From mboxrd@z Thu Jan 1 00:00:00 1970 From: Shiva V Subject: Re: Integrity in untrusted environments Date: Thu, 31 Jul 2014 22:19:26 +0000 (UTC) Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: kvm@vger.kernel.org Return-path: Received: from plane.gmane.org ([80.91.229.3]:39610 "EHLO plane.gmane.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750906AbaGaWTu (ORCPT ); Thu, 31 Jul 2014 18:19:50 -0400 Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1XCyhP-000458-BU for kvm@vger.kernel.org; Fri, 01 Aug 2014 00:19:47 +0200 Received: from 192.12.88.154 ([192.12.88.154]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 01 Aug 2014 00:19:47 +0200 Received: from shivaramakrishnan740 by 192.12.88.154 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Fri, 01 Aug 2014 00:19:47 +0200 Sender: kvm-owner@vger.kernel.org List-ID: Nakajima, Jun intel.com> writes: > On Thu, Jul 31, 2014 at 2:25 PM, Shiva V gmail.com> wrote: Hello, I am exploring ideas to implement a service inside a virtual machine on untrusted hypervisors under current cloud infrastructures. Particularly, I am interested how one can verify the integrity of the service in an environment where hypervisor is not trusted. This is my setup. 1. I have two virtual machines. (Normal client VM's). 2. VM-A is executing a service and VM-B wants to verify its integrity. 3. Both are executing on untrusted hypervisor. Though, Intel SGX will solve this, by using the concept of enclaves, its not publicly available yet. Just clarification. The concept of enclaves and the specs of Intel SGX are available in public. > See the following, for example: > https://software.intel.com/en-us/intel-isa-extensions Thanks for the reply. By mentioning Not publicly available, I meant that the Intel SGX processors are not available in market yet.