Virtual Trusted Platform Module (vTPM)

Period of Performance: 07/29/2015 - 04/28/2016


Phase 1 SBIR

Recipient Firm

Grammatech, Inc.
531 Esty Street Array
Ithaca, NY 14850
Principal Investigator


ABSTRACT:Trusted platform module(TPM) devices provide the core root of trust for modern computer systems. These devices are used for secure, trusted, and measured boot approaches as well as to secure data for user applications such as Microsoft's Bitlocker technology. However, more and more systems are now virtualized in the cloud. Currently hypervisor technologies either do not provide guests with the needed TPM functionality, or provide a limited and insecure virtual TPM approach. ???GrammaTech proposes the development of a secured virtual TPM server technology, which can be leveraged by all hypervisor systems to provide guests with virtual TPM instances. The approach will leverage hardware enforced isolation mechanisms and the physical TPM of the system to ensure guests have exclusive access to an assigned virtual TPM. In addition, by creating an interface for QEMU, many common hypervisors will be immediately able to leverage the technology. During this development, GrammaTech will be seeking to combine this technology with both existing hypervisors and GrammaTech's own secure hypervisor technology. Our approach has the advantage of the flexibility to be applied anywhere, while providing a new level of security to the virtual TPM.BENEFIT:GrammaTech will provide a virtual TPM server technology be added to most virtualization systems. The benefits of our approach are adaptability and security. The developed technology will be applied to both existing hypervisor solutions and GrammaTech's secure hypervisor solution to provide additionally security capabilities guests of cloud systems. This will enable new security measures to be taken to protect guest systems including secure boot and measured root of trust for users of cloud technology.