Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Considering OpenVZ, KVM and Xen: Which VM technology is the most difficult for t

ID: 660680 • Letter: C

Question

Considering OpenVZ, KVM and Xen:

Which VM technology is the most difficult for the host's administrators to access given an encrypted root partition?

Can I have a reasonable expectation that rogue administrators cannot become root inside my VPS by running a simple command on the host machine?

Which type of VM is most likely to be secure in this scenario?

P.S.: I realise that a VM is never going to offer absolute security and even a dedicated server could theoretically have data siphoned off via RAM.

I'm asking to determine if a VPS is secure enough to handle personal emails capable of resetting passwords or if a dedicated server is necessary and justified considering the increased costs.

Explanation / Answer

With KVM and Xen, the rogue administrator can take a snapshot of your live machine, then explore at his leisure what is in the RAM of your VM. In particular, he will easily obtain the encryption keys for the encrypted filesystem, and then proceed to read all your files. By the very nature of the snapshot system, you will not notice it.

With OpenVZ, you don't have a virtual machine but a cheap emulation thereof, with a shared kernel (but that kernel pretends that each user has a whole machine to himself). The host admin has full control over that kernel, and thus can alter it (dynamically) to inspect the RAM of any running process. In any case, if there was disk encryption, it would be done by that kernel.

Either way, it can be done quite easily and silently.

I'm asking to determine if a VPS is secure enough to handle personal emails capable of resetting passwords or if a dedicated server is necessary and justified considering the increased costs.

This entirely depends on what your passwords are protecting. An evil sysadmin will be interested in resetting your passwords only if he has something to gain which will offset the risks (as shown above, reading your emails will be quite risk-free for the attacker, but actually resetting your passwords should attract your attention and may result in trouble for the attacker if he was not careful enough).

Why don't you use Gmail like everybody else ? Google already owns the Internet, after all.

Related Questions

Consider writing onto a computer disk and then sending it through a certifier th
Question #2980319
Consider writing onto a computer disk and then sending it through a certifier th
Question #3378337
Consider you are a student trying to find the chocolate at graduation in the maz
Question #3721283
Consider you are asked to decode a secret message. The coded message is in numbe
Question #3750642
Consider you are in charge of developing the following systems: A new software s
Question #3749087
Consider you are in charge of developing the following systems: A new software s
Question #3752949
Consider you are in the process of planning a hypothetical airline flight from N
Question #375292
Consider you are tasked with implementing a new payroll system that will allow e
Question #3703501
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Considering Ethical and legal issues related to methods being used by many compa
Next
Considering Wikipedia, according to the author, anonymity encourages ___________

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.