Creating secure virtual machine that nobody can see its content including the host machine?

Question

This problem is completely different from "running malware in a VM"! Suppose I want to have a virtual machine running some software with secret data. But I do not have complete control of the host machine, i.e. hackers can happily play on the host machine. Then, is it possible that my VM is still safe? For instance, without knowing the password, the hackers can never see what is inside the VM even though they get control of the host?

(P.S. Maybe by using some kind of full-disk encryption? But what about the memory... And when the VM is executing commands, the host can see that, cannot it?)

Thanks for any ideas!

There are some solutions... Here's one I found with a quick web search: https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms but this requires the hypervisor to be set up for this in this case — multithr3at3d, Mar 04 '20 at 01:20
@multithr3at3d in that case, doesn't the hypervisor count as the host that the question says the attacker has control of? — Mike Ounsworth, Mar 04 '20 at 01:40
The good folks in Microsoft gave us wisdom in [Ten Immutable Law of Security](https://docs.microsoft.com/en-au/archive/blogs/rhalbheer/ten-immutable-laws-of-security-version-2-0) #3: "If a bad guy has unrestricted physical access to your computer, it's not your computer anymore." and #10 "Technology is not a panacea". — Lie Ryan, Mar 04 '20 at 02:04
At the same time, the bad bunch in Microsoft sold us [Shielded VM](https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms) so we can convince non-technical CTO/CIOs that keeps asking for a ship that can travel faster than the speed of light. This thing looks complicated, so it must be doing what it claims to be doing... right? — Lie Ryan, Mar 04 '20 at 02:04
Sorry I am seeking for a Linux solution. But thanks for the advice! — ch271828n, Mar 04 '20 at 03:06

Mike Ounsworth · Accepted Answer · 2020-03-04T16:15:51.313

Protecting memory from the host is going to be the tricky part.

Testing

My Setup

To demonstrate this, I have this system lying around:

Host: Ubuntu 18.04.4 LTS
Virtualization stack: VirtualBox 5.2.34
Guest: Kali linux 2018.3

Experiment

In Kali, I opened a text editor and typed the text "SecretForcn271828n", but I did not save it to disk, it's just in memory. The test is whether I can read that from the host.

Steps

From the host, the entire VM appears as a single process:

➜  ~ ps -aux | grep Kali1
mike      6014 12.2 23.6 4524784 1901772 ?     Sl   19:48   3:26 /usr/lib/virtualbox/VirtualBox --comment Kali1 --startvm 7b229c8a-ba68-48ad-bd80-0ab5ed9b6b86 --no-startvm-errormsgbox

So I'll take a core dump of that process:

➜  ~ sudo gcore 6014
...
Saved corefile core.6014
➜  ~ ll -h core.6014 
-rw-r--r-- 1 root root 2.3G Mar  3 20:02 core.6014

That core file contains a complete dump of the memory of the kali OS, plus whatever memory the VirtualBox stack itself is using, as seen by the root user on the host.

Now let's use the strings utility to see what's in memory!

➜  ~ strings core.6014 | grep -i secret
ccSecretForch271828n
SecretForch271828n                                                              
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
~                                                                               
-- INSERT --                                                  1,19  All
SecretForch271828n

That certainly looks to me like the host can see the raw memory of the gvim application that is running inside the kali VM.

(this was actually all on one grep line, but I formatted it pretty)

Summary

Trying to protect a guest VM from the host is a losing game. Anything that is in raw memory within the guest will be visible to the host. The CPU instructions executed by the guest are likely similarly visible, but it's beyond my skill to demo that.

It might be possible to build a guest OS, or maybe a hypervisor or virtualization stack, that adds some memory obfuscation (such as encryption of live memory). This would come at a pretty steep performance hit, and at best it would be obfuscation because, with enough effort, and attacker who controlled the host could find the encryption key in memory of the guest OS or virtualization stack.

@ch271828n You're welcome! That was a fun little experiment to run! — Mike Ounsworth, Mar 04 '20 at 03:11