Page MenuHomePhabricator
Create Task
Maniphest T440

set random clock offset for Qubes-Whonix VMs using mgmt to prevent clock correlation attacks
Open, NormalPublic
Actions

Description

Edit the VM xml and change:

<clock offset='utc'>

to

<clock offset='variable' adjustment='123456' basis='utc'>

The adjustment attribute takes any arbitrary value of seconds. Pick a random number of seconds from 0 to 900 (15 minute range). Let's see if also negative values are possible. I.e. a random number between + and - 900.

Why?
preventing Clock Correlation Attacks

Related to:
make sure Qubes-Whonix has no access to clocksource=xen (T389)

Related Qubes upstream bug:
libvirt domain validation error; virsh edit issue

Details

Impact
High

Related Objects

Event Timeline

Patrick created this task.Nov 25 2015, 6:10 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: Whonix, Qubes, security, research, Whonix 13, mgmt.
Patrick set Impact to High.
Patrick added subscribers: Patrick, marmarek, nrgaway.
Herald added subscribers: WhonixQubes, troubadour. · View Herald TranscriptNov 25 2015, 6:10 PM
Patrick removed a project: Whonix 13.Mar 22 2016, 10:42 AM

Looks like unsupported by xen. Therefore cannot be implemented.

T389#8142

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer