From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Mik8e-0006eb-GD
	for qemu-devel@nongnu.org; Wed, 02 Sep 2009 03:20:16 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Mik8Z-0006eP-8u
	for qemu-devel@nongnu.org; Wed, 02 Sep 2009 03:20:15 -0400
Received: from [199.232.76.173] (port=51745 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Mik8Z-0006eM-3m
	for qemu-devel@nongnu.org; Wed, 02 Sep 2009 03:20:11 -0400
Received: from mx20.gnu.org ([199.232.41.8]:9692)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <pbonzini@redhat.com>) id 1Mik8Y-0007oG-KK
	for qemu-devel@nongnu.org; Wed, 02 Sep 2009 03:20:10 -0400
Received: from mx1.redhat.com ([209.132.183.28])
	by mx20.gnu.org with esmtp (Exim 4.60)
	(envelope-from <pbonzini@redhat.com>) id 1Mik8X-0002xK-8r
	for qemu-devel@nongnu.org; Wed, 02 Sep 2009 03:20:09 -0400
Message-ID: <4A9E178D.90804@redhat.com>
Date: Wed, 02 Sep 2009 08:58:21 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <20090831180825.6ed2ea55@bud-laptop>
In-Reply-To: <20090831180825.6ed2ea55@bud-laptop>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: QEMU as a "virtual smart card"?
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Bud P. Bruegger" <bruegger@ancitel.it>
Cc: qemu-devel@nongnu.org, John Forrester <forrester@ancitel.it>

> At least looking naively at QEMU, it seems that its CPU and RAM are
> well protected from the host operating system--in a way to say make it
> practically impossible for some malware to extract the secret key used
> in a virtual machine.

I don't understand: the host operating system, by definition, can see 
everything.  A privileged process (i.e. running as root) can always look 
at /dev/mem and read info about QEMU's CPU and RAM.

> We are also interested in the isolation of input devices, in
> particularly the keyboard as to prevent PIN sniffing.  My "naive"
> impression is that key logging for a PS/2 keyboard is probably more
> difficult than with a USB keyboard.  Is there any thruth to my
> misconception?

If you mean by cracking the keyboard itself, USB keyboards have a 
firmware while PS/2 keyboards have only some glue logic, so I'd tend to 
agree.  For PS/2 you would need physical access to the cable, after 
which all hopes are off anyway.  For software attacks (i.e. in the OS) I 
don't think there is any difference.

> * Is there any way of getting exclusive access to an USB pen drive
> from a virtual machine, preventing the host operating system to say take
> an image of the content?

Again, not if the attacker can run privileged processes on the host.

Paolo