[Whonix-devel] Fwd: Re: DRAMA countermeasures

• Previous message: [Whonix-devel] Fwd: Re: DRAMA countermeasures
• Next message: [Whonix-devel] Fwd: Re: DRAMA countermeasures
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-------- Original Message --------
Subject: Re: DRAMA countermeasures
Date: 2016-08-28 10:52
 From: Daniel Gruss <gruss at tugraz.at>
To: bancfc at openmailbox.org
Cc: peter.pessl at iaik.tugraz.at, clementine.maurice at iaik.tugraz.at, 
Stefan.Mangard at iaik.tugraz.at, whonix-devel at whonix.org

On 2016-08-27 21:05, bancfc at openmailbox.org wrote:
> With KVM, CPU instructions can be masked out by QEMU and not be
> available to guests. I already blacklisted clflush some time ago. The
> different variants of the tsc instruction are not passed through by
> default either.

That sounds very interesting. How does QEMU mask out instructions when 
using KVM with hardware virtualization extensions?

> I was wondering how helpful all this is? and how much this remaining
> timer can aid attacks?

As long as the guest can have true multithreading, removing timers does 
not make any difference.
See Section 3.3 of 
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lipp.pdf 
- Moritz and Clémentine will present this at BlackHat Europe in 
November.
Even without any timers, multithreading allows to obtain a sufficiantly 
accurate timestamp.


Cheers,
Daniel

• Previous message: [Whonix-devel] Fwd: Re: DRAMA countermeasures
• Next message: [Whonix-devel] Fwd: Re: DRAMA countermeasures
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]