Skip to main content

Technical Reports: CMU-CyLab-09-003

Title:TrustVisor: Efficient TCB Reduction and Attestation (revised March 10, 2010)
Authors:Jonathan M. McCune, Ning Qu, Yanlin Li, Anupam Datta, Virgil D. Gligor, Adrian Perrig
Publication Date:March 9, 2009


We develop a special-purpose hypervisor called TrustVisor that facilitates the execution of security-sensitive code in isolation from commodity OSes and applications. TrustVisor provides code and execution integrity as well as data secrecy and integrity for protected code, even in the presence of a compromised OS. These strong properties can be attested to a remote verifier. TrustVisor only adds 5306 lines to the TCB (over half of which is for cryptographic operations). TrustVisor imposes less than 7% overhead in the common case. This overhead is largely the result of today’s x86 hardware virtualization support.

Full Report: CMU-CyLab-09-003