Deep Attestation - Virtualise a Hardware-bound Trusted Platform Module

As digitization continues, modern software-defined infrastructures that optimize the use of existing hardware resources have gained importance. Cloud computing is an example of this shift, as it makes hardware resources available to developers and service providers, preventing over-provisioning and wasting resources. However, this reliance on virtualization and software deployments has left these infrastructures exposed to various software attacks, requiring robust security measures. Critical security and reliability requirements of software infrastructures are analyzed and discussed, with a focus on defending against software attacks. To mitigate such threats, technologies such as Trusted Execution Environment and Trusted Platform Module are widely used. The latter enables defense techniques such as Remote Attestation to verify hardware and software. In virtualization scenarios, hypervisors manage hardware resources for allocation to virtual machines. Consequently, the TPM must also be virtualized to provide the same level of security as non-virtualized systems. Various research efforts have aimed to link virtual TPMs instantiated for different VMs to the physical TPM at the hypervisor level to also perform virtual/physical layer binding. This process is referred to as Deep Attestation. This thesis analyzes the challenges and tradeoffs associated with current Deep Attestation solutions which suffer of vulnerabilities or infeasibilities and contributes to the ongoing debate on securing virtualized environments by implementing a proof of concept of a proposed solution that is expected to overcome the limitations of existing solutions. This thesis analyzes the challenges and inherent tradeoffs within existing Deep Attestation solutions, addressing their limitations such as vulnerabilities and feasibility. It contributes to the ongoing debate on securing virtualized environments by implementing a proof of concept of a proposed solution that is expected to overcome previous limitations.