Would my hypothetical Opsec setup with the goal of compartmentalizing sensitive areas from an insecure sandbox be sensible?
The root cause of my problem stems from the fact that I need to run untrustworthy software on a bare metal windows machine, which means that I can't just have it in a VM because of major performance hits which make the software unusable.
At the same time I need to have some kind of secured area (namely VM) where I have sensitive data and safe software running in a way where I can be absolutely sure that the host machine does not have any way to access it. The sensitive part of my system does not require bare metal perfomance neither Windows as its OS, although it needs to have a safe way to transfer data between unsafe bare metal <> secured area.
I realize that simply having 2 seperate physical machines would solve this but my workstation is a Intel 12900kh/128GB DDR5 RAM/RTX 2080 which i specifically purchased with the intention of designing a setup where this is possible.
I feel rather stumped with this issue because I'm not completely sure if the simplest solution that comes to mind is actually safe and works. How would you approach this?
