[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Protect data inside domU

  • To: xen-users@xxxxxxxxxxxxx
  • From: Jonathan Tripathy <jonnyt@xxxxxxxxxxx>
  • Date: Sun, 17 Jun 2012 11:36:47 +0100
  • Delivery-date: Sun, 17 Jun 2012 10:38:07 +0000
  • List-id: Xen user discussion <xen-users.lists.xen.org>

On 17/06/2012 11:10, Niu Xinli wrote:
Normally dom0 root can directly mount domU's virtual hard disk and see what's in it. Does xen offer a mechanism that can protect domU data from curious/malicious administrators? We are building a private cloud and wander if we can add such a function. Any help is greatly appreciated.

Best Regards,
The principal of the Dom0 is that it is "trusted". You can think of it as the same as the owner/administrator of the physical machine. As such, it would be near impossible to add such a function. You could make things harder by making the DomUs do some filesystem encryption inside their environment, where the key/password is asked for upon boot, however please understand that this key will be stored in RAM, which the Dom0 administrator still has access to.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.