4

Imagine you are running a web server on a Virtual Private Server (VPS) hosted in a datacenter. Could the people running the datacenter covertly read files from my VPS's hard disk? Could an attacker or malicious admin who has compromised the VPS provider, take my private SSL key (or other data) loaded into memory (for use by apache) and then use my CA signed key in attacks?

Would disk encryption (say put secret stuff on an encfs mount) buy me anything if my server is running all the time and from the perspective of the VM's guest OS the decryption key is necessarily in memory?

Other than only using my own hardware and hosting everything myself, is there anything I could do to increase my safety against these kinds of risks?

This boils down to can one read the contents of memory or the hard disk of a running (or frozen) virtual machine, if they have full control of the host, but no login/permissions on the VM. Are these real risks (easily done in practice nowadays), something theoretically possible but probably hard/unknown to do in practice, or something probably impossible?

(Please neglect other sources of threats; e.g., the obvious possibility that the VPS provider made you start with a VM that already had secret rootkits/backdoors/keyloggers installed that they could use to compromise your secure data in the normal fashion).

dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • 1
    There's a similar question on http://security.stackexchange.com/q/12521/7306 – Yoav Aner Apr 22 '12 at 09:56
  • @YoavAner - Thanks (and good answer over there). I did search and couldn't find anything similar (wasn't looking for 'virtual hardware' or VMWare). – dr jimbob Apr 23 '12 at 04:20

1 Answers1

2
  1. yes
  2. yes
  3. If the decryption key is in the memory, then you will be able to find it if you have access to the host. The reason that the decryption key is in the memory is because you need to store it somewhere to use when you need to decrypt/encrypt something from/to the harddisk. You can't store it on the harddisk, so that leaves you with the memory.
  4. not really, it's the hosting provider that needs to make sure their systems are hardened
  5. I have no experience with Windows, but just changing the shadowfile (linux) and insert a password you generated yourself for root (the hashing is the same on every system) and you will be able to log in. Most of the time it does involve shutting down the virtual machine to access the virtual disk. But I imagine on containers like LXC this would even be easier.
Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • My experience with VMs is quite limited (basically running a Windows VM under virtualbox in linux for the rare times I need to use something in win). My understanding from your answer is (a) its trivial for an admin at the hosting site to browse/edit the hard disk of a virtual machine (shut down and then tools exist to parse/edit), and (b) its possible for them to browse the running RAM of the VM depending on the configuration of hardware at their end (and extract private keys in RAM). Good to know. – dr jimbob Apr 23 '12 at 04:37