[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hidden service: Is it possible for an attacker to break out of a VM?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Hidden service: Is it possible for an attacker to break out of a VM?
From: "Thomas S. Benjamin" <tomb@xxxxxxx>
Date: Thu, 7 Oct 2010 18:07:45 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 07 Oct 2010 19:07:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; bh=DhBHHjMtExZlCvTBiPd1z8QlKi21SVHmjuf1NLZzJ24=; b=rMk1uCeXDwigmVBhvIXCXwJvPzUr16zRfi0o+W0m5GMfrlQ82DA9OsxN8KY1UCuygN BPzmWJJEHTY8QUY0P5xCJFw9sMTDbyZlyCMHPIAgK5ocikPAoaEB6HB2rJ+R5xgXsXlK GZnfmBGLLRBJGsJ7Zkno5vpSzIF+qF1SpurOE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=qAYJRJ3RvSRq2II8v/476NjktolzpwLKkXJ6aIN8MkklFntQjn57hhSULxyjzKkjVe qtoiv4CWdN6nhxUDeBzWN6u2pgfqyHryAU35COKv8xl5HuN3VOeMTTn4ag5jTW5lGpyO QMyAmIlKLBBoiB0d06VHen9KvyPoPB8lFSTg0=
In-reply-to: <N1-p1MKZWeDuD@xxxxxxxxxxxxx>
References: <N1-p1MKZWeDuD@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Hikki,

From a defense in depth point of view it can help to use a VM.  It is
not impossible for an adversary to  break out of a VM, but if you are
using a good VM it will at least require a pretty sophisticated
attacker.  I would say that using a VM would increase the security of
your hidden service.

On Thu, Oct 7, 2010 at 5:12 PM,  <hikki@xxxxxxxxxxxxx> wrote:
> The title says it all:
>
> Several people recommend running a hidden service from within a VM,
> to prevent attackers from doing side channel attacks and reading off your
> hardware components and serial numbers.
>
> Then I heard that attackers can actually break out of VM's if they get root
> access on it due to a successful attack.
>
> I just want your opinions on that one, thanks!
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>



-- 
Sincerely Yours,
              ---Thomas S. Benjamin
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- Hidden service: Is it possible for an attacker to break out of a VM?
  - From: hikki

Prev by Author: What about private & Public Keys
Next by Author: Re: Full bandwidth is not used.
Previous by thread: Hidden service: Is it possible for an attacker to break out of a VM?
Next by thread: Re: Hidden service: Is it possible for an attacker to break out of a VM?
Index(es):
- Author
- Thread