On Mon, Sep 05, 2016 at 02:52:14PM +0100, Dr. David Alan Gilbert wrote: > * liut...@yahoo.com (liut...@yahoo.com) wrote: > > Hi David, > > Hi Liutao, > > > I'm studying the process of postcopy migration, and I found that the memory > > pages migrated from source to destination are not encrypted. Does this make > > the VM vulnerable if it's memory has been tampered with during postcopy > > migration? > > > > I think precopy has less risk because the source's memory is always > > altering. If one page is tampered with during network transfer, with source > > still running, then a later version of that page may keep updating. So it > > would be quite difficult to track all different page versions, and tamper > > with the final version of one page. > > > > But when it comes to postcopy, the situation is riskier because one > > specific page is only transferred once. It's easy to capture all > > transferring memory pages, tamper and resend. > > I don't think there's much difference between precopy and postcopy for > security; > the only secure way to do migration is over an encrypted transport and that > solves > it for both precopy and postcopy.
Agreed, there's no real world difference in the security of pre & post copy. If you care about security there's no avoiding the need to use an encrypted transport. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
