VIMM: Runtime Integrity Measurement of a Virtualized Operating System

This paper discusses the design of the Virtualization Integrity Measurement Monitor (VIMM) framework, which aims to provide runtime integrity measurement of a virtualized guest OS. Kernel memory and additional hardware state changes are constantly monitored and aggregated into a combined guest OS state, which is reported to a Trusted Platform Module (TPM), thus providing a trusted integrity measurement in runtime. This measurement can then be used for data protection (sealing of secret keys) and remote attestation based on the runtime integrity of the guest OS.