ISO IEC 27070 pdf – Information technology — Security techniques — Requirements for establishing virtualized roots of trust
baseline library: It provides capabilities of storing and maintaining some important data, such as the integrity measurement results, baseline values, etc;
-migration controller: It establishes a migration policy and instructs the migration engine to perform which operations.
The RA server, PCA and baseline library have no special functional or security features to support virtualized RoTs. Hence, this document only lists the functional and security requirements for migration controller in 5.5.2 and 5.5.3.
5.5.2 Functional requirements of key components
A migration controller shall provide the following functions.
一Determine the scenario when a vTM instance needs to be migrated to a new platform.
– – Instruct the migration engine to initiate the migration.
一Listen for notification of a vTM instance migration completion.
5.5.3 Security requirements of key components
A migration controller shall meet the following security requirements.
-The migration controller shall be authenticated by an external entity to ensure that it is trusted.
Ensure that migration controller is protected from network vulnerabilities and runs in anenvironment that is remotely verifiable.
The migration controller shall support polices allowing a vTM that is cryptographically protectedby an underlying TM to be moved to another platform.
The migration controller shall have access to information about the trustworthiness of each systemso it can optionally enforce restrictions on where the migration is allowed to occur.
6 Activity view
This clause describes how the functional components defined in Clause 5 are used to implementthe essential trusted computing activities such as transitive trust, integrity measurement, remoteattestation, data protection and vTM migration. These activities are required in the cloud computingenvironment supporting virtualized RoT. The logical relationship between the activity view and thefunctional view is illustrated in this document (see AnnexA).
Transitive trust is a process that the RoT is used to establish the trust of an initial executable function,and trust in that function is then used to establish the trust of the hardware platform, OS, application,which extends a chain of trust to the entire computing system.
Iln this transitive trust activity, the CRTM measures the hardware layer as the start point. Afterthe hardware layer is measured, the chain of trust is extended to the VMM layer via measuring thecomponents of the VMM layer. After the VMM layer is measured, the chain of trust is extended to theVM layer. The measured values of hardware layer and VMM layer are extended into PCRs within theTM, and the measured values of VM layer are extended into vPCRs within the vTM.In this document,the PCR definitions are presented in Table 1. The vPCR definitions in the virtualization environmentare similar to the PCRs.
This transitive trust activity consists of three steps:- transitive trust in host;
– transitive trust in VMM;-transitive trust in VM.
6.2.2Transitive trust in host
– After the system is powered on, the CRTM measures the BlOS, and stores the measured result into
一 The BIOS measures the boot loader, and stores the measured result into the PCR.- The boot loader measures the OS kernel, and stores the measured result into the PCR.— The OS kernel measures the VMM, and stores the measured result into the PCR.6.2.3 Transitive trust in VMM
The VMM measures the vTM manager and other files, and stores these measured results into PCRs.6.2.4 Transitive trust in vM
The transitive trust chain in VM is built based on the vTM instance, which is similar to the transitivetrust in host.
NOTE The vCRTM implementation is out of scope.6.3 Integrity measurement
ln integrity measurement activity,the CRTM first measures a component and then generates ameasurement event. A measurement event consists of measured values and event description. Themeasured values are hash digests that represent the embedded data or program code in a component.The measured values are stored in PCRs and the event description is stored in a measurement log.Figure 4 shows the process of integrity measurement with two components.