|
|
|
|
|
|
by rectang
3062 days ago
|
|
|
One reason: the prospect of an endless stream of unpatchable Spectre-like hardware vulnerabilities. The "real problem" exposed by Meltdown and Spectre is running untrusted software on the same hardware where sensitive information resides. Moving away from physical coupling defends against potential sidechannel attacks. The Qubes approach of "careful decomposition of various workflows, devices, apps across securely compartmentalized containers" seems to point a way forward after this sobering assessment: http://robert.ocallahan.org/2018/01/long-term-consequences-o... |
|
|
Well obviously. Which is why people try to avoid that as much as they can when they are handling actually sensitive information.
> Moving away from physical coupling defends against potential sidechannel attacks.
... is a correct deduction, but using cloud VMs hardly qualifies as following the principle (except if they are only used for lowest-privilege stuff, but even then, the system now requires connectivity). Now you don't know who else is on your hardware, and you don't even control the hardware in the first place.