[Cryptography] Hyper-V claims to protect tenant secrets ??
Jerry Leichter
leichter at lrw.com
Thu Oct 1 22:29:13 EDT 2015
> Microsoft claims that it can protect tenant VM secrets with Hyper-V.
>
> Doesn't this violate some non-obfuscatability theorem?
No.
> I was under the impression that the only truly *safe* way to do cloud
> computing was via some reduction-to-circuits scheme, which is hopelessly
> slow.
>
> BRK3457: Protecting Tenant Secrets in Hyper-V (80 minutes):
>
> https://a248.e.akamai.net/f/248/3922/10/video.ch9.ms/sessions/ignite/2015/BRK3457.mp4
You might want to watch the talk a bit before being snarky. The basics are pretty simple and follow a familiar pattern: The VM image is encrypted, and the key service will only hand a key to an attested-good hypervisor image running on attested-good hardware. Of course, the attested-good hypervisor has to enforce an appropriate policy, e.g., not allow anyone to attach a debugger to the shielded VM.
This is just virtualizing the notion of attested boots of trusted OS's. At a very high level, nothing new to see here. Actually making it happen takes tons of detailed work.
-- Jerry
More information about the cryptography
mailing list