[Whonix-devel] DRAMA countermeasures

bancfc at openmailbox.org bancfc at openmailbox.org
Tue Aug 23 01:34:42 CEST 2016

Whonix developer here. (Whonix is a VM based Tor centric OS - same class 

Very neat attack. We are looking at the options for countermeasures.[1]

Please feel free to correct me, the options are:

* Running stress-m2 in parallel

* NUMA with non-interleaved memory combined with CPU pinning

I prefer option two because its less resource intensive. However most 
commodity (non-server) PCs have only a single NUMA node. Can this be 
used meaningfully to prevent this attack?

You don't have to but I'd appreciate if you give an example Libvirt 
config [2] (for a system with 4 pCPUs one NUMA node) that defends 
against DRAMA successfully.



[1] https://phabricator.whonix.org/T541
[2] https://libvirt.org/formatdomain.html#elementsNUMATuning


Replies to this message will also be visible on our developer mailing 
list for the benefit of our devs and users.

More information about the Whonix-devel mailing list