[Whonix-devel] DRAMA countermeasures
bancfc at openmailbox.org
bancfc at openmailbox.org
Tue Aug 23 01:34:42 CEST 2016
Whonix developer here. (Whonix is a VM based Tor centric OS - same class
as TAILS)
Very neat attack. We are looking at the options for countermeasures.[1]
Please feel free to correct me, the options are:
* Running stress-m2 in parallel
* NUMA with non-interleaved memory combined with CPU pinning
I prefer option two because its less resource intensive. However most
commodity (non-server) PCs have only a single NUMA node. Can this be
used meaningfully to prevent this attack?
You don't have to but I'd appreciate if you give an example Libvirt
config [2] (for a system with 4 pCPUs one NUMA node) that defends
against DRAMA successfully.
Thanks.
***
[1] https://phabricator.whonix.org/T541
[2] https://libvirt.org/formatdomain.html#elementsNUMATuning
***
Replies to this message will also be visible on our developer mailing
list for the benefit of our devs and users.
More information about the Whonix-devel
mailing list