Re: [Qemu-devel] A question about postcopy safety

["Daniel P. Berrange" <berrange@redhat.com>]

On Mon, Sep 05, 2016 at 02:52:14PM +0100, Dr. David Alan Gilbert wrote:
> * liutgnu@yahoo.com (liutgnu@yahoo.com) wrote:
> > Hi David,
> 
> Hi Liutao,
> 
> > I'm studying the process of postcopy migration, and I found that the memory pages migrated from source to destination are not encrypted. Does this make the VM vulnerable if it's memory has been tampered with during postcopy migration?
> > 
> > I think precopy has less risk because the source's memory is always altering. If one page is tampered with during network transfer, with source still running, then a later version of that page may keep updating. So it would be quite difficult to track all different page versions, and tamper with the final version of one page.
> > 
> > But when it comes to postcopy, the situation is riskier because one specific page is only transferred once. It's easy to capture all transferring memory pages, tamper and resend.
> 
> I don't think there's much difference between precopy and postcopy for security;
> the only secure way to do migration is over an encrypted transport and that solves
> it for both precopy and postcopy.

Agreed, there's no real world difference in the security of pre & post copy.
If you care about security there's no avoiding the need to use an encrypted
transport.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|