[ / / / / / / / / / / / / / ] [ dir / 4am / abdl / asmr / ebon / fur / hypno / pinoy / strek ]

/cyber/ - Cyberpunk & Science Fiction

A board dedicated to all things cyberpunk (and all other futuristic science fiction) NSFW welcome
Name
Email
Subject
Comment *
File
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Flag
Embed
(replaces files and can be used instead)
Options
Password (For file and post deletion.)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, swf, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 5 per post.

"A future is not given to you. It is something you must take for yourself. "

File: ae5372a3eb64271⋯.pdf (12.21 MB, [Michael_W.]_Absolute_Open….pdf)

 No.48307

>Absolute OpenBSD 2E

>Note that no operating system running in a virtual environment is as secure

as that same operating system running on real hardware. Virtual environ-

ments do not precisely replicate real hardware. Emulated CPUs have their

own new and interesting bugs, virtual NICs have unique errors, and so on.

Additionally, the environment providing the virtual server is itself an oper-

ating system. An intruder can attack that underlying operating system, and

once an intruder controls the virtualization server, clients running on that

machine are much more vulnerable. No operating system can protect itself

against its hardware. You must consider this risk when planning OpenBSD’s

role in your environment

Why would isolating user programs in virtualized OS's be less secure. You have to attack kernel + hypervisor. I am not buying his reason of >do not precisely replicate real hardware

Qubes vs OpenBSD ?

 No.48311

Eh, he's not talking about Qubes-style process isolation using VMs.

He's talking about running full OpenBSD in a VM as your main working environment.

You inherit all the bugs of hypervisor OS, you add all the bugs of your virtual OS.

I.e. intruder does not have to attack kernel+hypervisor, he can attack kernel OR hypervisor.

Instead of getting additional levels of security you just double your attack surface.

Also, you're expected to run Qubes itself on a real hardware too.

Qubes has to deal with the same issues to, but it's approach to security is not code correctness (which devs concisder to be impossible) but compartmentalization.

It only needs to make sure it's hypervisor is extra-protected, and when VMs get attacked, it only affects one or two programs at a time.

But you'll probably get better compartmentalization by actually running your programs on different machines, though.

RaspberryPi Qubes cluster when?


 No.48312

>>48311

>He's talking about running full OpenBSD in a VM as your main working environment.

No one does this. No one runs a VM just to run a single VM. A VM is a way to colocate processes and isolate them (or run multiple OS's).

>I.e. intruder does not have to attack kernel+hypervisor, he can attack kernel OR hypervisor.

Attacking hypervisior without root sounds hard since only the kernel interacts with hardware. Can't even open raw sockets.

>it's approach to security is not code correctness (which devs concisder to be impossible) but compartmentalization.

Code correctness on linux monstrosity is probably impossible. Never audited either. Isolation is probably good idea.

>It only needs to make sure it's hypervisor is extra-protected, and when VMs get attacked, it only affects one or two programs at a time.

Point of isolating processes into VM's.

>But you'll probably get better compartmentalization by actually running your programs on different machines, though. RaspberryPi Qubes cluster when?

Preferred, but you can't carry around a PI cluster.

I think qubes is a good approach to security for Linux. I think in theory the attack surface has definitely increased when using a hypervisor, but a user level program attacking a hyper-visor sounds hard. Perhaps side channel information leaks are possible (everyone's fear), but has this ever been observed ?


 No.48314

>>48312

>No one runs a VM just to run a single VM.

You'd be surprised how many people run only 1 vm on their rig…


 No.48316

>>48314

>You'd be surprised how many people run only 1 vm on their rig…

Do people really run a hyper-visor just to run 1 VM as their main working environment? Say I want to do all my work in Windows 10. Do I really setup a ESXi server just to install Windows 10 ? If I want to run windows 10, do I install Ubuntu + VirtualBox then not use ubuntu ? It sounds strange to setup your main working environment as a VM as the single VM.


 No.48317

>>48316

Not their main working environment, but usually a one to one ratio, especially macos-win or win-linux when working on cross-platform software or when working with servers.


 No.48318

>>48312

>Attacking hypervisior without root sounds hard since only the kernel interacts with hardware. Can't even open raw sockets.

You remember rowhammer exploit? IIRC there was a working version of it written in javascript.


 No.48319

>>48318

But the main idea is to attack hypervisor not from inside VM but from the outside.


 No.48320

Virtualization and containers for security is like a tourniquet for a snake bite, it will isolate the area, but there is still a chance of the venom leaking through (that gets higher with time), and it doesn't do anything to save the bitten limb. This isn't to say you shouldn't virtualize, but we can't allow virtualization or containers to give us a false sense of security. Just like you wouldn't go fuck with a cobra just because you have a tourniqute, you shouldn't run sketchy/buggy/large and unaudited software just because it's in vm. If you for some reason need to then best practice would be to run it on a seperate machine, preferably with limited/no networking.



[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[]
[ / / / / / / / / / / / / / ] [ dir / 4am / abdl / asmr / ebon / fur / hypno / pinoy / strek ]