[Gllug] Cloud computing ( was Re: Linux Petition )
Karanbir Singh
mail-lists at karan.org
Tue Apr 24 13:34:14 UTC 2012
Hi John,
On 04/24/2012 11:30 AM, John Edwards wrote:
>> I think there is merit on both sides. Encryption works to some level to
>> mitigate the idea of data being worth something to anyone else other
>> than the key holder, but then on the flip side you need key instance in
>> the cloud in order to consume the data locally anyway.
> Data can be encrypted in storage (disks) and transit (network), but
> I don't think it can be encrypted in memory if you want to use it.
right, thats what I meant about needing the key used for encryption
needing to be available locally if there is going to be a need to
process the data locally in the cloud.
> That means that a superuser on virtual host can read the memory
> of any guest machine. That will include a lot of unencrypted
> sensitive data, although it would not be easy to sort through.
so yes, need to trust hypervisor - but in some cases, also trust all
your neighbours to some degree. its been possible to bring down a
physical machine from inside a xen domU.
Also, since the state of what is visible inside the domU is controlled (
and potentially manipulated ) from the physical host, it makes things a
lot less secure.
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax
GnuPG Key : http://www.karan.org/publickey.asc
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list