On Thu, Apr 26, 2012 at 01:44:53PM -0700, Matt Joyce wrote:
> As far as storage is concerned, certainly a cloud storage environment
> could be leveraged to store pre-encrypted data in such a way that
> would make it difficult bordering on impossible to seize or access
> without the consent of the o
Michael,
IMO there are several encryption and key management things to consider so it
really depends
on your needs. If you are looking to allow VM owners to meet data at rest
compliance or policies
then allow them to manage their own encryption keys and rotation policies then
a solution
like Ju
I think one of us is misunderstanding the model. My understanding is that
we produce software that we trust, and then prove to the caller that we're
running that software. All optimizations remain possible.
Check out section 6.1 of the paper!
On Thu, Apr 26, 2012 at 3:24 PM, Matt Joyce wrote:
Functionally if the scheduler doesn't know what it's passing to the
CPU or into paging memory a lot of optimization possibilities go out
the window. If it does know one can infer a great deal about your
datasets protected or not.
-Matt
On Thu, Apr 26, 2012 at 3:08 PM, Justin Santa Barbara
wrote
I think that Intel's trusted cloud work is trying to solve that exact
compute host problem. It may already have the framework to do so even if
the software hasn't caught up (i.e. if we still have some work to do!)
It relies on a TPM chip, all code is measured before being run, and then
there's a
As far as storage is concerned, certainly a cloud storage environment
could be leveraged to store pre-encrypted data in such a way that
would make it difficult bordering on impossible to seize or access
without the consent of the owner.
As far as compute hosts are concerned, it is a whole differen
On Thu, Apr 26, 2012 at 09:05:41AM -0700, Matt Joyce wrote:
> From a security stand point I am curious what you see the benefit as?
Consider that you might have separate people in your data center
managing the virtualization hosts, vs the storage hosts vs the
network. As it standards today any of
On Thu, Apr 26, 2012 at 9:05 AM, Matt Joyce wrote:
> >From a security stand point I am curious what you see the benefit as?
I think that long-term there is the potential to have a cloud where you
don't have to trust the cloud provider (e.g. Intel Trusted Compute).
However, there are a huge num
On 04/26/2012 12:11 PM, Michael Grosser wrote:
Data left on broken disks would be unreadable. --> You don't have to
worry about data destruction before selling/throwing out your disks.
(That could be realized via encrypting the whole compute-node disk,
but that's not quite what I want.)
Anothe
> Data left on broken disks would be unreadable. --> You don't have to worry
> about data destruction before selling/throwing out your disks.
I can certainly see the goal here. But this may be harder than you
think. For example, if you encrypt the disk image, then launch the
VM, are you sure tha
+1
> >From a security stand point I am curious what you see the benefit as?
>
> On Thu, Apr 26, 2012 at 8:53 AM, Michael Grosser
> wrote:
> > Hey,
> >
> > I'm following the openstack development for some time now and I was
> > wondering if there was a solution to spin up encrypted virtual machin
I'm looking into it, but I'm not sure if that's really how I want it to be.
;)
Thanks for the hint.
On Thu, Apr 26, 2012 at 6:08 PM, Razique Mahroua
wrote:
> Hi Michael,
> I dunno how the integration is going regarding the encrypted images, but
> you can if you can use encrypted images with qemu/
Data left on broken disks would be unreadable. --> You don't have to worry
about data destruction before selling/throwing out your disks.
(That could be realized via encrypting the whole compute-node disk, but
that's not quite what I want.)
Another benefit would be, that you as a cloud user would
Hi Michael,I dunno how the integration is going regarding the encrypted images, but you can if you can use encrypted images with qemu/ qemu-kvm.If your disk is an encrypted qcow2 image, by typing "cont" in the qemu/ qemu-kvm monitor, you would see something like this : QEMU 0.11.0 monitor - type 'h
>From a security stand point I am curious what you see the benefit as?
On Thu, Apr 26, 2012 at 8:53 AM, Michael Grosser
wrote:
> Hey,
>
> I'm following the openstack development for some time now and I was
> wondering if there was a solution to spin up encrypted virtual machines by
> default and
Hey,
I'm following the openstack development for some time now and I was
wondering if there was a solution to spin up encrypted virtual machines by
default and if it would be a huge performance blow.
Any ideas?
Cheers Michael
___
Mailing list: https://
16 matches
Mail list logo
