One comment at the test day described virt-cat as “awesome but dangerous”.
This user was surprised that he could do:
virt-cat aguest /etc/shadow
and read the shadow password file from a guest. “Is there”, I was asked, “a security model for this?”
Here’s the news: You can already look at the shadow password file in any disk image using a hex editor. libguestfs, guestfish and virt-cat just make it easier.
Could you encrypt the virtual disk? That will protect the VM while it is (virtually) switched off, but as soon as you boot it up, the encryption key is stored somewhere in guest memory, and the host administrator can read that too.
No security model can help you here. You need to own and manage the hardware yourself, or you need to trust your cloud provider. If your data is at all personally or commercially sensitive, keep it on hardware you physically control.
> No security model can help you here
That’s not true: fully homomorphic encryption would do the trick. http://en.wikipedia.org/wiki/Homomorphic_encryption#Fully_homomorphic_encryption
It’s not quite practical yet, but is getting closer.
Indeed, if this were feasible it would allow secure cloud computing. Probably a few generations of computers to go before we get there.