Feeds

Qubes OS bakes in virty system-level security

Blue Pill creator stacks multiple sandboxed VMs

Using blade systems to cut costs and sharpen efficiencies

Invisible Things Lab (ITL), a group of security researchers based in Warsaw, Poland, has announced Qubes 1.0, the first production release of a new desktop operating system designed to provide unprecedented security through the pervasive use of virtualization.

"Unfortunately, contrary to common belief, there are no general purpose, desktop OSes, that would be formally proven to be secure," ITL founder and CEO Joanna Rutkowska wrote in a blog post announcing the release on Monday. "At the very best," she said, "there are some parts that are formally verified, such as some microkernels, but not whole OSes."

To help rectify that situation, Rutkowska and her team built Qubes, an OS that uses virtual machines (VMs) to isolate sensitive applications and their data from parts of the system that may be vulnerable to compromise.

Qubes wasn't written from scratch, but instead draws upon existing open source components, although it uses them in new ways. At its heart is the Xen hypervisor, which it uses to create and manage the various VMs that form its security model.

In Qubes, users can create as many VMs – also known as domains – as they want, and assign them varying security levels based on the sensitivity of the applications and data they will be using in them. For example, one user might decide to create "home", "work", "banking", and "shopping" domains, each shielded from the others and each with its own security policies.

Below all of these application domains, Qubes maintains a separate administrative domain that provides a common GUI for all of the running applications. No matter which domains the various applications might be running under, they can all share the desktop on the same screen, and share the same input devices.

Screenshot showing Qubes OS VMs running at various security levels

A Qubes desktop running VMs at various security levels marked green, yellow, and red (click to enlarge)

That doesn't mean they can share data, however. The user has ultimate control over which files and other data can pass between which domains. Even operations as simple as cut-and-paste between domains aren't allowed without explicit user approval.

Qubes can also enforce network policies for each domain, both to prevent unwanted network activity by malware and to block commonplace user mistakes. For example, a user might configure Qubes so that only a web browser running in the banking domain can access online banking sites, while browsers running in other domains are blocked from those sites.

Qubes can even create "disposable VMs" for one-time actions that could compromise security even though they would ordinarily be allowed. For example, a user could choose to open a PDF file from a suspicious source in a disposable VM, minimizing the potential damage it could cause if the file contained exploit code.

Rutkowska cautions that, particularly in this early phase, Qubes shouldn't be considered a "safe" OS, but rather a "reasonably secure" one. That's because despite all of the layers of security built into the Qubes security model, the security it provides is not automatic. Instead, it relies on the user to make decisions, which Rutkowska admits won't be the right approach for everyone.

"This provides for great flexibility for more advanced users," she writes, "but the price to pay is that Qubes OS requires some skills and thinking to actually make the user's data more secure."

Rutkowska also warns that there may yet be bugs in the Qubes code that could be used to compromise its security model. She should know. In 2006, she made a name for herself in the security community by creating Blue Pill, a rootkit based on the hardware virtualization support features found in modern AMD and Intel processors.

Users who would like to try out the new OS can do so by downloading an ISO and following the instructions on the Qubes website. For those who would like to try to crack Qubes' security, on the other hand, Rutkowska says bring it on. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.