[Whonix-devel] DRAMA countermeasures

• Previous message: [Whonix-devel] #19959 [Core Tor/Tor]: have a flag for Tor relay location, if a relay is hosted in a data center, cloud or physically secured
• Next message: [Whonix-devel] DRAMA countermeasures
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Whonix developer here. (Whonix is a VM based Tor centric OS - same class 
as TAILS)

Very neat attack. We are looking at the options for countermeasures.[1]

Please feel free to correct me, the options are:

* Running stress-m2 in parallel

* NUMA with non-interleaved memory combined with CPU pinning


I prefer option two because its less resource intensive. However most 
commodity (non-server) PCs have only a single NUMA node. Can this be 
used meaningfully to prevent this attack?


You don't have to but I'd appreciate if you give an example Libvirt 
config [2] (for a system with 4 pCPUs one NUMA node) that defends 
against DRAMA successfully.

Thanks.

***

[1] https://phabricator.whonix.org/T541
[2] https://libvirt.org/formatdomain.html#elementsNUMATuning


***

Replies to this message will also be visible on our developer mailing 
list for the benefit of our devs and users.

• Previous message: [Whonix-devel] #19959 [Core Tor/Tor]: have a flag for Tor relay location, if a relay is hosted in a data center, cloud or physically secured
• Next message: [Whonix-devel] DRAMA countermeasures
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]