Encrypted VM's (was Re: OT: Cloud Computing is coming to ...)

Michael Semcheski mhsemcheski at gmail.com
Tue Jul 20 16:02:43 UTC 2010


On Tue, Jul 20, 2010 at 11:16 AM, Stephen Gallagher <sgallagh at redhat.com> wrote:
> A properly-designed cloud computing solution is one where the virtual
> machines being hosted in the cloud can be fully encrypted so that the
> hosting provider cannot (feasibly) glean any information from them.

I do not see a point of an encrypted guest on a third party host.

If you control the host, couldn't you grab the encryption key from the
running guest's RAM?  Or, maybe you could seed the entropy that the
guest sees, thus removing randomness and compromising any key
generation on the guest?

I'm not saying that those things would be trivial to do - though I
would guess the second time would be a lot easier for an attacker than
the first.

But, it doesn't seem proper to me to have something you hneed to
encrypt on a guest on an untrusted host.  (Excepting the obvious case
where you're just storing a random file on the guest and never
decrypting it or letting the keys into the RAM of the guest.)


More information about the users mailing list