back to article Xen and the art of hypervisor introspection: Bitdefender donates meditative tech to open-source virty outfit

Security vendor Bitdefender has open-sourced its hypervisor introspection technology, which the Xen Project will adopt as a sub-project. Hypervisor introspection (HVI) makes it possible to inspect the memory of a guest VM, a desirable thing to do if you are hunting for malware infections in the guest. Xen and Bitdefender have …

  1. Len Silver badge
    Paris Hilton

    How much can VPS hosters see in your memory?

    This suddenly got me thinking. If you run a VPS but use on-disk encryption (using GELI or ZFS native encryption) your hoster can't read the disk. But, how much access do they have to your memory? Could they lift the GELI encryption key from your RAM? How much else can they see?

    1. sysconfig

      Re: How much can VPS hosters see in your memory?

      It's been a while since I set up Xen-based clusters. But from the top of my head I'd say, yes, in theory. The fact that Bitdefender's toolkit would add ability to analyse your VM's memory for malware, supports that.

      If data is so sensitive that not even the hosting company must ever be able to read it, don't use it in someone else's hypervisor (or indeed on their hardware).

      1. Anonymous Coward
        Anonymous Coward

        Re: How much can VPS hosters see in your memory?

        There are some future options for more privacy. For example "Google Confidential Computing" which encrypts the VM memory from the hypervisor. This is dependent on new hardware though and not available by default so far at least.

    2. Anonymous Coward
      Anonymous Coward

      Re: How much can VPS hosters see in your memory?

      The title of this thread is great!

      I’d love to read more thoughts about the measurement stick of how much can your favorite cloud provider see into your memory. As luck has it, it seems this xen thing is open source. Read the code and find the answers.

      Here are some more wild and thought provoking questions for you:

      Are you using O365, and if so are you concerned that Microsoft is reading your emails and documents? Maybe even designs and schematics or super secret passwords secured in that notes thing?

      Are you dumping any files (maybe even credentials... like a pro) on various cloud storage services? How much encryption are you using?

      And now... for the real deal:

      Do you think your private email server that you’re probably patching twice a day is more secure?

      Do you think that file server or ftp on your windows 2008 box facing the internet is better off?

      Are 0day exploits even real or a conspiracy?

      Pro tip, thread contributors: uninstall Tik Tok and call it a day.

      1. amanfromMars 1 Silver badge

        Re: How much can VPS hosters see in your memory?

        Are 0day exploits even real or a conspiracy?...... Anonymous Coward

        Yes, .... they are both ..... and that makes them extra tricky and sticky ..... and some would tell you that makes them almost impossible to deal with, although as is the case in so many things, one can make a seriously generous payment akin to a ransom or danegeld contribution to that which and/or those who can assure one that their possible participation in the program can be either permanently halted and/or temporarily transferred elsewhere.

        AC, you have stepped into the world of quantum with that question. A space/place where a this can be also a that, and together entangled, able to display something else altogether quite different and novel.

        And given the epic havoc it can easily deliver, the most lucrative of developments which would quite happily richly reward one for doing next to nothing. And there is always available too, the exorbitant bonus due should one be able to ensure no abuse or misuse of the development by others who may be au fait with the catastrophic vulnerability to exploit and experiment with, for such will always lead in directions never before imagined as so easily possible. And that is what makes it so extremely valuable and frighteningly dangerous.

        However, ...... c'est la vie, mes amis, n'est-ce pas?

  2. fredesmite2

    Yeah

    That is what I want

    3rd party Cloud platform sniffing my memory banks

  3. Anonymous Coward
    Anonymous Coward

    What could possibly go wrong

    "Hypervisor introspection (HVI) makes it possible to inspect the memory of a guest VM, a desirable thing to do if you are hunting for malware infections in the guest ."

    The all access all areas Intel Management Engine seemed like a good idea at one point.

    If the host can read the guest memory without the guest's knowledge, next up is writing to it. Just for protection you understand.

    1. NeilPost Bronze badge

      Re: What could possibly go wrong

      “Security vendor Bitdefender has open-sourced its hypervisor introspection technology, which the Xen Project will adopt as a sub-project.

      Hypervisor introspection (HVI) makes it possible to inspect the memory of a guest VM, a desirable thing to do if you are hunting for malware infections in the guest.”

      I’m sure the first people to download the source code for this will be malware writers, to see what they can do to circumvent ghis and also exploit it’s capabilities.

      ‘What could go wrong’ indeed !!

    2. amanfromMars 1 Silver badge
      Pirate

      Re: What could possibly go wrong whenever there is a priceless avenue of overwhelming attack

      If the host can read the guest memory without the guest's knowledge, next up is writing to it. Just for protection you understand. .... Anonymous Coward

      Re the comment title, AC, and the question ...... What could possibly go wrong if the host can read the guest memory without the guest's knowledge?

      Probably, and therefore definitely, everything ...... and then next up is writing to it. Just for protection you understand, :-) ..... but which is really a novel projection for colossal exploitation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020