User: Password:
|
|
Subscribe / Log in / New account

Transcendent memory

Transcendent memory

Posted Jul 8, 2009 18:52 UTC (Wed) by nix (subscriber, #2304)
Parent article: Transcendent memory

"the need to guess a 128-bit UUID first has proved not to be sufficiently
reassuring"? This is mystifying. If it's sufficiently random (which as a
UUID it had better be), brute-forcing any of the pool IDs is going to be
next to impossible. Are people with 128-bit secret keys worried that
someone is going to guess their key by brute force? No: they're worried
about attacks that avoid brute-forcing and reduce the search space.


(Log in to post comments)

Transcendent memory

Posted Jul 8, 2009 23:16 UTC (Wed) by aliguori (subscriber, #30636) [Link]

Why limit your security to a shared secret when you can implement stronger policies within the hypervisor itself?

A common requirement with virtualization is to implement "chinese wall" security policies. Imagine if you had a single box that was running a production server as a VM for both Coke and Pepsi. No matter what, neither company wants there to be any chance that the other one can access it's data. The hypervisor must be able to enforce that. If the Pepsi VM was somehow able to obtain the UUID for the Coke shared tmem pool (even if it was because of a bug in the Coke server), you'd have one unhappy customer.

If you were to support a memory sharing system like this, you would want the available pools to be enumerated by the hypervisor. You likely want to support dynamic pools too so you need some way to hot add/remove pools. Using uuids is certainly a reasonable means of identifying pools but the point is that you need a more coherent strategy for exposing the pools to the guest that is arbitrated by the hypervisor.

Good example...

Posted Jul 9, 2009 1:07 UTC (Thu) by khim (subscriber, #9252) [Link]

You can see what this kind of thinking can lead to - if you sha1 hash is not good enough? But sometimes security requirements are not so strict - so it'll be good (disabled by default) option...

Good example...

Posted Jul 9, 2009 6:51 UTC (Thu) by nix (subscriber, #2304) [Link]

Haven't seen it yet (got to go to work too soon), but I'd just like to
comment on the astounding quality of the comments on that article on
youtube. It's like something out of xkcd: hundreds of comments, all
pushing their 'site for free games' or complaining that they won't watch
it because it's 'too long'. It makes you appreciate lwn's comment quality
(generally high when I keep quiet) all the more...

Shared memory = shared secrets

Posted Jul 9, 2009 1:14 UTC (Thu) by PaulWay (subscriber, #45600) [Link]

If we're talking about a shared system, then at some point that UUID has to be shared amongst hosts. I think the fear is that a hacked client will be able to see the UUIDs used by other clients, and therefore be able to use those UUIDs directly rather than having to guess them.

Have fun,

Paul

Shared memory = shared secrets

Posted Jul 9, 2009 12:20 UTC (Thu) by nix (subscriber, #2304) [Link]

Ow. Yeah, that's plausible, but unfortunately it would apply to all other shared-secret mechanisms too :/ basically if people can steal your key, you've lost. (But if they can steal your key they can presumably steal anything else they care to, as well.)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds