How does the TPM provide security for the cloud?

Question

The primary scope of TPM is to assure the integrity of a platform. In this context, "integrity" means "behave as intended". ~Wiki

I'm learning more about how the TPM performs integrity covering aspects as root of trust, chain of trust, PCRs measurements, remote attestation.

On the other hand, a cloud provider needs to enforce strict security policies, requiring additional trust in the clients. To improve the mutual trust between consumer and cloud provider, so how is the TPM related & applies to security in the cloud?

Answer 1

The most useful case for TPM-backed security in cloud computing is providing greater assurance to a tenant that the cloud provider is running the software they expect. Because the cloud provider controls the hardware the software is running on they (or someone who hacks their infrastructure) are in a privileged position and could insert rootkits or otherwise compromise the expected security properties of the software the tenant asks them to run. However, software running on machines equipped with TPMs can attest to the state of their platform, allowing the tenant to remotely verify that the software is in a desired state (i.e. only the expected code has been run). A TPM can also be used to restrict the usage of certain keys or credentials so the cloud provider cannot copy them or use them outside of the context of running the tenant's workload.

It's important to realize, however, that TPMs do not provide physical security. They are typically tamper-proof themselves, but even if you trust that the TPM can protect its root keys and is operating correctly its only awareness of the system's state is through by a series of measurements provided by other hardware components and software processes. Barring serious CPU/chipset/firmware flaws, this sequence of measurements cannot be faked by malicious software -- but it can be faked by anyone with physical access to the TPM chip and a soldering iron. This means that a tenant always has to trust the cloud provider to some extent; still, TPMs can provide effective defense against hackers who might compromise a cloud provider's infrastructure, which is usually what people are more concerned about.

Answer 2

Check out this article about Virtual TPM written by IBM researchers:

vTPM: Virtualizing the Trusted Platform Module

By Stefan Berger, Ramon Caceres, Kenneth A. Goldman, Ronald Perez, Reiner Sailer and Leendert van Doorn (see article for their e-mail addresses)

https://pdfs.semanticscholar.org/d793/325dfe5eae1f15e0596b3e6e7fae9954f151.pdf

---

Abstract:

We present the design and implementation of a system that enables trusted computing for an unlimited number of virtual machines on a single hardware platform. To this end, we virtualized the Trusted Platform Module (TPM). As a result, the TPM’s secure storage and cryptographic functions are available to operating systems and applications running in virtual machines. Our new facility supports higher-level services for establishing trust in virtualized environments, for example remote attestation of software integrity.

We implemented the full TPM specification in software and added functions to create and destroy virtual TPM instances. We integrated our software TPM into a hypervisor environment to make TPM functions available to virtual machines. Our virtual TPM supports suspend and resume operations, as well as migration of a virtual TPM instance with its respective virtual machine across platforms. We present four designs for certificate chains to link the virtual TPM to a hardware TPM, with security vs. efficiency trade-offs based on threat models. Finally, we demonstrate a working system by layering an existing integrity measurement application on top of our virtual TPM facility.