0

As we know clients can create and run their virtual machines (VM)in the cloud computing. My question is about the confidentiality of data stored in the client's VM.

Question 1: Does data stored in a client's VM remain private in the cloud? Is the cloud able to read the data?

Question 2: Is there any way to hide data (e.g. secret keys) stored in the client's VM?

Aydin
  • 101
  • 3
  • 1
    Very short: No, VMs on untrusted servers are not secured against unwanted data extraction. – deviantfan Jul 20 '18 at 10:17
  • Using a trusted execution environment for code and data is currently the only way to protect it from cloud administrators. In this specific configuration, it is designed to remain confidential. [Azure Confidential Computing](https://azure.microsoft.com/en-us/blog/azure-confidential-computing/) – Xander Jul 20 '18 at 13:22

2 Answers2

3

The rules are:

  • you cannot protect a machine from its administrator
  • you cannot protect a machine from someone that has physical access to it

Depending of the kind of cloud service (PaaS or IaaS), the cloud admins may be administrators of the client VM. If they are, no more questions: they can read everything from the client machine. But even it they are not, they can always take a snapshot of the running machine and put their hands on it. As on a cloud, the VM is supposed to be able to restart unattendedly, any secret must be present in invertible form in the machine itself, so if the attacker is the hosting service, you can only use obfuscation technics, but no strong encryption.

TL/DR: The answers for question 1 are no data is not private and yes the cloud can read it. For question 2 the answer is still no you cannot securely hide anything on a cloud machine.


Not necessarily relevant here, but added for completeness:

Above assumes that the data has to be used in the VM. But there is a use case where data in the cloud can be seen as securely encrypted: when the VM contains encrypted data and not the key. That means that the data has to be encrypted on a remote system and is sent in encrypted form. It can later be retrieved (still encrypted) from the same or another system knowing a decryption key. Examples are webapps using client side encryption, or even more simply, raw storage of an encrypted file or container.

Serge Ballesta
  • 25,952
  • 4
  • 42
  • 84
  • Great answer, but I would like to note that there are exceptions for some use-cases. For example, if the cloud is used only for storage, there are tools for E2E encryption, where the data is encrypted by the client before being sent. Generally, this exception only applies to situations where the server itself could not access the data. – Peter Harmann Jul 20 '18 at 13:25
  • @PeterHarmann: you are right. But these are use cases where the unencrypted data is never present in the VM even in a transcient way. It is like storing an encrypted container on Google Drive. I'm not sure it really addresses OP's question where I can read *create and run their virtual machines* and later *any way to hide data (e.g. secret keys)*. My opinion is that OP wants to use the data inside the VM. – Serge Ballesta Jul 20 '18 at 13:38
  • Agreed, but this is not supposed to be just for one person. So I thought it should be included for completeness when other people have similar questions. – Peter Harmann Jul 20 '18 at 14:40
  • 1
    @PeterHarmann: Post edited. – Serge Ballesta Jul 20 '18 at 14:56
-1

You should encrypt the VM disk, but the Cloud provider can still access your encryption key on the RAM. You can read more about it here

If the attacker is the Cloud Provider, they can always be able to access your VM information, one way or another. You can make it harder, but it is possible. Choose your Cloud Provider very well.

schroeder
  • 125,553
  • 55
  • 289
  • 326