAD component library
Jul,05 280
IEC TR 61188-8 pdf – Circuit boards and circuit board assemblies – Design and use – Part 8: 3D shape data for CAD component library
IEC TR 62222 pdf – Fire performance of communication cables installed in buildings
Jul,05 389
IEC TR 62222 pdf – Fire performance of communication cables installed in buildings
IEC TR 63042-303 pdf – UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters
Jul,05 268
IEC TR 63042-303 pdf – UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters

Tags

www.standard-codes.com