Security through virtualisation

Discussion in 'other security issues & news' started by ronjor, Apr 7, 2010.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    The H Security
     
  2. s23

    s23 Registered Member

    Joined:
    Feb 22, 2009
    Posts:
    263
    Wow GREAT!!!... this is the type of thing we need... Innovation...
     
  3. Jav

    Jav Guest

    Slow and memory hog....
    Will never consider for evryday use... :doubt:

    http://qubes-os.org/Screenshots.html
    15-30 sec delay?

    400 MB added RAM for each AppVM...
    wait, what about CPU usage?

    And it's based on Linux... What is the need for paranoia like this at this point?
    One more BIG drawback for me not to use it...
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Thanks for the post Ron!

    -- Tom
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Sure thing! :) We'll have to see how this goes.
     
  6. Well, Rutkowska is a high profile target, and one of her Linux servers was IIRC hacked not long ago...

    (Keep in mind too that although Linux is fairly safe on the desktop, on the server it's a whole other matter. Desktops don't deliberately keep ports open. Servers do. That alone makes a huge difference.)
     
  7. Jav

    Jav Guest

    Yes, I do understand that Linux isn't perfect.
    And that it's is has the same chanced to be exploited as any other OS (including windows) if specially targeted.

    But I mean, if targeted....

    And as far I can see this project is meant more Personal use Computers then servers...

    Anyway, yeah. It's great security.
    But for personal use it's misery.

    By the way, thank you for article! :)
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    For comparison purposes, here is a link to another so-called Secure Operating System effort:

    Battling Botnets With An Awesome OS.

    I would ignore the Awesome part ot the title of the article (the original author? must have gotten carried away) which should have been more properly stated as "Secure" at this point.

    Their goal is "to learn what a security OS looks like", and IMHO it should look like what QubesOS architecture is planning, however, they are planning to run Ethos on a computer that runs "virtual machines" - which sounds similar to QubesOS.

    -- Tom
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  10. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    She is reinventing the wheel. There has already been a lot of research in this area and there is even a formally verified microkernel out there. There are also other projects that look promising when it comes to secure OS's.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well, it´s a nice and very interesting project, but we all know that this OS is never going to be able to replace Windows, so we need this kind of technology in the Windows OS. But that is also not going to happen anytime soon, because it´s too difficult (too much work) and costly to rewrite most of the OS. I still hope that M$ will implement OS level virtualization (container-based virtualization) into Windows 8, that´s our best bet right now. :)

    http://en.wikipedia.org/wiki/Operating_system-level_virtualization
     
  12. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
  13. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    And here is another much older project that is my favorite in the genre of security focused OS's. I like Coyotos because it inherits 30 years of research into the design of secure OS's and because its authors are creating a formally verifiable programming language to write the OS in. Most modern OS's are written in C, which is about the worst language for security focused programming.

    EDIT: I see this thread was brought from the dead and I have already responded in the past. Oh well, I think my above comments are still relevant.
     
  14. katio

    katio Guest

    chronomatic I don't think you entirely understand the scope of this project.
    This is not an attempt to create a "perfect" secure OS like the "research OSs" you linked to. This is simply of the shelf software combined to offer a solution you can use today, on whatever hardware you have available and where you can install thousands of different programs. Can any of those projects do that?

    Therefore:
    No, sadly not innovative, not even slightly. Actually this concept is at least 4 decades old...
     
  15. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Yes, I understand her intentions, but I see little need for it since most Windows users would eliminate 99% of security issues by moving to "regular" Linux or BSD. There is no need for all the virtualization. Just run Fedora with SELinux or Hardened Gentoo with PaX/Grsec or even TrustedBSD. All are much faster and about as secure. I think Joanna just likes her name to be out there. It's a form of self-promotion -- "Look, I have invented an OS, yippie." I don't mind looking at her though, I have to admit. ;)
     
  16. katio

    katio Guest

    I don't think so. The larger part of those 99% real world security issues is because of PEBKAC.
    On a strictly technological level Windows with HIPS, Applocker, Sanbox and/or similar and *NIX with a well configured security framework (=not default settings ;)) aren't far apart. I'd say adequate for the current threat level but far from perfect. However that's more of an academical discussion and doesn't translate into the real world.
    Want to eliminate 99%? Don't give a user access to "his" system. Something like ToyOS, I mean iOS comes closer to that reality...
     
  17. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    What is PEBKAC?
     
  18. katio

    katio Guest

Loading...
Thread Status:
Not open for further replies.