WELES: Policy-driven Runtime Integrity Enforcement of Virtual Machines

TL;DR

WELES is a protocol that enables tenants to verify and maintain the runtime integrity of virtual machines in cloud environments, providing continuous trust assurance against powerful adversaries with minimal performance impact.

Contribution

It introduces WELES, a novel, transparent, and practical protocol for runtime integrity attestation of VMs, addressing limitations of existing trusted computing solutions.

Findings

WELES effectively performs implicit attestation during secure login.

The protocol maintains VM integrity trust with low performance overhead.

Prototype evaluation confirms practicality and efficiency.

Abstract

Trust is of paramount concern for tenants to deploy their security-sensitive services in the cloud. The integrity of VMs in which these services are deployed needs to be ensured even in the presence of powerful adversaries with administrative access to the cloud. Traditional approaches for solving this challenge leverage trusted computing techniques, e.g., vTPM, or hardware CPU extensions, e.g., AMD SEV. But, they are vulnerable to powerful adversaries, or they provide only load time (not runtime) integrity measurements of VMs. We propose WELES, a protocol allowing tenants to establish and maintain trust in VM runtime integrity of software and its configuration. WELES is transparent to the VM configuration and setup. It performs an implicit attestation of VMs during a secure login and binds the VM integrity state with the secure connection. Our prototype's evaluation shows that WELES is practical and incurs low performance overhead.