Whonix ™ for Cloud
< Dev
Jump to navigation
Jump to search
Whonix ™ in the cloud - Development Considerations
Virtualization Technology[edit]
- docker based or KVM based?
Build Script TODO[edit]
- If docker based:
- create a docker filesystem tar.xz
- dockerfile Whonix-Gateway
- dockerfile Whonix-Workstation
- docker virtual internal networking
- If kubernetes based:
- kubernetes pod yaml
- internal networking?
Misc TODO[edit]
- preseed Anon Connection Wizard for non-interactive mode
- systemcheck fixes to support new virtualizer
- leak testing
- static networking vs DHCP
- DHCP
- needed?
- outside?
- find a security review contractor
- create a cloud-support package which contains cloud specific configuration tweaks
Cloud TODO[edit]
- cloud interface switch network button
- cloud interface different speed / anonymity choices
- kubernetes switch network
Anonymizer[edit]
- Working codenames:
- Default Tor (just "normal" Tor)
- Fast Tor (
- Own Tor (self-hosted Tor network)
- How to stop freeloaders?
- Why Tor?
- Tor supports transparent proxying
- supports nodes config
legal documents[edit]
- Existing documents can be re-used.
Sponsorship[edit]
- honest documentation in the usual style what if xyz how secure, less secure, more secure, etc.
- homepage, Download page gets a
cloud
button - main sponsor
- reputation instead of hand waving
- continuous support for future version support
- cooperation agreement
- oversight
- access to developers
- access to tickets
- advisory
- monitor and confirmation of progress
Secure Cloud Hardware TODO Research List[edit]
RAM Encryption[edit]
- PrivateCore
- Microsoft
- https://learn.microsoft.com/en-us/windows/security/information-protection/pluton/microsoft-pluton-security-processor
- https://azure.microsoft.com/en-us/products/key-vault/
- https://azure.microsoft.com/en-us/solutions/confidential-compute/#solution-architectures
- https://www.microsoft.com/en-us/research/project/microsoft-seal/
- https://learn.microsoft.com/en-us/windows/security/information-protection/pluton/microsoft-pluton-security-processor
- raptorengineering
- https://www.raptorengineering.com/TALOS/documentation/integrimon_intro.pdf
- https://www.raptorengineering.com/TALOS/security_features.php
- https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-1
- https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/talos-fpga-functions-and-responsibilities-part-2
- https://www.integricloud.com/
- https://www.raptorengineering.com/TALOS/documentation/integrimon_intro.pdf
- HashiCorp
- thales
- AWS
- https://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol
- KVM
- pKVM - protected KVM