---------- Forwarded message ----------
From: Kurt Buff <kurt.buff (at) gmail (dot) com [email concealed]>
Date: Aug 30, 2006 11:32 AM
Subject: Re: Whole disk encryption
To: Saqib Ali <docbook.xml (at) gmail (dot) com [email concealed]>
On 8/30/06, Saqib Ali <docbook.xml (at) gmail (dot) com [email concealed]> wrote:
> > One way would be to give them only standard user rights to the host
> > OS, no ability to install programs, and rights only to unlock the
> > partition with the VM on it and to run that VM.
>
> If you are going to do that, I am not sure what is the added benefit
> of the VM. In that case might as well use full-disc-encryption on the
> physical hardware.
I think the benefits are several-fold - instruct me if you differ, please:
1) cheaper to retrofit to existing hardware
2) cheaper to implement on new hardware with low-cost or free VM
software, like Xen (or QEMU on *nix boxen)
3) achieve benefits of both file/directory encryption and whole-disk encryption
It does cost some user annoyance with having to sign in, launch the VM
and then sign in again, but it might well be worth it for the benefits
involved.
Kurt
Forgot to include the list on this. Sorry.
Kurt
---------- Forwarded message ----------
From: Kurt Buff <kurt.buff (at) gmail (dot) com [email concealed]>
Date: Aug 30, 2006 11:32 AM
Subject: Re: Whole disk encryption
To: Saqib Ali <docbook.xml (at) gmail (dot) com [email concealed]>
On 8/30/06, Saqib Ali <docbook.xml (at) gmail (dot) com [email concealed]> wrote:
> > One way would be to give them only standard user rights to the host
> > OS, no ability to install programs, and rights only to unlock the
> > partition with the VM on it and to run that VM.
>
> If you are going to do that, I am not sure what is the added benefit
> of the VM. In that case might as well use full-disc-encryption on the
> physical hardware.
I think the benefits are several-fold - instruct me if you differ, please:
1) cheaper to retrofit to existing hardware
2) cheaper to implement on new hardware with low-cost or free VM
software, like Xen (or QEMU on *nix boxen)
3) achieve benefits of both file/directory encryption and whole-disk encryption
It does cost some user annoyance with having to sign in, launch the VM
and then sign in again, but it might well be worth it for the benefits
involved.
Kurt
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]