Trusted Computing for the Java(tm) Platform  
General
News
General Info
Mailing Lists
Downloads
SF Project Page
Links
jTSS
About
Documentation
Javadoc TSP
Javadoc full
jTpm Tools
About
Documentation
acTvSM platform
Documentation
jTSS Wrapper
About
Documentation
PrivacyCA
About
Documentation
Compartment
TCcert Tool
About
Documentation
Javadoc
XKMS lib
About
Documentation
Javadoc
TCPVM
About
Documentation
 
 

 
 

Java is a trademark of Sun Microsystems, Inc. See here for more information.

v0.1
Tobias Vejda <tvejda_iaik@users.sourceforge.net>

1. Introduction

The IAIK/Java VM for TCP Implementations is an amendment to the OpenJDK implementation realizing various services for the support of Trusted Computing functionality for legacy Java (tm) applications. It measures data according to the Trusted Computing Group (TCG) specifications using TPM functionality, thus allowing full integration of the Java VM into a Trusted Computing Platform (TCP) by extending a given chain-of-trust into the managed Java environment. The functionality is achieved through hooks in the code. IAIK/Java VM for TCP Implementations is deployed as a patch to the OpenJDK sources.

The measurement architecture is named Integrity Service Provider (ISP). The current implementation supports measurement of classes, JAR-files and configuration files at run-time. A further feature is to enforce that the Java VM runs only with known classes. There are two modes this software can be run in:

  • A "VM mode": The ISP is integrated into the class loading process of the HotSpot (tm) VM. This modus measures classes and native libraries at load-time. As the number of classes may become potentially large, a lazy measurement agent caches the measurements in the VM instead of transmitting every measurement to the TPM. This functionality is for testing purposes only and not activated by default.

  • A "Java mode": A second version of the ISP is integrated into the Java runtime library and measures JAR-files and classes at load-time. The runtime classes and native libraries from the JDK have to be measured by the operating system at beforehand.

The ISP uses a Trusted Software Stack (TSS) as defined by the TCG specifications to perform the measurements. The Platform Configuration Register (PCR) usage model is as follows:

  • For VM specific classes and libraries: All classes from the VM (e.g. from rt.jar) as well as native libraries are measured into PCR#10. This behavior is only achieved in the "VM mode".

  • For application specific classes: All classes from application class loaders (e.g. the application itself, extension files from the ext directory of the VM) are measured into PCR#11.

The only way of configuring this behavior at the moment is through editing the source files.

Development of the IAIK/Java VM for TCP Implementations is supported by the European Commission as part of the OpenTC project (Ref. Nr. 027635). For more information about the OpenTC project please refer to the OpenTC Project section below.

The IAIK/Java VM for TCP Implementations package is developed and maintained at the Institute for Applied Information Processing and Communication (Institut fuer Angewandte Informationsverarbeitung und Kommunikation, IAIK), at Graz University of Technology (TU Graz).

1.1. OpenTC Project

The Open Trusted Computing (OpenTC) consortium is an R&D project focusing on the development of trusted and secure computing systems based on open source software. The project targets traditional computer platforms as well as embedded systems such as mobile phones.

The goal of OpenTC is to reduce system-related threats, errors and malfunctions. The lack of platform security in today's computers has given rise to waves of successful attacks, resulting in severe damages to enterprises and potential failure of critical infrastructures.

The OpenTC consortium will define and implement an open Trusted Computing framework. The architecture is based on security mechanisms provided by low level operating system layers with isolation properties and interfaces to Trusted Computing hardware. These layers make it possible to leverage enhanced trust and security properties of the platform for standard operating systems, middleware, and applications.

For more information about the OpenTC project please refer to the OpenTC website.

1.2. A Word of Caution

Please note that the implementation is intended to be used for testing and experimentation purposes only. Moreover it has to be stressed that this is experimental software. Its main purpose currently is research and education.

1.3. License

IAIK/Java VM for TCP Implementations is using a dual licensing model:

  • For Open Source development, IAIK/Java VM for TCP Implementations is licensed under the terms of the GNU GPL version 2. The full text of the GNU GPL v2 is included in the package or can be found online at (GPL).

  • In all other cases, please contact jce-sales@iaik.at with your intended usage for further information.

2. Technical Documentation

The following sections outline requirements, commands and usage examples for TCPVM.

2.1. Requirements

TCPVM require hardware as well as software support components to achieve full functionality. For some of the components there are several options. This section lists these options and provides some background information that helps to pick a suitable component.

Naturally, a hardware TPM or a TPM emulator is a "must" requirement. Additionally, administrative (i.e. root) permissions are usually required to directly access the TPM device.

2.1.1. OpenJDK sources

To use the TCPVM you need to download the source code of OpenJDK as available on OpenJDK. The OpenJDK version used to develop this software is jdk7-b23. In some cases the patch may be successfully applied to other versions than jdk7-b23, however, this has not been tested.

Note that the OpenJDK has numerous build requirements on its own which this documentation does not cover. Refer to OpenJDK Build and the README linked there to get an overview over the external dependencies and assistance in building the OpenJDK.

2.2. Compiling and Installing

This section will guide you through the build and installation process. It covers the TPM Emulator from ETH, the TrouSerS TSS stack, the IAIK/OpenTC jTSS Wrapper and finally the IAIK/Java VM for TCP Implementations.

2.2.1. Building and Installing the TPM Emulator

If you have a hardware TPM you can skip this step (but you have to make sure that you have a hardware driver installed for your TPM that is compatible with TrouSerS).

  • download the sources (v0.5 or above) from: TPM Emulator

  • unpack the sources: tar zxf tpm_emulator-0.5.tar.gz

  • enclosed you will find a README file that describes the next steps

  • build and install the TPM emulator according to the README

2.2.2. Building and Installing the TrouSerS TSS stack

  • download the sources (v0.2.9.0 or v0.2.9.1) from: TrouSerS

  • unpack the sources: tar zxf trousers-0.2.9.tar.gz

  • enclosed you will find a README file that describes the next steps

  • if you use a TPM version 1.2 you need to apply IAIK's TPM 1.2 Patch for TrouSerS 0.2.9 before building. It is available from the IAIK/OpenTC jTSS Wrapper download site.

  • build and install the TrouSerS TSS stack according to the README

2.2.3. TSS Wrapper

The software requires the IAIK/OpenTC jTSS Wrapper for the build process to complete. This component has to be downloaded from the IAIK/OpenTC jTSS Wrapper download site and built accordingly. The version TCPVM has been tested with is IAIK/OpenTC jTSS Wrapper v. 0.3. It is recommended to execute the testcases shipped with the IAIK/OpenTC jTSS Wrapper to make sure that the TPM interface has been set up correctly.

2.2.4. Building and Installing the IAIK/Java VM for TCP Implementations

This section provides a step by step guide of the build process for the IAIK/Java VM for TCP Implementations.

Download and unpack the OpenJDK source and setup the external requirements (system, compiler, dependencies, etc.) as described on OpenJDK Build. The downloads are available from OpenJDK. The two files containing the OpenJDK source are "openjdk-7-ea-src-b23-30_oct_2007.zip" and "jdk-7-ea-plug-b23-linux-i586-30_oct_2007.jar". A binary snapshot can be downloaded from OpenJDK Build and is needed for the build as well. At first skip the next step (the application of the patch files) and try to to create a clean, unmodfied build of the JDK to make sure that your environment is up to the task. After the unpatched build completes, erase the results as they will interfere with repeated builds.

Apply the patch using commands similar to
cd hotspot
patch -p1 -l < <path_to_patch>/hotspot_tcpvm_0.1.patch
cd ../jdk
patch -p1 -l < <path_to_patch>/jdk_tcpvm_0.1.patch

Check that the output contains no errors (i.e. that any of the hunks actually failed to be inserted). Differences in line numbers will probably occur - the output will say something like "Hunk #1 succeeded at 93 (offset -16 lines)." (for several of the hunks).

Copy the binary files created by building the IAIK/OpenTC jTSS Wrapper into the OpenJDK src tree at
<path_to_openjdk>/j2se/make/tools/tc
(The build assumes the files iaik_jtss_wrapper.jar, iaik_jtss_wrapper_swig.jar, iaik_jtss_tsp.jar, libtspiwrapper.so to be in this directory.)

Open the build script (build.sh) with your favorite text editor and customize the following options:

  • ALT_DEVTOOLS_PATH path to development tools (gcc, g++, binutils, …)

  • ALT_BOOTDIR path to bootstrap JDK (has to be >= 1.6.0)

  • ALT_JDK_IMPORT_PATH path to import JDK

  • ALT_BINARY_PLUGS_PATH path to binary plugins

  • ALT_OUTPUTDIR path to output directory of build

  • ANT_HOME path to the local Ant installation

Now save and close the build script.

Build the TCPVM with
build.sh.

Note: For linking, it is assumed that the libtspi library of TrouSerS is located in a path known to your linker. Furthermore the OpenSSL crypto library is needed as well. It is not possible to set the LD_LIBRARY_PATH variable as the OpenJDK build disallows this.

After the build, you should have a working copy of OpenJDK in the output directory specified in the build script. You can test it by running the demo applications.

2.3. Usage

There is no special installation procedure required to use the IAIK/Java VM for TCP Implementations. For simple demonstration purposes, the demo programs in the output directory can be executed using the newly built java binary.

To access the functionality provided with this patch, the following command-line arguments can be used:

  • iaik.tc.enable Enables the measurement functionality and allows two modes. Either the ISP in the VM itself (via -Diaik.tc.enable=vm) or in the Java class libraries (via -Diaik.tc.enable=Java) are activated. This allows different granularities of the measurement approach to be tested. The VM ISP measures all loaded classes (including system classes) and native libraries. The Java ISP only measures class files (and JAR-files) that are application specific or from external libraries.

  • iaik.tc.debug Shows debug information about the files that are measured and what actions are taken.

  • iaik.tc.secureboot Runs the VM with known classes only. This parameter also needs the storage directory of the measurements specified by iaik.tc.store.

  • iaik.tc.store Specifies the storage directory of the reference measurements (via -Diaik.tc.store=<directory>). If the parameter iaik.tc.secureboot is not given, the ISP uses this directory as a target directory to store the measurements.

Remember to start the TrouSerS CS daemon tcsd before using the TCPVM.

2.4. Example

This section provides an example for the usage of this software using a demo application provided with the OpenJDK.

The TCPVM activates the security manager by default. To work with TCPVM and the demos, certain security permissions have to be set. The easiest way to do this is in a file ".java.policy" in your home directory. For the Metalworks demo that is used in the following paragraphs, the file should have the following contents:

grant { permission java.util.PropertyPermission "sun.awt.noerasebackground", "read,write"; };

Move into the build directory as specified in the build script (see build instructions) and change into the demo/jfc/Metalworks directory.

  • Type ../../../bin/java -Diaik.tc.enable=vm -Diaik.tc.debug -jar Metalworks.jar to run the demo with measurements enabled.

  • For storage of measurements type ../../../bin/java -Diaik.tc.enable=vm -Diaik.tc.store=meas -jar Metalworks.jar to take a measurement snapshot of the application. The measurements are stored in the directory meas.

  • For a "run with known-classes only" demo, type ../../../bin/java -Diaik.tc.enable=vm -Diaik.tc.store=meas -Diaik.tc.secureboot -jar Metalworks.jar. The TCPVM will stop execution if a measurement is missing or contains the wrong value.

3. Support

For questions, bug reports, feature requests, patches, criticism or suggestions please use the following mailing list: trustedjava-support@lists.sourceforge.net.

4. Trademarks

Java (tm) and all Java based marks are a trademark or registered trademark of Sun Microsystems, Inc, in the United States and other countries. All other trademarks and copyrights are property of their respective owners.

5. Revision History

date version comment
2007/11/22 0.1 initial release of IAIK/Java VM for TCP Implementations