Bootstrapping trust in a "trusted" virtualized platform

Hagen Reinhard Lauer, Amin Sakzad, Carsten Rudolph, Surya Nepal

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

5 Citations (Scopus)


The Trusted Platform Module (TPM) can be used to establish trust in the software configuration of a computer. Virtualizing the TPM is a logical next step towards building trusted cloud environments and providing a virtual TPM to a virtual machine promises a continuation of trusted computing concepts. The association between a virtual TPM and a virtual machine is a critical concern. We show that a "trusted'' virtualized platform may fall victim to a Goldeneye attack. In this work, we put forward a formal model for virtualization systems and trusted virtualized platforms. We pair this with a model for establishing trust in a virtualized platform following conventional reasoning over trusted computing systems. We show that if a Goldeneye attack is successful, it would allow a verifier to establish trust in an untrustworthy platform. We discuss attack vectors and possible solutions which would mitigate Goldeneye.

Original languageEnglish
Title of host publicationProceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race
EditorsThanassis Giannetsos, Daniele Sgandurra
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Number of pages12
ISBN (Electronic)9781450368407
Publication statusPublished - 15 Nov 2019
EventACM Workshop on Workshop on Cyber-Security Arms Race 2019 - London, United Kingdom
Duration: 15 Nov 201915 Nov 2019
Conference number: 1st (Proceedings) (Website)


ConferenceACM Workshop on Workshop on Cyber-Security Arms Race 2019
Abbreviated titleCYSARM'19
Country/TerritoryUnited Kingdom
Internet address


  • trust model
  • trusted computing
  • virtual tpm
  • vulnerabilities

Cite this