8

I'm looking for a way of securing my VM on untrusted host as much as possible.

This is my situation: I have a ssh access to a remote host machine which I don't trust. I will upload and run a virtual machine. VM contains encrypted partition with sensitive data and this partition will be mounted after VM start. What steps should I do to protect host machine from accessing to this VM?

I know it probably never be 100% secure if remote machine owner have access to physical memory on that machine. I just want to make access to this VM as difficult as possible. One of my ideas is to set up triggers which will auto-dismount encrypted partition in case of unauthorised try to access to VM. Is is a good idea? Is there some solution to do this job? What other options do I have?

Peter
  • 580
  • 8
  • 22
  • 1
    This is a really interesting question that is receiving a lot of attention from the security community right now. Currently, strong encryption is your best bet, but there is still the danger of data being read from memory if/when it's decrypted for processing. I am sure there will be a lot of work coming out in the future on this topic. Here's an interesting [research paper](https://www.cs.purdue.edu/homes/bb/cs590/papers/secure_vm.pdf) that I briefly scanned through - nothing that's in production currently but some interesting ideas. – akirilov Feb 24 '14 at 23:54

2 Answers2

2

Access to the physical memory would allow them to mount the encrypted partition separate to the VM. An auto-dismount encryption would protect against those accessing via the VM which helps.

Other than partition encryption you could also have secondary encryption on important files or folders on the partition. Also possibly setting up an email send on access to alert you when someone is accessing the partition. This may allow you to wipe it remotely if you feel its insecure.

If its really important an auto wipe encryption may be possible however it is always very difficult if you don't have physical access.

The best option at the moment is simply to encrypt using a trusted strong partition encryption software like http://www.truecrypt.org/

CRiv
  • 41
  • 2
0

The premise on Virtual Machines, is that they are isolated from each other and from the host so a virtual memory read attack should be an VW software issue.
Regarding the virtual disk this one can be copied, in this case the best solution is an cryptographed file system with strong algorithms.
However is important to notice that the applications and services running on this VM may be vulnerable to attacks, and may be the main entry point to an attacker. I suggest that you leave exposed only the necessary ports and check if these ports/services doesn't have any vulnerability.

WelsonJR
  • 299
  • 3
  • 5