|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2020-12-01 20:01:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
[$] Challenges in protecting virtual machines from untrusted entities
As an ever-growing number of workloads are being moved to the cloud, CPU
vendors have begun to roll out purpose-built hardware features to isolate
virtual machines (VMs) from potentially hostile parties. These processor
features, and their extensions, enable the notion of "secure VMs" (or
"confidential VMs") — where a VM's "sensitive state" needs to be protected
from untrusted entities. Drawing from his experience
contributing to the secure VM implementation for the s390 architecture, Janosch Frank described
the challenges involved in a talk at the 2020 (virtual) KVM
Forum. Though the implementations across CPU vendors may vary, there are
many shared problems, which opens up possibilities for collaboration.
As an ever-growing number of workloads are being moved to the cloud, CPU
vendors have begun to roll out purpose-built hardware features to isolate
virtual machines (VMs) from potentially hostile parties. These processor
features, and their extensions, enable the notion of "secure VMs" (or
"confidential VMs") — where a VM's "sensitive state" needs to be protected
from untrusted entities. Drawing from his experience
contributing to the secure VM implementation for the s390 architecture, Janosch Frank described
the challenges involved in a talk at the 2020 (virtual) KVM
Forum. Though the implementations across CPU vendors may vary, there are
many shared problems, which opens up possibilities for collaboration.
