[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] A question about postcopy safety
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] A question about postcopy safety |
Date: |
Mon, 5 Sep 2016 15:00:09 +0100 |
User-agent: |
Mutt/1.7.0 (2016-08-17) |
On Mon, Sep 05, 2016 at 02:52:14PM +0100, Dr. David Alan Gilbert wrote:
> * address@hidden (address@hidden) wrote:
> > Hi David,
>
> Hi Liutao,
>
> > I'm studying the process of postcopy migration, and I found that the memory
> > pages migrated from source to destination are not encrypted. Does this make
> > the VM vulnerable if it's memory has been tampered with during postcopy
> > migration?
> >
> > I think precopy has less risk because the source's memory is always
> > altering. If one page is tampered with during network transfer, with source
> > still running, then a later version of that page may keep updating. So it
> > would be quite difficult to track all different page versions, and tamper
> > with the final version of one page.
> >
> > But when it comes to postcopy, the situation is riskier because one
> > specific page is only transferred once. It's easy to capture all
> > transferring memory pages, tamper and resend.
>
> I don't think there's much difference between precopy and postcopy for
> security;
> the only secure way to do migration is over an encrypted transport and that
> solves
> it for both precopy and postcopy.
Agreed, there's no real world difference in the security of pre & post copy.
If you care about security there's no avoiding the need to use an encrypted
transport.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|