Open Hypervisor - Home

Overview

2. Use Cases

In the OpenTC-project, several usage scenarios were developed. We present them here in a nutshell, and provide links for further reading:

  • Private Electronic Transactions (PET): Home banking via the Internet has become a convenient and simple way to do financial transactions. Although commonly used, Internet home banking has several security issues which have been reported in public media. For example, phishing is a popular form of attack based on social engineering and deception. In our scenario, it is assumed that a private user will continue to use a legacy operating system for his or her everyday tasks. In parallel to the legacy OS, OpenTC provides isolated compartments tailored for specific purposes. Such a compartment is the banking compartment of this use case. Interaction with the bank is based on a web browser which is running in this compartment. For secure communication with the bank, the user switches from the compartment running the legacy OS to the banking compartment. Currently, banks are securing home banking in various ways, e.g. with separate hardware. What cannot be protected using such means is the display which shows how much funds one as, so an attacker might learn who is a wealthy customer and think of appropriate attacks, online or offline. However, with secure virtualization any part of the screen can be isolated. I.e., if a compartment is set up to only talk to the bank, there would be no way of eavesdropping anything. For more details, see the newsletter article on "Private Electronic Transactions" in the OpenTC Newsletter No. 3.
  • Corporate Computing @ Home (cc@h): In this scenario, a corporation is interested in controlling access to and handling of critical information (e.g., classified documents, contracts, content) securely, i.e., protecting it from non-cleared usage. An employee should not be able to circumvent control mechanisms by using available functions for her own purpose, or by exploiting security weaknesses of existing software components. The corporation wants that the employees conduct their private matters outside of the corporate OS. The corporation can use remote attestation to verify the state of the Trusted Computing Base and the corporate compartment. Outside the corporate OS, the user can have her own compartments, e.g. another copy of the corporate OS for private use, and even more compartments, e.g. a compartment for banking (see PET above).
    For more details about cc@h, see OpenTC Newsletter No. 5.
  • corporate computing @ home

    Screenshot of "corporate computing @ home" prototype, with sealed personalised image (upper left corner).

  • Virtual Data Centre (VDC): The trusted virtual data center application scenario illustrates the provisioning of physical resources in a data center to customers' virtual infrastructures while satisfying strong security requirements to insure the level of security is comparable to physically separate servers. The scenario is intended to demonstrate the cross-platform security management framework for managing multiple machines. The goal is to show that trusted virtualization in a data center can improve security assurances for the outsourcing company while maintaining the advantages of virtualization, namely increased utilization and more efficient allocation of resources, improved flexibility and adaptability, and decreased expenses. For more details about VDC, see OpenTC Deliverable D02.3, section 5.2.

Page 2 of 4 pages  <  1 2 3 4 >