Qubes OS bakes in virty system-level security

Blue Pill creator stacks multiple sandboxed VMs

The Essential Guide to IT Transformation

Invisible Things Lab (ITL), a group of security researchers based in Warsaw, Poland, has announced Qubes 1.0, the first production release of a new desktop operating system designed to provide unprecedented security through the pervasive use of virtualization.

"Unfortunately, contrary to common belief, there are no general purpose, desktop OSes, that would be formally proven to be secure," ITL founder and CEO Joanna Rutkowska wrote in a blog post announcing the release on Monday. "At the very best," she said, "there are some parts that are formally verified, such as some microkernels, but not whole OSes."

To help rectify that situation, Rutkowska and her team built Qubes, an OS that uses virtual machines (VMs) to isolate sensitive applications and their data from parts of the system that may be vulnerable to compromise.

Qubes wasn't written from scratch, but instead draws upon existing open source components, although it uses them in new ways. At its heart is the Xen hypervisor, which it uses to create and manage the various VMs that form its security model.

In Qubes, users can create as many VMs – also known as domains – as they want, and assign them varying security levels based on the sensitivity of the applications and data they will be using in them. For example, one user might decide to create "home", "work", "banking", and "shopping" domains, each shielded from the others and each with its own security policies.

Below all of these application domains, Qubes maintains a separate administrative domain that provides a common GUI for all of the running applications. No matter which domains the various applications might be running under, they can all share the desktop on the same screen, and share the same input devices.

Screenshot showing Qubes OS VMs running at various security levels

A Qubes desktop running VMs at various security levels marked green, yellow, and red (click to enlarge)

That doesn't mean they can share data, however. The user has ultimate control over which files and other data can pass between which domains. Even operations as simple as cut-and-paste between domains aren't allowed without explicit user approval.

Qubes can also enforce network policies for each domain, both to prevent unwanted network activity by malware and to block commonplace user mistakes. For example, a user might configure Qubes so that only a web browser running in the banking domain can access online banking sites, while browsers running in other domains are blocked from those sites.

Qubes can even create "disposable VMs" for one-time actions that could compromise security even though they would ordinarily be allowed. For example, a user could choose to open a PDF file from a suspicious source in a disposable VM, minimizing the potential damage it could cause if the file contained exploit code.

Rutkowska cautions that, particularly in this early phase, Qubes shouldn't be considered a "safe" OS, but rather a "reasonably secure" one. That's because despite all of the layers of security built into the Qubes security model, the security it provides is not automatic. Instead, it relies on the user to make decisions, which Rutkowska admits won't be the right approach for everyone.

"This provides for great flexibility for more advanced users," she writes, "but the price to pay is that Qubes OS requires some skills and thinking to actually make the user's data more secure."

Rutkowska also warns that there may yet be bugs in the Qubes code that could be used to compromise its security model. She should know. In 2006, she made a name for herself in the security community by creating Blue Pill, a rootkit based on the hardware virtualization support features found in modern AMD and Intel processors.

Users who would like to try out the new OS can do so by downloading an ISO and following the instructions on the Qubes website. For those who would like to try to crack Qubes' security, on the other hand, Rutkowska says bring it on. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.