On Fri, 26 Nov 2010 17:50:13 +0100 Joachim Schipper <joac...@joachimschipper.nl> wrote:
> Let me add one more reason to the ones already offered: there are *many* > side-channel attacks that can cross VM barriers. In other words, don't > do any sort of crypto (SSH, IPsec...) on virtualized machines, unless > you trust every VM on the same physical box. The cpu caches (encryption keys etc.) grabbed my interest at the beginning but were then not mentioned further and their best examples were not amasingly problematic for my purposes. The password grabbing timing attack may be a concern if the hoster sets default management passwords and must be kept in mind, but once setup I use ssh keys not passwords and OTP once logged in. I don't doubt that more and more attacks will see the light of day and so it is interesting but I certainly wouldn't throw VMs to the wall due to this paper, but it certainly reaffirms native to be far better and raises further questions to marketers that say vms are good to use FOR security reasons. Thanks for the link though and please send any others on this topic you find.
