* liut...@yahoo.com (liut...@yahoo.com) wrote: > Hi David, Hi Liutao,
> I'm studying the process of postcopy migration, and I found that the memory > pages migrated from source to destination are not encrypted. Does this make > the VM vulnerable if it's memory has been tampered with during postcopy > migration? > > I think precopy has less risk because the source's memory is always altering. > If one page is tampered with during network transfer, with source still > running, then a later version of that page may keep updating. So it would be > quite difficult to track all different page versions, and tamper with the > final version of one page. > > But when it comes to postcopy, the situation is riskier because one specific > page is only transferred once. It's easy to capture all transferring memory > pages, tamper and resend. I don't think there's much difference between precopy and postcopy for security; the only secure way to do migration is over an encrypted transport and that solves it for both precopy and postcopy. I don't think it would be that hard for a malicious person to track the pages in precopy; and indeed what they could do is wait until an interesting page comes along (say one with a hash or the data they're interested in) and then insert a new version of that page later with their own nasty version on - postcopy wouldn't allow that second version. The challenge is to get a nice fast high speed encryption layer, and for post-copy it should have low added latency. > > When the memory been tampered with, the safety of the VM will be compromised. > > Any ideas? thank you!Liutao Dave -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK
