Trusted Virtual Containers on Demand
TPM-based trusted computing aspires to use hardware and cryptography to provide a remote relying party with assurances about the trustworthiness of a computing environment. However, standard approaches to trusted computing are hampered in the areas of scalability, expressiveness, and flexibility. This paper reports on the research project to address these limitations by using TPMs inside OpenSolaris: The kernel creates lightweight containers on demand, and uses DTrace and other tools to extend attestation to more nuanced runtime properties. The authors illustrate this work with prototype application scenarios from cyber infrastructure operating the U.S. power grid.