DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th December 2022
gordon.f gordon.f is offline
Fdisk Soldier
 
Join Date: Oct 2021
Location: Europe
Posts: 57
Default Can the administrator access to my OpenBSD VM?

Dear OpenBSD users,

My goal is placing my website into a VPS.
My concern is administrator access rights to a VM.
My question is can a system administrator access to the virtual machine that I rent?

For example;
There are several entities who offer OpenBSD VMs. If I put my content into one of their VMs, can they read or write my data?

Or even-though they are the administrator, can they only create and delete that VM but cannot access my VM's content?
Reply With Quote
  #2   (View Single Post)  
Old 15th December 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,839
Default

Data accessibility when it is somewhere "in the cloud" should be thought of two ways:
  1. Data-in-motion: data that is transiting systems and networks that are out of your control.
  2. Data-at-rest: data that is stored on platforms that are out of your control.
Let's have a thought experiment. Imagine that YOU were the administrator of a network of computers that runs guest virtual machines.

Data-in-motion: could YOU, the admin, watch data as it moved in, out, and through the networks you control? Of course. You need nothing more complex than a utility such as tcpdump(8).

Data-at-rest: Could YOU, the admin, get access to customer data? Sure, with nothing more complex than utilities such as dd(1), cp(1), cat(1), hexdump(1) ... and that includes both data stored on the running guests, as well as the backups you take on behalf of your customers.

---

You protect data-in-motion in the cloud the same way you would protect any other data in motion on any insecure and untrusted network, such as the Internet. Encryption.

Data-at-rest is more complicated. You would protect it the same manner, with encryption, but control of encryption keys and when/how keys are deployed must be given due consideration. As an example, if you operate a cloud server that requires a manually-typed passphrase to decrypt data-at-rest, human intervention will be needed each time the server is rebooted.


---

Another risk to consider is access to data by other guest VMs.

Last edited by jggimi; 15th December 2022 at 10:25 PM. Reason: clarity, intra-VM risk.
Reply With Quote
  #3   (View Single Post)  
Old 16th December 2022
gordon.f gordon.f is offline
Fdisk Soldier
 
Join Date: Oct 2021
Location: Europe
Posts: 57
Default

Dear jggimi,

Thank you very much for this detailed explanation. It covered a lot of questions.

Quote:
Data-at-rest is more complicated. You would protect it the same manner, with encryption, but control of encryption keys and when/how keys are deployed must be given due consideration. As an example, if you operate a cloud server that requires a manually-typed passphrase to decrypt data-at-rest, human intervention will be needed each time the server is rebooted.
I'd like to learn about how can I protect my database and for example the sensitive user data. So, can you refer the tools that I can use for encryption of data-at-rest? I think I can write a simple script in order to check the website's availability, so if the server rebooted I can then decrypt data-at-rest.
Reply With Quote
  #4   (View Single Post)  
Old 16th December 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,839
Default

OpenBSD has two tools to encrypt data-at-rest.

  1. The softraid(4) CRYPTO discipline can be used for Full Disk Encryption ("FDE") on several architectures, or for encrypting individual filesystems on all architectures, using either a passphrase or a keydisk. An example and guide for using softraid(4) for FDE can be found in the FAQ. The softraid(4) driver is provisioned using the bioctl(8) RAID management command with disklabel partitions of type "RAID".
  2. The older vnconfig(8) / mount_vnd(8) utilities configure virtual disk drives from image files, and support encrypted image files using passphrases and optional salt files.
Reply With Quote
  #5   (View Single Post)  
Old 16th December 2022
gordon.f gordon.f is offline
Fdisk Soldier
 
Join Date: Oct 2021
Location: Europe
Posts: 57
Default

Dear jggimi,

Thank you for your reply. Above discussion helped me a lot.
Reply With Quote
  #6   (View Single Post)  
Old 17th December 2022
TronDD TronDD is offline
Spam Deminer
 
Join Date: Sep 2014
Posts: 296
Default

The short answer is, yes, a malicious admin at the VPS provider can access everything.

Even encrypted storage has to be decrypted and passed through RAM and CPU to be used. An admin can leverage the hypervisor to read data out of RAM or CPU registers. They could, in theory, use your decryption key out of RAM to read your unlocked encrypted storage. Or, even easier, sniff a password you're sending to the console.

Ultimately, you can really only protect data at rest, encrypted storage, when it's not in use and the password or key hasn't been obtained by an attacker.
Reply With Quote
  #7   (View Single Post)  
Old 17th December 2022
gordon.f gordon.f is offline
Fdisk Soldier
 
Join Date: Oct 2021
Location: Europe
Posts: 57
Default

Dear TronDD,

that's crazy! Thanks a lot for the information.
Reply With Quote
  #8   (View Single Post)  
Old 17th December 2022
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,839
Default

Gordon, you may have heard of the Intel CPU design flaws known as "Spectre" or "Meltdown". Abusing those flaws could permit an attacking process to learn private information from another process running on the same hardware. This class of attack doesn't require an Evil Cloud Provider, it needs only an Evil Customer.

There is no such thing as perfect security. You can only mitigate risks when you place your data into the hands of, and under the control of, another entity. You cannot eliminate risks entirely.

https://en.wikipedia.org/wiki/Spectr..._vulnerability)



Last edited by jggimi; 17th December 2022 at 03:14 PM. Reason: clarity, humor
Reply With Quote
  #9   (View Single Post)  
Old 20th December 2022
gordon.f gordon.f is offline
Fdisk Soldier
 
Join Date: Oct 2021
Location: Europe
Posts: 57
Default

Dear jggimi,

No, I'm sorry, I have never heard them before. Being secure and anonymous must be a crazy luxury.

Thank you for your kind explanation.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Forging administrator cookies and crocking crypto ... for dummies J65nko News 1 5th November 2014 05:39 PM
OpenBSD Access Point varung90 OpenBSD General 1 2nd July 2014 10:26 AM
Can't access www.OpenBSD.org jackthechemist OpenBSD General 8 15th January 2011 02:59 AM
Dos batch file administrator privileges required a6zj6 Other OS 1 12th June 2009 02:02 PM
Internet Access Problem OpenBSD 4.3 alcy OpenBSD General 3 19th September 2008 06:00 PM


All times are GMT. The time now is 07:31 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick