0

I have to run private operations in a VM which runs on the enemy's host (don't ask why).

I'm wondering to what extend (if possible at all) I can have a configuration such that the host cannot read inside the VM while the VM is running.

This question is the contrary of the usual question like this one. I'm asking about VM leaking to the host, not the host leaking to the VM.

According to

the answer is "no way". The data inside the VM is transparent to the host. Is that correct ? Any way to mitigate the risk ?

Related questions : how hard is for the host to "penetrate" the VM ? Hours of work ? Months of work ?

I know the question is quite broad, but I have not chosen a setting yet.

Laurent Claessens
  • 113
  • 4
  • 1
    In short: a VM host can look into the memory of a VM in most cases. I see this question as a duplicate of How can a VM handle a compromised host? since it does not really matter why the host behaves "malicious" from the perspective of the VM. – Steffen Ullrich Oct 19 '22 at 11:57
  • 1
    Host has complete control over the hardware. Period. It probably requires administrative access, it may not be straightforward, but in the end a VM is run by the host, so the host necessarily can took a peek. In a sci-fi movie they could claim to have VMs running on a host using homomorphic encryption such that the host OS only operates on encrypted data, and buzzword away the issues on how the VM can control peripherals and the encryption keys. In the real word the OS still has to see what's going on – GACy20 Oct 19 '22 at 13:10

0 Answers0