Swap file leak with windows host possible ?

[sabrina112]

Hello,
I'm wondering about the security of my data if I use a VirtualBox with Windows 8 as a host for a highly sensitive application.
Let's say my Virtual Box is located on an encrypted volume, so whatever happens inside the virtualbox is secure.
Let's assume there are no viruses, keyloggers, or trojans on my host system.

My question is, given the above scenario, is it possible that some of the data I'm working on inside the Virtual box, will leak
onto the host hard drive ? Specifically, is it possible that Windows will swap out the RAM used by the virtualbox into the swap file, thereby creating an unencrypted copy of the data on the host hard drive ?
I assume this would in fact happen if I hibernate the system, but could it happen without hibernation also ?

Thanks very much.

[scottgus1]

First, anything's possible.
But I do seem to recall that Virtualbox under normal uses takes a monolithic block of memory on the host for use by the guest, and doesn't swap memory pages on and off the host hard drive during operation. Any memory swapping done by the guest goes between its allocated block of memory and the swap file on its own virtual drive file, which is all in the guest, not the host. If you save-state the guest, though, then the guest's memory contents get stored on the host hard drive in the Virtualbox format, which I highly doubt is encrypted.
You mention that your guest is on an encrypted volume. If that is encryption within the guest OS, then your data is probably safe when the guest is shut down fully, not save-stated. But if the encypted volume is the host's physical hard drive and the encryption service runs on the host, then the data in the guest's virtual drive file is not safe from prying processes while the host is running. The data would be accessible by any program on the host able to open and read the virtual drive file, like hex editors. You would need to have a guest OS capable of encryption, so your guest would encrypt its own data while it writes to its virtual drive file, making it look scrambled to host programs. Virtualbox would be fine, not caring about what data the guest OS writes.

[sabrina112]

Ok, thanks a lot, great info there, I actually have the virtualbox on a truecrypt volume, so that part should be ok,
can anyone confirm for certain that the host OS (Windows 8 ) will not page out the memory allocated to the guest machine into the host paging file ?
This is the only remaining question.

Thanks

[noteirak]

I can confirm it won't swap on the paging file. It will remain in RAM always.