thr3ads.net - Xen users - Protect data inside domU [Jun 2012]

If this information is useful, please help other people find it:
Share via:

Niu Xinli

2012-Jun-17 10:10 UTC

Protect data inside domU

Hi,
    Normally dom0 root can directly mount domU''s virtual hard disk and
see
what''s in it. Does xen offer a mechanism that can protect domU data
from
curious/malicious administrators?   We are building a private cloud and
wander if we can add such a function. Any help is greatly appreciated.

Best Regards,
Xinli


_______________________________________________
Xen-users mailing list
Xen-users@lists.xen.org
http://lists.xen.org/xen-users

Jonathan Tripathy

2012-Jun-17 10:36 UTC

head link

Re: Protect data inside domU

On 17/06/2012 11:10, Niu Xinli wrote:> Hi,
>     Normally dom0 root can directly mount domU''s virtual hard disk
and
> see what''s in it. Does xen offer a mechanism that can protect domU
> data from curious/malicious administrators?   We are building a 
> private cloud and wander if we can add such a function. Any help is 
> greatly appreciated.
>
> Best Regards,
> XinliThe principal of the Dom0 is that it is "trusted". You can think of it
as the same as the owner/administrator of the physical machine. As such, 
it would be near impossible to add such a function. You could make 
things harder by making the DomUs do some filesystem encryption inside 
their environment, where the key/password is asked for upon boot, 
however please understand that this key will be stored in RAM, which the 
Dom0 administrator still has access to.

Xen users - Jun 2012 - Protect data inside domU

Protect data inside domU

Re: Protect data inside domU