[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Review request: TorVM implementation in Qubes OS
Abel Luck:
> adrelanos:
>> Hi,
>>
>> Is it Amnesic or can it be made Amnesic?
>>
>> Or in other words.... Can you be sure, that after deleting (or wiping)
>> the torified AppVM no activity can not be reconstructed with local disk
>> forensics? Could the torified AppVM be securely wiped without any
>> leftovers? (Leftovers such as swap, or what else?)
>
> Regarding deletion of the VM: I was under the impression secure deletion
> was not possible on modern SSDs.
>
> On the other hand, it should be possible to create an AppVM whose
> writeable diskspace lies in enitrely in RAM. I'll investigate this.
This already exists! In Qubes the DisposableVM is RAM only by default.
>
>>
>> Is Tor's data directory persistent, i.e. does it use Entry Guards?
>>
> I've not configured this explicitly, do you have any suggestions?
> Here's the tor config:
>
> https://github.com/abeluck/qubes-addons/blob/master/qubes-tor/start_tor_proxy.sh
>
>> Are hardware serials, such as BIOS DMI information, hdd serials etc.
>> hidden? (For a more comprehensive list of hardware serials and how to
>> test if them are visible, you could check Whonix less important
>> protected identifies as reference. [1])
>>
> I'm fairly certain this is the case, seeing as how these are all VMs
> (xen is the hypervisor), but I've not verifier the hunch so I can't make
> this claim
>
> Hm, if you use the Qubes feature that lets you assign PCI (or USB)
> devices to a VM, then obviously, no.
>
> Thanks for the link, I'll investigate some more.
>
>> Cheers,
>> adrelanos
>>
>> [1]
>> https://sourceforge.net/p/whonix/wiki/Security/#less-important-identifies
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk