[guardian-dev] can private services actually remain private "in the cloud"?

Hans-Christoph Steiner hans at guardianproject.info
Fri Sep 27 13:08:44 EDT 2013


I just heard that DuckDuckGo runs a lot of their infrastructure on Amazon Web
Services[1].  That got me thinking: how much data can a VM host get without
intrusive monitoring of the VMs?  I think it is clear Amazon can monitor
detailed information about network traffic without doing anything inside a VM
instance.  That network traffic is going thru the hypervisor first.   I
suppose this is no different than what the ISP of a server can see, so perhaps
that is not a feasible concern since its unavoidable.

Then more intrusive monitoring is probably also possible without being
detected since the hypervisor can see everything that happens in each VM
instance. So if a government wanted to track users of private services, they
could order the VM provider to install monitoring software in their
hypervisors.  This could then provide detailed monitoring of any VM instance
without the owner of that instance knowing it was happening.

[1]
http://highscalability.com/blog/2013/1/28/duckduckgo-architecture-1-million-deep-searches-a-day-and-gr.html

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81


More information about the Guardian-dev mailing list