A virtual computing utility hosts guest virtual machines on server provider sites. Each VM is an instantiation of some image or virtual appliance, which might be supplied by the VM owner or a third-party image provider. This paper addresses the problem of establishing a secure channel between a VM and an automated controller running on behalf of the VM's authorized owner. A secure channel is an essential toehold for post-install actions by the controller to adapt the VM to its local environment, join it to an application service, and/or monitor and control its execution.

A simple and practical solution is to modify an image for a particular site or owner, e.g., by pre-installing keys or tokens onto the image. That approach compromises the portability of images, and could interfere with image sharing, use of new operating systems on image appliances, or endorsement of standard images by image providers.

This paper presents an alternative solution that preserves the portability of images. The solution employs a standard keymaster service on the images. The keymaster and controller conduct a one-round binding protocol for mutual authentication and key exchange, seeded by secure tokens passed from the utility boot authority. The binding protocol relies only on security mechanisms at the transport layer and above, so it is suitable for use with remote controllers.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Sumalatha Adabala , Vineet Chadha , Puneet Chawla , Renato Figueiredo , José Fortes , Ivan Krsul , Andrea Matsunaga , Mauricio Tsugawa , Jian Zhang , Ming Zhao , Liping Zhu , Xiaomin Zhu, From virtualized resources to virtual computing grids: the In-VIGO system, Future Generation Computer Systems, v.21 n.6, p.896-909, June 2005  [doi>10.1016/j.future.2003.12.021]
	2	Amazon.com, Inc. Amazon Elastic Compute Cloud (Amazon EC2). http://www.amazon.com/ec2.
	3	Andy Bavier , Mic Bowman , Brent Chun , David Culler , Scott Karlin , Steve Muir , Larry Peterson , Timothy Roscoe , Tammo Spalink , Mike Wawrzoniak, Operating system support for planetary-scale network services, Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation, p.19-19, March 29-31, 2004, San Francisco, California
	4	R. Bradshaw, N. Desai, T. Freeman, and K. Keahey. A Scalable Approach to Deploying and Managing Appliances. In Proceedings of the TerraGrid Conference, 2007.
	5	W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT-22(6):644--654, 1976.
	6	Paul Barham , Boris Dragovic , Keir Fraser , Steven Hand , Tim Harris , Alex Ho , Rolf Neugebauer , Ian Pratt , Andrew Warfield, Xen and the art of virtualization, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	7	Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	8	David Irwin , Jeffrey Chase , Laura Grit , Aydan Yumerefendi , David Becker , Kenneth G. Yocum, Sharing networked resources with brokered leases, Proceedings of the annual conference on USENIX '06 Annual Technical Conference, p.18-18, May 30-June 03, 2006, Boston, MA
	9	K. Keahey , I. Foster , T. Freeman , X. Zhang, Virtual workspaces: Achieving quality of service and quality of life in the Grid, Scientific Programming, v.13 n.4, p.265-275, October 2005
	10	H. Krawczyk , M. Bellare , R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC Editor, 1997
	11	nanoHUB. http://www.nanohub.org/.
	12	Constantine Sapuntzakis , David Brumley , Ramesh Chandra , Nickolai Zeldovich , Jim Chow , Monica S. Lam , Mendel Rosenblum, Virtual Appliances for Deploying and Maintaining Software, Proceedings of the 17th USENIX conference on System administration, October 26-31, 2003, San Diego, CA
	13	Sun Microsystems. Sun GridEngine, October 2004. http://gridengine.sunsource.net/.
	14	Trusted Computing Group. Trusted platform module specification. https://www.trustedcomputinggroup.org/groups/tpm/.
	15	B. Waldman, A. Gillen, and J. Humphreys. Liquid Computing for a Dynamic Datacenter, 2007.