I'm of the opinion that if "everybody's doing it" then it's probably best to take a different approach;. I don't trust or play around with the cloud, especially with a behemoth like Google. Color me paranoid.
Sent with [ProtonMail](https://protonmail.com) Secure Email. -------- Original Message -------- Subject: [qubes-users] Virtualization in the cloud Local Time: June 17, 2017 2:04 PM UTC Time: June 17, 2017 2:04 PM From: [email protected] To: qubes-users <[email protected]> I was just wondering. Is it possible to get a VM on Google Cloud Compute (for e.g.) and be able to mitigate the security issues caused by not being the owner of the metal/hypervisor. If, say, you run an https enabled apache instance, the ease of creation/setup, ability to later scale and redundancy are all nice. But Google have access to your ssl key contained within the virtual drive. You could use LUKS with full system encryption but I"m not sure this helps. They could snapshot a running instance (post LUKS pw challenge) and respin the VM in that state. They could also modify the hypervisor to add a keylogger to the virtualised keyboard input interface to capture the LUKS password. They could also simply lift the key from the VM"s RAM (Evil Maid in the cloud?). So the real question is .. could Qubes run in an AWS/Azure/Google instance and it"s assumptions of everything being permanently comprimised withstand even the hypervisor being untrustworthy? Or do you have to ultimately not only trust the hypervisor but also be the owner of it and the hardware? Is there ANY way to maintain security in the cloud or if you care about security should you simply avoid cloud-hosting altogether and do it in-house? Lots of people seem to do it, maybe they"ve just accepted the risk. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f94ba97-cc72-44d6-a065-7171b707e00a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/_kHSBQKb9x7PnAuVK7BuZVO8vlu_bQgiRNo14axMllsIVcLAANsw8aVPj9_09CDiNPfAaS0BrxdkhJ0fqVjWb7Bo9Y6v1betHghk-U8ydJo%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
