blob: a3cd442e55b4e809c855911f2d68174dd4f3fa62 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
<topic xml:lang="en-us" id="diskencryption-limitations">
<title>Limitations of Disk Encryption</title>
<body>
<p>
There are some limitations the user needs to be aware of when
using this feature:
</p>
<ul>
<li>
<p>
This feature is part of the Oracle VM VirtualBox Extension Pack,
which needs to be installed. Otherwise disk encryption is
unavailable.
</p>
</li>
<li>
<p>
Since encryption works only on the stored user data, it is
currently not possible to check for metadata integrity of
the disk image. Attackers might destroy data by removing or
changing blocks of data in the image or change metadata
items such as the disk size.
</p>
</li>
<li>
<p>
Exporting appliances which contain encrypted disk images is
not possible because the OVF specification does not support
this. All images are therefore decrypted during export.
</p>
</li>
<li>
<p>
The DEK is kept in memory while the VM is running to be able
to decrypt data read and encrypt data written by the guest.
While this should be obvious the user needs to be aware of
this because an attacker might be able to extract the key on
a compromised host and decrypt the data.
</p>
</li>
<li>
<p>
When encrypting or decrypting the images, the password is
passed in clear text using the Oracle VM VirtualBox API. This
needs to be kept in mind, especially when using third party
API clients which make use of the webservice where the
password might be transmitted over the network. The use of
HTTPS is mandatory in such a case.
</p>
</li>
<li>
<p>
Encrypting images with differencing images is only possible
if there are no snapshots or a linear chain of snapshots.
This limitation may be addressed in a future Oracle VM VirtualBox
version.
</p>
</li>
<li>
<p>
The disk encryption feature can protect the content of the
disks configured for a VM only. It does not cover any other
data related to a VM, including saved state or the
configuration file itself.
</p>
</li>
</ul>
</body>
</topic>
|