Hi Michael,I dunno how the integration is going regarding the encrypted images, but you can if you can use encrypted images with qemu/ qemu-kvm.If your disk is an encrypted qcow2 image, by typing "cont" in the qemu/ qemu-kvm monitor, you would see something like this :QEMU 0.11.0 monitor - type
Data left on broken disks would be unreadable. -- You don't have to worry
about data destruction before selling/throwing out your disks.
(That could be realized via encrypting the whole compute-node disk, but
that's not quite what I want.)
Another benefit would be, that you as a cloud user
I'm looking into it, but I'm not sure if that's really how I want it to be.
;)
Thanks for the hint.
On Thu, Apr 26, 2012 at 6:08 PM, Razique Mahroua
razique.mahr...@gmail.comwrote:
Hi Michael,
I dunno how the integration is going regarding the encrypted images, but
you can if you can use
+1
From a security stand point I am curious what you see the benefit as?
On Thu, Apr 26, 2012 at 8:53 AM, Michael Grosser d...@seetheprogress.net
wrote:
Hey,
I'm following the openstack development for some time now and I was
wondering if there was a solution to spin up encrypted
Data left on broken disks would be unreadable. -- You don't have to worry
about data destruction before selling/throwing out your disks.
I can certainly see the goal here. But this may be harder than you
think. For example, if you encrypt the disk image, then launch the
VM, are you sure that
On 04/26/2012 12:11 PM, Michael Grosser wrote:
Data left on broken disks would be unreadable. -- You don't have to
worry about data destruction before selling/throwing out your disks.
(That could be realized via encrypting the whole compute-node disk,
but that's not quite what I want.)
On Thu, Apr 26, 2012 at 9:05 AM, Matt Joyce m...@nycresistor.com wrote:
From a security stand point I am curious what you see the benefit as?
I think that long-term there is the potential to have a cloud where you
don't have to trust the cloud provider (e.g. Intel Trusted Compute).
However,
On Thu, Apr 26, 2012 at 09:05:41AM -0700, Matt Joyce wrote:
From a security stand point I am curious what you see the benefit as?
Consider that you might have separate people in your data center
managing the virtualization hosts, vs the storage hosts vs the
network. As it standards today any of
As far as storage is concerned, certainly a cloud storage environment
could be leveraged to store pre-encrypted data in such a way that
would make it difficult bordering on impossible to seize or access
without the consent of the owner.
As far as compute hosts are concerned, it is a whole
I think that Intel's trusted cloud work is trying to solve that exact
compute host problem. It may already have the framework to do so even if
the software hasn't caught up (i.e. if we still have some work to do!)
It relies on a TPM chip, all code is measured before being run, and then
there's a
Functionally if the scheduler doesn't know what it's passing to the
CPU or into paging memory a lot of optimization possibilities go out
the window. If it does know one can infer a great deal about your
datasets protected or not.
-Matt
On Thu, Apr 26, 2012 at 3:08 PM, Justin Santa Barbara
I think one of us is misunderstanding the model. My understanding is that
we produce software that we trust, and then prove to the caller that we're
running that software. All optimizations remain possible.
Check out section 6.1 of the paper!
On Thu, Apr 26, 2012 at 3:24 PM, Matt Joyce
Michael,
IMO there are several encryption and key management things to consider so it
really depends
on your needs. If you are looking to allow VM owners to meet data at rest
compliance or policies
then allow them to manage their own encryption keys and rotation policies then
a solution
like
13 matches
Mail list logo
