[Whonix-devel] Fwd: Re: DRAMA countermeasures

bancfc at openmailbox.org bancfc at openmailbox.org
Wed Aug 24 13:33:19 CEST 2016

-------- Original Message --------
Subject: Re: DRAMA countermeasures
Date: 2016-08-23 10:12
 From: Daniel Gruss <gruss at tugraz.at>
To: bancfc at openmailbox.org, peter.pessl at iaik.tugraz.at
Cc: clementine.maurice at iaik.tugraz.at, Stefan.Mangard at iaik.tugraz.at, 
whonix-devel at whonix.org

On 23.08.2016 00:34, bancfc at openmailbox.org wrote:
> Very neat attack. We are looking at the options for countermeasures.[1]

Thank You!

> Please feel free to correct me, the options are:
> * Running stress-m2 in parallel

At least -m2, or even more, depending on the system. And I'm not 
convinced that will reliably prevent attacks. We have seen both the 
covert and side channel being able to work in the presence of some 
noise. Even if reliability goes down it might not make an attack 
impossible. And, stress -m 2 is rather expensive.

> * NUMA with non-interleaved memory combined with CPU pinning


> I prefer option two because its less resource intensive. However most
> commodity (non-server) PCs have only a single NUMA node. Can this be
> used meaningfully to prevent this attack?

Keeping tenants on different NUMA nodes with non-interleaved memory is 
effective to prevent the attack.

If the system has only a single NUMA node, it's more difficult.

> You don't have to but I'd appreciate if you give an example Libvirt
> config [2] (for a system with 4 pCPUs one NUMA node) that defends
> against DRAMA successfully.

Sorry, not much experience with libvirt ;)

Important part is that the VMs on the different CPUs cannot access 
memory of the other CPU. Then you prevent all cross-CPU DRAM attacks.

If you have any other questions, feel free to ask!


More information about the Whonix-devel mailing list