[guardian-dev] can private services actually remain private "in the cloud"?
Lee Azzarello
lee at guardianproject.info
Fri Sep 27 17:06:17 EDT 2013
I assume host OS monitoring is what every cloud infrastructure provider
does. Access to the host OS (dom0 in Xen jargon) is the virtual equivalent
of a local terminal in a rack.
Most networking for VMs running a Linux kernel is implemented with bridging
and NAT. There is a way to bind a VM guest directly to a physical NIC but
this is rare. This means packet inspection per guest (DomU in Xen jargon)
can be done with tcpdump on the host.
This is an excellent case to encrypt everything. Though a host compromise
may grant access to a root shell on each guest.
-lee
On Friday, September 27, 2013, Hans-Christoph Steiner wrote:
>
> I just heard that DuckDuckGo runs a lot of their infrastructure on Amazon
> Web
> Services[1]. That got me thinking: how much data can a VM host get without
> intrusive monitoring of the VMs? I think it is clear Amazon can monitor
> detailed information about network traffic without doing anything inside a
> VM
> instance. That network traffic is going thru the hypervisor first. I
> suppose this is no different than what the ISP of a server can see, so
> perhaps
> that is not a feasible concern since its unavoidable.
>
> Then more intrusive monitoring is probably also possible without being
> detected since the hypervisor can see everything that happens in each VM
> instance. So if a government wanted to track users of private services,
> they
> could order the VM provider to install monitoring software in their
> hypervisors. This could then provide detailed monitoring of any VM
> instance
> without the owner of that instance knowing it was happening.
>
> [1]
>
> http://highscalability.com/blog/2013/1/28/duckduckgo-architecture-1-million-deep-searches-a-day-and-gr.html
>
> .hc
>
> --
> PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org <javascript:;>
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org<javascript:;>
> Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/lee%40guardianproject.info
>
> You are subscribed as: lee at guardianproject.info <javascript:;>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130927/d5c42c78/attachment-0001.html>
More information about the Guardian-dev
mailing list