[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] A question about postcopy safety
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Qemu-devel] A question about postcopy safety |
Date: |
Mon, 5 Sep 2016 14:52:14 +0100 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
* address@hidden (address@hidden) wrote:
> Hi David,
Hi Liutao,
> I'm studying the process of postcopy migration, and I found that the memory
> pages migrated from source to destination are not encrypted. Does this make
> the VM vulnerable if it's memory has been tampered with during postcopy
> migration?
>
> I think precopy has less risk because the source's memory is always altering.
> If one page is tampered with during network transfer, with source still
> running, then a later version of that page may keep updating. So it would be
> quite difficult to track all different page versions, and tamper with the
> final version of one page.
>
> But when it comes to postcopy, the situation is riskier because one specific
> page is only transferred once. It's easy to capture all transferring memory
> pages, tamper and resend.
I don't think there's much difference between precopy and postcopy for security;
the only secure way to do migration is over an encrypted transport and that
solves
it for both precopy and postcopy.
I don't think it would be that hard for a malicious person to track the pages
in precopy;
and indeed what they could do is wait until an interesting page comes along
(say one with a hash or the data they're interested in) and then insert a new
version
of that page later with their own nasty version on - postcopy wouldn't allow
that second version.
The challenge is to get a nice fast high speed encryption layer, and for
post-copy
it should have low added latency.
>
> When the memory been tampered with, the safety of the VM will be compromised.
>
> Any ideas? thank you!Liutao
Dave
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK
- Re: [Qemu-devel] A question about postcopy safety,
Dr. David Alan Gilbert <=