[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] A question about postcopy safety
|
From: |
Kashyap Chamarthy |
|
Subject: |
Re: [Qemu-devel] A question about postcopy safety |
|
Date: |
Mon, 29 Aug 2016 16:00:25 +0200 |
|
User-agent: |
Mutt/1.6.0.1 (2016-04-01) |
On Mon, Aug 29, 2016 at 12:51:20PM +0000, address@hidden wrote:
> Hi David,I'm studying the process of postcopy migration, and I found
> that the memory pages migrated from source to destination are not
> encrypted. Does this make the VM vulnerable if it's memory has been
> tampered with during postcopy migration?
If you already haven't, you might want to take a look at this post,
which discusses the security details during live migration with
post-copy.
https://www.berrange.com/posts/2016/08/16/improving-qemu-security-part-7-tls-support-for-migration/
It also has an example of setting the 'tls-creds' field with
'migrate-set-parameters' QMP command to use TLS, before triggering
'migrate' QMP command.
> I think precopy has less risk because the source's memory is always
> altering. If one page is tampered with during network transfer, with
> source still running, then a later version of that page may keep
> updating. So it would be quite difficult to track all different page
> versions, and tamper with the final version of one page.
>
> But when it comes to postcopy, the situation is riskier because one
> specific page is only transferred once. It's easy to capture all
> transferring memory pages, tamper and resend.
>
> When the memory been tampered with, the safety of the VM will be
> compromised.
>
> Any ideas? thank you!Liutao
--
/kashyap