[dm-crypt] General question: Encrypytion on virtual servers (VPS/Vserver)

Arno Wagner arno at wagner.name
Tue Feb 21 17:21:24 CET 2017


On Tue, Feb 21, 2017 at 14:58:07 CET, Daniel P. Berrange wrote:
> On Tue, Feb 21, 2017 at 02:42:51PM +0100, michaelof at rocketmail.com wrote:
[...]
> If the attacker has access to the physical host while your VM is running,
> then (with current hardware) there is essentially nothing you can do to
> prevent a skilled person getting your master key out of VM memory. AMD
> recently announced a memory encryption feature that might make it possible
> to protect guest keys from a host attacker, but its still very early days
> in its developement & integration into virtualization technology, so a very
> long way off being available in any public hosting provider.

I think this is more about proteching VMs from each other than 
from the Hypervisor, think memory deduplication, copy-on-write
and caches that leak information from one VM to another.  

Regards,
Arno


-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier


More information about the dm-crypt mailing list