Security researcher Joanna Rutkowska of
Blue Pill fame is back with a new project.
Qubes OS is a system that proposes an interesting approach to security:
- Applications HAVE and WILL HAVE security flaws.
- The holes eventually WILL be exploited.
- The best we can do is isolate, so an intruder won't get access to all the data.
This is already done in the server world. Nobody runs an all-purpose server if one can avoid it, dividing between multiple machines (physical or virtual) makes life easier. It doesn't work that well on the desktop.
Let's say you use Firefox for your casual browsing. Even if you are cautious and use a non-Windows OS, you can't completely rule out a possibility to get it infected with malware. Then you use the same browser for online shopping or banking. Next day you notice your money was transfered to a Nigerian bank. How about using another browser for banking? Better, but not 100% proof. Another process can still read or alter other app's data. OK than, another browser from a different user account? Much better, now you're safe... unless an intruder already got a root access.
VMs add another layer of security at the same time adding complexity. I admit I considered using this approach on my personal machine. To have my data and important apps on one VM, use another for potentialy dangerous activities (that includes web browsing, email and pretty much anything that has to do with network or removable media) and another for high-security stuff. But it'd be too much hassle. Say I found a PDF document I'd like to keep. I'm supposed to open it on a "dangerous" VM, see if it's OK (how can I be sure anyway?), then move it to a "work" VM. How long before I do something in a wrong VM, either by mistake or out of laziness? And how long it'd take me to setup such system anyway?
Here's how Qube OS does it (or aims to do - it's an early development release and some of the features are only planned). Lightweight Xen-based VMs are spawned transparently. They all run an X server but without any desktop environment. Only one privileged VM runs a desktop environment. All VMs share the same screen, start menu, system tray etc. With one click, you start a Firefox in a "work", "banking" or "personal" VM, their windows are distinguished by a coloured border. Networking stack runs in another, unprivileged VM. Yet another one, not connected to a network, is a secure storage. You can copy/paste text and copy files between VMs, but it requires confirmation and can only be initiated from a priviliged VM. The VMs share system files, so you upgrade all of them at once.
That takes away about 90% of the hassle. The remaining 10% is still too much for the average user. But if your security requirements are higher than average, Qube OS is worth a look. A modern CPU with VT-d and IOMMU is required to use all features and you'll need plenty of RAM.
If you think it's too complicated and decide to stay with one machine for everything, just use a separate browser for banking. Please.
See also:
article on virtualization.info
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=a967ecf3-2c00-4bd9-ad70-1d9f98890c5f)
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=dedf00a1-24ef-4026-9ada-cec5f6ebe1de)
Posts
