Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>> In a virtualized environment, if attackers can find a way to read memory from neighbor virtual machines, they can access the data from those machines.

I would not advocate memory encryption as a defense against this kind of attack. It's added complexity to fix a different problem (untrustworthy virtualization). OTOH it is useful to protect against physical access at the hardware level - and that's not really a common concern but is valid is some cases.



> It's added complexity to fix a different problem (untrustworthy virtualization).

How do you fix the "untrustworthy virtualization" problem then?


Oh, that's easy. Just fix all the bugs.


Including bugs in the hardware itself, of course:)

(There's a reason why Spectre and Meltdown were a horror show for virtualization.)


Right, but do you have any actionable solutions for mere mortals?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: