Security through virtualisation

[ronjor]

Quote:

A separate virtual system for every task -- that's the basic formula of Qubes' security concept. Qubes, a new operating system presented by Joanna Rutkowska, plans to limit any damage malicious software might do; so even if the game just tested turns out to be a trojan or an attacker is exploiting a WiFi driver bug, our online banking credentials are not at risk. They are safely stored in the banking VM, which runs nothing but online banking.

The H Security

[s23]

Wow GREAT!!!... this is the type of thing we need... Innovation...

Slow and memory hog....
Will never consider for evryday use...

http://qubes-os.org/Screenshots.html

Quote:

A user started Firefox in the “random” AppVM. As this was the first time an app from this AppVM was run, Qubes also took care about starting the “random” AppVM automatically (this introduces some 15-30 sec delay, typically).

15-30 sec delay?

Quote:

Qubes uses very light weight VMs and allows to run many at the same time even on machines with small amount of DRAM memory. A typical AppVM consumes 400MB of RAM, and still can run Firefox, Thunderbird, and Open Office at the same time. This is possible, because there isn’t any desktop environment running in an AppVM, like KDE or GNOME, and only very small X server with a dummy driver.

400 MB added RAM for each AppVM...
wait, what about CPU usage?

And it's based on Linux... What is the need for paranoia like this at this point?

Quote:

How about running applications like games that required 3D support.
Those won’t fly. We do not provide OpenGL virtualization for AppVMs. This is mostly a security decision, as implementing such feature would most likely introduce lots of complexity to the GUI virtualization infrastructure.

One more BIG drawback for me not to use it...

[lotuseclat79]

Thanks for the post Ron!

-- Tom

[ronjor]

Sure thing! We'll have to see how this goes.

Quote:

Originally Posted by Jav

And it's based on Linux... What is the need for paranoia like this at this point?

Well, Rutkowska is a high profile target, and one of her Linux servers was IIRC hacked not long ago...

(Keep in mind too that although Linux is fairly safe on the desktop, on the server it's a whole other matter. Desktops don't deliberately keep ports open. Servers do. That alone makes a huge difference.)

Quote:

Originally Posted by Gullible Jones

Well, Rutkowska is a high profile target, and one of her Linux servers was IIRC hacked not long ago...

(Keep in mind too that although Linux is fairly safe on the desktop, on the server it's a whole other matter. Desktops don't deliberately keep ports open. Servers do. That alone makes a huge difference.)

Yes, I do understand that Linux isn't perfect.
And that it's is has the same chanced to be exploited as any other OS (including windows) if specially targeted.

But I mean, if targeted....

And as far I can see this project is meant more Personal use Computers then servers...

Anyway, yeah. It's great security.
But for personal use it's misery.

By the way, thank you for article!

[lotuseclat79]

For comparison purposes, here is a link to another so-called Secure Operating System effort:

Battling Botnets With An Awesome OS.

I would ignore the Awesome part ot the title of the article (the original author? must have gotten carried away) which should have been more properly stated as "Secure" at this point.

Quote:

Despite security software, patches and updates, your computer remains threatened by attack and takeover from hackers and cyber-criminals who will turn your PC into their networked robot -- or "bot" -- creating mischief to mayhem by everything from spreading spam to looting bank accounts.

Their goal is "to learn what a security OS looks like", and IMHO it should look like what QubesOS architecture is planning, however, they are planning to run Ethos on a computer that runs "virtual machines" - which sounds similar to QubesOS.

-- Tom

[CloneRanger]

Here's another contender KNOS http://www.broadbandreports.com/forum/remark,23200191 Looks more user friendly than Qubes

[chronomatic]

She is reinventing the wheel. There has already been a lot of research in this area and there is even a formally verified microkernel out there. There are also other projects that look promising when it comes to secure OS's.

[Rasheed187]

Well, it´s a nice and very interesting project, but we all know that this OS is never going to be able to replace Windows, so we need this kind of technology in the Windows OS. But that is also not going to happen anytime soon, because it´s too difficult (too much work) and costly to rewrite most of the OS. I still hope that M$ will implement OS level virtualization (container-based virtualization) into Windows 8, that´s our best bet right now.

http://en.wikipedia.org/wiki/Operati...virtualization

[wearetheborg]

Joanna Rutkowska: http://farm2.static.flickr.com/1106/...fccc3544c1.jpg

There must be a simpler solution than this. Something like LUA, but with the LUAs running in parallel in a same "mega LUA session". It would be like running VMs in parallel:
http://www.wilderssecurity.com/showthread.php?t=249990

So that I can update each LUA by doing a single update on the system, but any infection on an LUA does not get to the main system.

[chronomatic]

Quote:

Originally Posted by lotuseclat79

For comparison purposes, here is a link to another so-called Secure Operating System effort:

Battling Botnets With An Awesome OS.

I would ignore the Awesome part ot the title of the article (the original author? must have gotten carried away) which should have been more properly stated as "Secure" at this point.



Their goal is "to learn what a security OS looks like", and IMHO it should look like what QubesOS architecture is planning, however, they are planning to run Ethos on a computer that runs "virtual machines" - which sounds similar to QubesOS.

-- Tom

And here is another much older project that is my favorite in the genre of security focused OS's. I like Coyotos because it inherits 30 years of research into the design of secure OS's and because its authors are creating a formally verifiable programming language to write the OS in. Most modern OS's are written in C, which is about the worst language for security focused programming.

EDIT: I see this thread was brought from the dead and I have already responded in the past. Oh well, I think my above comments are still relevant.

chronomatic I don't think you entirely understand the scope of this project.
This is not an attempt to create a "perfect" secure OS like the "research OSs" you linked to. This is simply of the shelf software combined to offer a solution you can use today, on whatever hardware you have available and where you can install thousands of different programs. Can any of those projects do that?

Therefore:

Quote:

Originally Posted by s23

Wow GREAT!!!... this is the type of thing we need... Innovation...

No, sadly not innovative, not even slightly. Actually this concept is at least 4 decades old...

[chronomatic]

Quote:

Originally Posted by katio

chronomatic I don't think you entirely understand the scope of this project.
This is not an attempt to create a "perfect" secure OS like the "research OSs" you linked to. This is simply of the shelf software combined to offer a solution you can use today, on whatever hardware you have available and where you can install thousands of different programs. Can any of those projects do that?

Yes, I understand her intentions, but I see little need for it since most Windows users would eliminate 99% of security issues by moving to "regular" Linux or BSD. There is no need for all the virtualization. Just run Fedora with SELinux or Hardened Gentoo with PaX/Grsec or even TrustedBSD. All are much faster and about as secure. I think Joanna just likes her name to be out there. It's a form of self-promotion -- "Look, I have invented an OS, yippie." I don't mind looking at her though, I have to admit.

Quote:

Originally Posted by chronomatic

Yes, I understand her intentions, but I see little need for it since most Windows users would eliminate 99% of security issues by moving to "regular" Linux or BSD.

I don't think so. The larger part of those 99% real world security issues is because of PEBKAC.
On a strictly technological level Windows with HIPS, Applocker, Sanbox and/or similar and *NIX with a well configured security framework (=not default settings ) aren't far apart. I'd say adequate for the current threat level but far from perfect. However that's more of an academical discussion and doesn't translate into the real world.
Want to eliminate 99%? Don't give a user access to "his" system. Something like ToyOS, I mean iOS comes closer to that reality...

[wearetheborg]

Quote:

Originally Posted by katio

I don't think so. The larger part of those 99% real world security issues is because of PEBKAC.

What is PEBKAC?

http://www.urbandictionary.com/define.php?term=PEBKAC