On 09/19/2017 02:23 PM, taii...@gmx.com wrote:> It is impossible to have storage communication between VM's, that would > be a separate security issue. > On timing attacks or w/e - you may be able to avoid cross communication > by putting every AppVM on a separate core of a many core CPU such as an > Opteron 6386 (16 cores)
Putting every AppVM on a separate core of a many core CPU could help a bit, but CPU's usually have separate L1, maybe L2 caches, but I don't know of any CPU with a non-shared-between-cores L3 cache. So basing the attack on timing the L3 cache may still work. Then, here we're going pretty far in the sophisticated tracking strategy, like “things currently being proposed at conferences,” so maybe it's out of the threat model (or maybe not, depends on your threat model). As to browser fingerprinting, I'd personally rather use a distinct distribution for the “anonymous” part, just to make timing updates (A upgraded this day and B too and all their upgrades are always on the same day that is not the one of the release of the distribution, thus A=B) harder. Then, again it's against someone specifically targeting you, I don't think qubes is widespread enough to make trackers even try to perform such deductions (yet). That said this last sentence is just gut feeling. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4de7982-66ce-f472-dc48-7c0421efe056%40gaspard.io. For more options, visit https://groups.google.com/d/optout.