On 05/21/2017 02:34 PM, xet7 wrote: > Can anvil kernel module protections for rowhammer be added to Qubes? > > https://news.ycombinator.com/item?id=12822490 > So I've skimmed through the whitepaper (https://iss.oy.ne.ro/ANVIL.pdf) and because it says that it uses hardware performance counters to detect rowhammer attacks, and while it probably works properly on a bare-metal system, I can't tell if this is something that can only be used in dom0 or if it can actually be used in VMs as well (or if it'll work properly at all in a Xen-based system).
But let's assume for a moment that it would work properly in Qubes. With the Qubes security model, what are the most likely places to get hit by a rowhammer attack that might benefit from something like Anvil? I would assume sys-net is a prime candidate. Maybe even sys-firewall? But what is the likelihood or in what circumstances would an AppVM behind a sys-firewall be subjected to a rowhammer assault? Is this the sort of thing an attacker would need remote access to in order to exploit? Or is it something that can run on its own autonomously? Clearly, I don't know much about how rowhammer would be used in a real-world attack scenario, LOL. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oftiqa%243qk%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
